Toward Secure Implementation of McEliece Decryption

We analyse the security regarding timing attacks of implementations of the decryption in McEliece PKC with binary Goppa codes. First, we review and extend the existing attacks, both on the messages and on the keys. We show that, until now, no satisfactory countermeasure could erase all the timing leakages in the Extended Euclidean Algorithm EEA step. Then, we describe a version of the EEA never used for McEliece so far. It uses a constant number of operations for given public parameters. In particular, the operation flow does not depend on the input of the decryption, and thus closes all previous timing attacks. We end up with what should become a central tool toward a secure implementation of McEliece decryption.

[1]  Bhaskar Biswas Implementational aspects of code-based cryptography. (Aspects de mise en oeuvre de la cryptographie basée sur les codes) , 2010 .

[2]  Stephen B. Wicker,et al.  Reed-Solomon Codes and Their Applications , 1999 .

[3]  Pierangela Samarati,et al.  Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. International Workshop, WISTP 2010, Passau, Germany , 2010 .

[4]  Stefan Heyse Implementation of McEliece Based on Quasi-dyadic Goppa Codes for Embedded Devices , 2011, PQCrypto.

[5]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[6]  Erik Tews,et al.  Side Channels in the McEliece PKC , 2008, PQCrypto.

[7]  Falko Strenzke A Smart Card Implementation of the McEliece PKC , 2010, WISTP.

[8]  Peter Schwabe,et al.  McBits: Fast Constant-Time Code-Based Cryptography , 2013, CHES.

[9]  Falko Strenzke Timing Attacks against the Syndrome Inversion in Code-Based Cryptosystems , 2013, PQCrypto.

[10]  Falko Strenzke A Timing Attack against the Secret Permutation in the McEliece PKC , 2010, PQCrypto.

[11]  Chee Yap,et al.  A Unified Approach to HGCD Algorithms for polynomials and integers , 1990 .

[12]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[13]  Nicolas Sendrier Code-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[14]  Abdulhadi Shoufan,et al.  A Timing Attack against Patterson Algorithm in the McEliece PKC , 2009, ICISC.

[15]  Masao Kasahara,et al.  A Method for Solving Key Equation for Decoding Goppa Codes , 1975, Inf. Control..

[16]  Naresh R. Shanbhag,et al.  High-speed architectures for Reed-Solomon decoders , 2001, IEEE Trans. Very Large Scale Integr. Syst..

[17]  Zhiyuan Yan,et al.  Modified Euclidean algorithms for decoding Reed-Solomon codes , 2009, 2009 IEEE International Symposium on Information Theory.

[18]  Abdulhadi Shoufan,et al.  A Novel Cryptoprocessor Architecture for the McEliece Public-Key Cryptosystem , 2010, IEEE Transactions on Computers.

[19]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[20]  Roberto Maria Avanzi,et al.  Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems , 2011, Journal of Cryptographic Engineering.