Horizontal and Vertical Side Channel Analysis of a McEliece Cryptosystem

This paper presents horizontal and vertical side channel analysis techniques for an implementation of the McEliece cryptosystem. The target of this side-channel attack is a state-of-the-art field-programmable gate array (FPGA) implementation of the efficient quasi-cyclic moderate-density parity-check McEliece decryption operation, as presented at Design, Automation and Test in Europe (DATE) 2014. The presented cryptanalysis succeeds to recover the complete secret key after a few observed decryptions. It consists of a combination of a differential leakage analysis during the syndrome computation followed by an algebraic step that exploits the relation between the public key and the private key.

[1]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[2]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[3]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[4]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[5]  Éliane Jaulmes,et al.  Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations , 2013, CT-RSA.

[6]  Tim Güneysu,et al.  Towards Side-Channel Resistant Implementations of QC-MDPC McEliece Encryption on Constrained Devices , 2014, PQCrypto.

[7]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[8]  Kazukuni Kobara,et al.  Semantic security for the McEliece cryptosystem without random oracles , 2008, Des. Codes Cryptogr..

[9]  Thomas Eisenbarth,et al.  Masking Large Keys in Hardware: A Masked Implementation of McEliece , 2015, SAC.

[10]  Erik Tews,et al.  Side Channels in the McEliece PKC , 2008, PQCrypto.

[11]  Donald E. Knuth Two notes on notation , 1992 .

[12]  Thomas Eisenbarth,et al.  Differential Power Analysis of a McEliece Cryptosystem , 2015, ACNS.

[13]  Christof Paar,et al.  Practical Power Analysis Attacks on Software Implementations of McEliece , 2010, PQCrypto.

[14]  Roberto Maria Avanzi,et al.  Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems , 2011, Journal of Cryptographic Engineering.

[15]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[16]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[17]  Jean-Charles Faugère,et al.  Folding Alternant and Goppa Codes With Non-Trivial Automorphism Groups , 2014, IEEE Transactions on Information Theory.

[18]  Tim Güneysu,et al.  Implementing QC-MDPC McEliece Encryption , 2015, ACM Trans. Embed. Comput. Syst..

[19]  Tim Güneysu,et al.  Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices , 2013, CHES.

[20]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[21]  W. Cary Huffman,et al.  Fundamentals of Error-Correcting Codes , 1975 .

[22]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[23]  Jean-Charles Faugère,et al.  Structural cryptanalysis of McEliece schemes with compact keys , 2016, Des. Codes Cryptogr..

[24]  Abdulhadi Shoufan,et al.  A Timing Attack against Patterson Algorithm in the McEliece PKC , 2009, ICISC.

[25]  Paulo S. L. M. Barreto,et al.  Scaling efficient code-based cryptosystems for embedded platforms , 2014, Journal of Cryptographic Engineering.

[26]  Tim Güneysu,et al.  Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[27]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[28]  Falko Strenzke A Timing Attack against the Secret Permutation in the McEliece PKC , 2010, PQCrypto.

[29]  Elisabeth Oswald,et al.  The Myth of Generic DPA...and the Magic of Learning , 2014, CT-RSA.

[30]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[31]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[32]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.