Differential Power Analysis of a McEliece Cryptosystem

This work presents the first differential power analysis of an implementation of the McEliece cryptosystem. Target of this side-channel attack is a state-of-the-art FPGA implementation of the efficient QC-MDPC McEliece decryption operation as presented at DATE 2014. The presented cryptanalysis succeeds to recover the complete secret key after a few observed decryptions. It consists of a combination of a differential leakage analysis during the syndrome computation followed by an algebraic step that exploits the relation between the public and private key.

[1]  Roberto Maria Avanzi,et al.  Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems , 2011, Journal of Cryptographic Engineering.

[2]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[3]  Gerhard Goos,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999, Lecture Notes in Computer Science.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[6]  Tim Güneysu,et al.  Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Tim Güneysu,et al.  Towards Side-Channel Resistant Implementations of QC-MDPC McEliece Encryption on Constrained Devices , 2014, PQCrypto.

[8]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[9]  Christof Paar,et al.  Practical Power Analysis Attacks on Software Implementations of McEliece , 2010, PQCrypto.

[10]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[11]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[12]  W. Cary Huffman,et al.  Fundamentals of Error-Correcting Codes , 1975 .

[13]  Abdulhadi Shoufan,et al.  A Timing Attack against Patterson Algorithm in the McEliece PKC , 2009, ICISC.

[14]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[15]  Kazukuni Kobara,et al.  Semantic security for the McEliece cryptosystem without random oracles , 2008, Des. Codes Cryptogr..

[16]  Jean-Charles Faugère,et al.  Folding Alternant and Goppa Codes With Non-Trivial Automorphism Groups , 2014, IEEE Transactions on Information Theory.

[17]  Paulo S. L. M. Barreto,et al.  Scaling efficient code-based cryptosystems for embedded platforms , 2014, Journal of Cryptographic Engineering.

[18]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[19]  Erik Tews,et al.  Side Channels in the McEliece PKC , 2008, PQCrypto.

[20]  Tim Güneysu,et al.  Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices , 2013, CHES.

[21]  Donald E. Knuth Two notes on notation , 1992 .

[22]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[23]  Falko Strenzke A Timing Attack against the Secret Permutation in the McEliece PKC , 2010, PQCrypto.

[24]  Elisabeth Oswald,et al.  The Myth of Generic DPA...and the Magic of Learning , 2014, CT-RSA.

[25]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[26]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[27]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[28]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[29]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[30]  Jean-Charles Faugère,et al.  Structural cryptanalysis of McEliece schemes with compact keys , 2016, Des. Codes Cryptogr..