A Key-Recovery Side-Channel Attack on Classic McEliece Implementations

被引:0
作者
Guo Q. [1 ]
Johansson A. [1 ]
Johansson T. [1 ]
机构
[1] Dept. of Electrical and Information Technology, Lund University, Lund
来源
IACR Transactions on Cryptographic Hardware and Embedded Systems | 2022年 / 2022卷 / 04期
关键词
Classic McEliece; Code-based cryptography; NIST post-quantum standardization; side-channel attacks;
D O I
10.46586/tches.v2022.i4.800-827
中图分类号
学科分类号
摘要
In this paper, we propose the first key-recovery side-channel attack on Classic McEliece, a KEM finalist in the NIST Post-quantum Cryptography Standardization Project. Our novel idea is to design an attack algorithm where we submit special ciphertexts to the decryption oracle that correspond to cases of single errors. Decoding of such ciphertexts involves only a single entry in a large secret permutation, which is part of the secret key. Through an identified leakage in the additive FFT step used to evaluate the error locator polynomial, a single entry of the secret permutation can be determined. Iterating this for other entries leads to full secret key recovery. The attack is described using power analysis both on the FPGA reference implementation and a software implementation running on an ARM Cortex-M4. We use a machine-learning-based classification algorithm to determine the error locator polynomial from a single trace. The attack is fully implemented and evaluated in the Chipwhisperer framework and is successful in practice. For the smallest parameter set, it is using about 300 traces for partial key recovery and less than 800 traces for full key recovery, in the FPGA case. A similar number of traces are required for a successful attack on the ARM software implementation. © 2022, Ruhr-University of Bochum. All rights reserved.
引用
收藏
页码:800 / 827
页数:27
相关论文
共 73 条
[1]  
Melchor Carlos Aguilar, Aragon Nicolas, Bettaieb Slim, Bidoux Loic, Blazy Olivier, Deneuville Jean-Christophe, Gaborit Philippe, Persichetti Edoardo, Zemor Gilles, Bos Jurjen, (2020)
[2]  
Aragon Nicolas, Barreto Paulo, Bettaieb Slim, Bidoux Loic, Blazy Olivier, Deneuville Jean-Christophe, Gaborit Phillipe, Gueron Shay, Guneysu Tim, Melchor Carlos Aguilar, Misoczki Rafael, Persichetti Edoardo, Sendrier Nicolas, Tillich Jean-Pierre, Zemor Gilles, Vasseur Valentin, Ghosh Santosh, BIKE. Technical report, National Institute of Standards and Technology, (2020)
[3]  
Albrecht Martin R., Bernstein Daniel J., Chou Tung, Cid Carlos, Gilcher Jan, Lange Tanja, Maram Varun, von Maurich Ingo, Misoczki Rafael, Nieder-hagen Ruben, Paterson Kenneth G., Persichetti Edoardo, Peters Christiane, Schwabe Peter, Sendrier Nicolas, Szefer Jakub, Tjhai Cen Jung, Tomlinson Martin, Wang Wen, Classic McEliece, (2020)
[4]  
Azouaoui Melissa, Bronchain Olivier, Hoffmann Clement, Kuzovkova Yulia, Schneider Tobias, Standaert Francois-Xavier, Systematic study of decryption and re-encryption leakage: the case of kyber, Cryptology ePrint Archive, (2022)
[5]  
Avanzi Roberto, Hoerder Simon, Page Dan, Tunstall Michael, Side-channel attacks on the McEliece and niederreiter public-key cryptosystems, Journal of Cryptographic Engineering, 1, 4, pp. 271-281, (2011)
[6]  
Askeland Amund, Ronjom Sondre, A side-channel assisted attack on NTRU, (2021)
[7]  
Bernstein Daniel J., Chou Tung, Schwabe Peter, McBits: Fast constant-time code-based cryptography, Cryptographic Hardware and Embedded Systems – CHES 2013, volume 8086 of Lecture Notes in Computer Science, pp. 250-272, (2013)
[8]  
Bhasin Shivam, D'Anvers Jan-Pieter, Heinz Daniel, Poppelmann Thomas, Van Beirendonck Michiel, Attacking and defending masked polynomial comparison, IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, 3, pp. 334-359, (2021)
[9]  
Van Beirendonck Michiel, D'Anvers Jan-Pieter, Karmakar Angshuman, Balasch Josep, Verbauwhede Ingrid, A side-channel resistant implementation of SABER, Cryptology ePrint Archive, (2020)
[10]  
Balasch Josep, Gierlichs Benedikt, Grosso Vincent, Reparaz Oscar, Standaert Francois-Xavier, On the cost of lazy engineering for masked software implementations, Smart Card Research and Advanced Applications, pp. 64-81, (2015)
12345678