Classic McEliece

The official definition of Classic McEliece is the cryptosystem specification.

There is also a design rationale explaining the decisions that led to the specification.

Sage package

The following package presents algorithms for the Classic McEliece functions.

mceliece-sage-20221023.tar.gz browse

Unlike the specification, this package is designed to be computer-executable, making it suitable for input-output tests against implementations in a wide variety of languages. The package includes a test that regenerates the SUPERCOP checksums for each of the selected Classic McEliece parameter sets (and for the older "pc" variants with plaintext confirmation).

Subject to being computer-executable, this package is designed for the algorithms to be as readable as possible, including detailed comments matching the algorithms to the specification. Readability is not compromised for performance or side-channel protection; in particular, these algorithms are not constant-time.

This package is written on top of Sage, which is Python plus many math libraries. This package uses built-in Sage subroutines for finite fields, polynomials, and matrices. This package includes a self-contained Goppa decoder, not relying on Sage's berlekamp_massey function, and self-contained minimal-polynomial computation, not relying on Sage's minpoly function.

Version: This is version 2022.10.23 of the "Specification" web page.