Message-aimed side channel and fault attacks against public key cryptosystems with homomorphic properties

  • Falko StrenzkeEmail author
Regular Paper


In this work, we introduce a new timing vulnerability in the decryption operation of the McEliece cryptosystem. Furthermore, we review previously known side channel and fault attacks against the RSA and McEliece cryptosystems and analyze them with respect to their differences and similarities concerning the respective points of attack. We show that it is basically the homomorphic properties of these schemes that allow the special type of message-aimed attacks based on observing the decryption of manipulated versions of the respective ciphertext and derive an according methodology for the analysis of such schemes with respect to these attacks. Consequently, we present new side channel attacks against other public key cryptosystems with homomorphic properties and point out certain aspects that are special to the countermeasures against this type of attack.


Public key encryption Side channel attack Fault attack Homomorphic encryption Adaptively chosen ciphertext attacks 


  1. 1.
    Benaloh, J.: Dense probabilistic encryption. In: Proceedings of the Workshop on Selected Areas of Cryptography, pp. 120–128 (1994)Google Scholar
  2. 2.
    Biswas, B., Sendrier, N.: McEliece cryptosystem implementation: theory and practice. In: PQCrypto, pp. 47–62 (2008)Google Scholar
  3. 3.
    Bleichenbacher, D.: Chosen Ciphertext attacks against protocols based on the RSA Encryption Standard PKCS#1. In: CRYPTO, pp. 1–12. Springer-Verlag, London (1998)Google Scholar
  4. 4.
    Dolev D., Dwork C., Naor M.: Non-malleable cryptography. SIAM J. Comput. 3(2), 391–497 (2000)MathSciNetCrossRefGoogle Scholar
  5. 5.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Proceedings of CRYPTO 84 on Advances in cryptology, pp. 10–18. Springer-Verlag, New York (1985)Google Scholar
  6. 6.
    Engelbert D., Overbeck R., Schmidt A.: A summary of McEliece-type cryptosystems and their security. J. Math. Cryptol 1(2), 151–199 (2006)MathSciNetCrossRefGoogle Scholar
  7. 7.
    MacWilliams F.J., Sloane N.J.A.: The theory of error correcting codes. North Holland, Amsterdam (1997)Google Scholar
  8. 8.
    Goldwasser S., Micali S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Hall, C., Goldberg, I., Schneier, B.: Reaction attacks against several public-key cryptosystems. In: Proceedings of the 2nd International Conference on Information and Communications Security (ICICS’99) vol. 1726, pp. 2–12. LNCS (1999)Google Scholar
  10. 10.
    James, M.: A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS#1 v2.0. In: CRYPTO. (2001)Google Scholar
  11. 11.
    Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems—conversions for McEliece PKC. In: Practice and Theory in Public Key Cryptography—PKC ’01 Proceedings, Springer-Verlag, London (2001)Google Scholar
  12. 12.
    Kocher, P.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and Other Systems. In: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, pp. 104–113. Springer-Verlag, London (1996)Google Scholar
  13. 13.
    Kocher, P., Jaff, J., Jun, B.: Differential power analysis. In: Advances in Cryptology-CRYPTO’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, vol. 1666, pp. 388–397 (1999)Google Scholar
  14. 14.
    Mangard S., Oswald E., Popp T.: Power Analysis Attacks: Revealing the Secrets of Smard Cards. Springer, Berlin (2007)Google Scholar
  15. 15.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton. (1996)
  16. 16.
    Niederreiter H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory 15(2), 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  17. 17.
    Overbeck, R.: An analysis of side channels in the McEliece PKC. (2008)
  18. 18.
    Paillier P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. Adv. Cryptol. EUROCRYPT 99 1592, 223–238 (1999)MathSciNetGoogle Scholar
  19. 19.
    Patterson N.: Algebraic decoding of Goppa codes. IEEE Trans. Inf. Theory 21, 203–207 (1975)MathSciNetzbMATHCrossRefGoogle Scholar
  20. 20.
    Pointcheval D.: Chosen-chipertext security for any one-way cryptosystem. Proc. PKC 1751, 129–146 (2000)MathSciNetGoogle Scholar
  21. 21.
    McEliece R.J.: A public key cryptosystem based on algebraic coding theory. DSN Prog. Rep. 42–44, 114–116 (1978)Google Scholar
  22. 22.
    RSA Data Security, Redwood City, CA: PKCS#1: RSA Encryption Standard. Version 2.1 (2002)Google Scholar
  23. 23.
    RSA Laboratories, RSA Security Inc., 20 Crosby Drive, Bedford, MA 01730 USA: RSAES-OAEP Encryption Scheme (2000)Google Scholar
  24. 24.
    Shoufan A., Strenzke F., Molter H., Stöttinger M.: A timing attack against Patterson algorithm in the McEliece PKC. In: Lee, D., Hong, S. (eds) Information, Security and Cryptology - ICISC 2009, Lecture Notes in Computer Science, vol. 5984, pp. 161–175. Springer, Berlin (2009)Google Scholar
  25. 25.
    Strenzke, F.: Manger’s attack revisited. In: 12th International Conference on Information and Security on Information and Communications Security (ICICS 2010), LNCS, vol. 6476 (2010)Google Scholar
  26. 26.
    Strenzke F., Tews E., Molter H., Overbeck R., Shoufan A.: Side Channels in the McEliece PKC. In: BuchmannJ. Ding, J. (eds) Post-Quantum Cryptography, Lecture Notes in Computer Science, vol. 5299., pp. 216–229. Springer, Berlin (2008)Google Scholar
  27. 27.
    The Botan Library.

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  1. 1.Flex Secure GmbHDarmstadtGermany

Personalised recommendations