• English
  • Deutsch
  • Log In
    Password Login
    Research Outputs
    Fundings & Projects
    Researchers
    Institutes
    Statistics
Repository logo
Fraunhofer-Gesellschaft
  1. Home
  2. Fraunhofer-Gesellschaft
  3. Anderes
  4. Side Channel Information Set Decoding
 
  • Details
  • Full
Options
2019
Paper (Preprint, Research Paper, Review Paper, White Paper, etc.)
Title

Side Channel Information Set Decoding

Title Supplement
Plaintext Recovery from the "Classic McEliece" Hardware Reference Implementation. Published on Cryptology ePrint Archive
Abstract
This paper presents an attack based on side-channel information and information set decoding on the Niederreiter cryptosystem and an evaluation of the practicality of the attack using a physical side channel. First, we describe a basic plaintext-recovery attack on the decryption algorithm of the Niederreiter cryptosystem. Our attack is an adaptation of the timing side-channel plaintext-recovery attack by Shoufan et al. from 2010 on the McEliece cryptosystem using the non-constant time Patterson's algorithm for decoding. We then enhance our attack by utilizing an Information Set Decoding approach to support the basic attack and we introduce column chunking to further significantly reduce the number of required side-channel measurements. Our practical evaluation of the attack targets the FPG A-implementation of the Niederreiter cryptosystem in the NIST submission ""Classic McEliece'' with a constant time decoding algorithm and is feasible for all proposed parameters sets of this submission. The attack idea is to distinguish between successful and failed error correction based on the Hamming weight of the decrypted plaintext using the electromagnetic field as side channel. We theoretically estimate that our attack improvements have a significant impact on reducing the number of required side-channel traces. We confirm our findings experimentally and run successful attacks against the ""Classic McEliece'' NIST submission parameter sets. E.g., for the 256bit-security parameter set kem/mceliece6960119 we require starting from a basic attack with 6962 traces over a plain ISD approach with 5415 traces down to on average about 606 traces to mount a successful plaintext recovery attack.
Author(s)
Lahr, Norman  
Fraunhofer-Institut für Sichere Informationstechnologie SIT  
Niederhagen, Ruben
Fraunhofer-Institut für Sichere Informationstechnologie SIT  
Petri, Richard  
Fraunhofer-Institut für Sichere Informationstechnologie SIT  
Samardjiska, Simona
Radboud Universiteit, Nijmegen, The Netherlands
Link
Link
Language
English
Fraunhofer-Institut für Sichere Informationstechnologie SIT  
Keyword(s)
  • implementation / ISD

  • reaction attack

  • SCA

  • FPGA

  • PQC

  • Niederreiter

  • Classic McEliece

  • Cookie settings
  • Imprint
  • Privacy policy
  • Api
  • Contact
© 2024