Differential power analysis attack on the secure bit permutation in the McEliece cryptosystem

Petrvalsky, Martin; Richmond, Tania; Drutarovský, Miloš; Cayrel, Pierre-Louis; Fischer, Viktor

doi:10.1109/radioelek.2016.7477382

Cited by 12 publications

(5 citation statements)

References 13 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper, we focus on algorithms as in Table IV called iterative conditional branching. It appears in algorithms like square-and-multiply for the modular exponentiation, its counterpart double-and-add for elliptic curve point multiplication [21], [22], or the secure bit permutation in the McEliece cryptosystem [23] attacked in [24]. It also appears naturally (Table V) when trying to turn a loop on the secret into a conditional branching depending on the secret, that can itself be balanced to remove or reduce the dependency on the secret.…”

Section: A Iterative Conditional Branchingmentioning

confidence: 99%

A Hole in the Ladder : Interleaved Variables in Iterative Conditional Branching

Marquer

Richmond

2020

2020 IEEE 27th Symposium on Computer Arithmetic (ARITH)

Self Cite

View full text Add to dashboard Cite

The modular exponentiation is crucial to the RSA cryptographic protocol, and variants inspired by the Montgomery ladder have been studied to provide more secure algorithms. In this paper, we abstract away the iterative conditional branching used in the Montgomery ladder, and formalize systems of equations necessary to obtain what we call the semi-interleaved and fully-interleaved ladder properties. In particular, we design fault-injection attacks able to obtain bits of the secret against semi-interleaved ladders, including the Montgomery ladder, but not against fully-interleaved ladders that are more secure. We also apply these equations to extend the Montgomery ladder for both the semi-and fully-interleaved cases, thus proposing novel and more secure algorithms to compute the modular exponentiation.

show abstract

Section: A Iterative Conditional Branchingmentioning

confidence: 99%

A Hole in the Ladder : Interleaved Variables in Iterative Conditional Branching

Marquer

Richmond

2020

2020 IEEE 27th Symposium on Computer Arithmetic (ARITH)

Self Cite

View full text Add to dashboard Cite

show abstract

“…[Richmond et al 2015] Experimental analysis of matrix multiplication implemented on ARM Cortex-M3 which is required for permutation matrix recovery in syndrome computation. DPA [Petrvalsky et al 2016] Experimental recovery of 64 by 64 permutation matrix from the ARM Cortex-M3.…”

Section: [Von Maurich and Güneysu 2014]mentioning

confidence: 99%

“…OTA [Huang et al 2020 The syndrome was thought to be the variable needed to be attacked, but ciphertext only directs how the syndrome is computed for the parity check matrix and does not contain the ciphertext in it. DPA attack on code-based scheme classical McEliece from [Petrvalsky et al 2016] is launched on bit permutation of ciphertext. HW model is applied to individual bits of leakage model.…”

Section: Ntru Primementioning

confidence: 99%

Physical Security in the Post-quantum Era: A Survey on Side-channel Analysis, Random Number Generators, and Physically Unclonable Functions

Chowdhury,

Covic,

Acharya

et al. 2020

Preprint

View full text Add to dashboard Cite

Over the past decades, quantum technology has seen consistent progress, with notable recent developments in the field of quantum computers. Traditionally, this trend has been primarily seen as a serious risk for cryptography; however, a positive aspect of quantum technology should also be stressed. In this regard, viewing this technology as a resource for honest parties rather than adversaries, it may enhance not only the security, but also the performance of specific cryptographic schemes. While considerable effort has been devoted to the design of quantum-resistant and quantum-enhanced schemes, little effort has been made to understanding their physical security. Physical security deals with the design and implementation of security measures fulfilling the practical requirements of cryptographic primitives, which are equally essential for classic and quantum ones. This survey aims to draw greater attention to the importance of physical security, with a focus on secure key generation and storage as well as secure execution. More specifically, the possibility of performing side-channel analysis in the quantum world is discussed and compared to attacks launched in the classic world. Besides, proposals for quantum random number generation and quantum physically unclonable functions are compared to their classic counterparts and further analyzed to give a better understanding of their features, advantages, and shortcomings. Finally, seen from these three perspectives, this survey provides an outlook for future research in this direction. CCS Concepts: • Security and privacy → Cryptanalysis and other attacks; Security in hardware; • Hardware → Integrated circuits; Quantum communication and cryptography.

show abstract

“…Heyse et al performed a simple power analysis (SPA) attack against software implementations of the original McEliece algorithm [17]. In [33] Our attack also includes solving a learning parity with noise (LPN) problem. We set up and solve a system of noisy binary linear equations to complete the key recovery.…”

Section: Qc-mdpcmentioning

confidence: 99%

A Side-Channel Assisted Cryptanalytic Attack Against QcBits

Rossi

Hamburg

Hutter

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

QcBits is a code-based public key algorithm based on a problem thought to be resistant to quantum computer attacks. It is a constanttime implementation for a quasi-cyclic moderate density parity check (QC-MDPC) Niederreiter encryption scheme, and has excellent performance and small key sizes. In this paper, we present a key recovery attack against QcBits. We first used differential power analysis (DPA) against the syndrome computation of the decoding algorithm to recover partial information about one half of the private key. We then used the recovered information to set up a system of noisy binary linear equations. Solving this system of equations gave us the entire key. Finally, we propose a simple but effective countermeasure against the power analysis used during the syndrome calculation.

show abstract

Differential power analysis attack on the secure bit permutation in the McEliece cryptosystem

Cited by 12 publications

References 13 publications

A Hole in the Ladder : Interleaved Variables in Iterative Conditional Branching

A Hole in the Ladder : Interleaved Variables in Iterative Conditional Branching

Physical Security in the Post-quantum Era: A Survey on Side-channel Analysis, Random Number Generators, and Physically Unclonable Functions

A Side-Channel Assisted Cryptanalytic Attack Against QcBits

Contact Info

Product

Resources

About