Journal of Cryptographic Engineering

, Volume 1, Issue 4, pp 271–281 | Cite as

Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems

  • Roberto AvanziEmail author
  • Simon Hoerder
  • Dan Page
  • Michael Tunstall
Regular Paper


Research within “post-quantum” cryptography has focused on development of schemes that resist quantum cryptanalysis. However, if such schemes are to be deployed, practical questions of efficiency and physical security should also be addressed; this is particularly important for embedded systems. To this end, we investigate issues relating to side-channel attack against the McEliece and Niederreiter public-key cryptosystems, for example improving those presented by Strenzke et al. (Side channels in the McEliece PKC, vol. 5299, pp. 216–229, 2008), and novel countermeasures against such attack.


Public-key cryptography McEliece Niederreiter Embedded systems Side-channel attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avanzi, R.: Another look at square roots (and other less common operations) in fields of even characteristic. In: Proceedings of SAC 2007. LNCS, vol. 4876, pp. 138–154. Springer. Berlin (2007)Google Scholar
  2. 2.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Proceedings of PQCrypto 2008. LNCS, vol. 5299, pp. 31–46, Springer, Berlin 2008. See also: Cryptology ePrint Archive, Report 2008/318 (2008).
  3. 3.
    Biswas, B., Sendrier, N.: McEliece cryptosystem implementation: theory and practice. In: Proceedings of PQCrypto 2008. LNCS, vol. 5299, pp. 47–62. Springer, Heidelberg (2008)Google Scholar
  4. 4.
    Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. Cryptology ePrint Archive, Report 2001/010 (2001).
  5. 5.
    Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for embedded devices. In: Cryptographic Hardware and Embedded Systems (CHES), LNCS, vol. 5747, pp. 49–64. Springer, Berlin (2009)Google Scholar
  6. 6.
    Fong K., Hankerson D., López J., Menezes A.: Field inversion and point halving revisited. IEEE Trans. Comput. 53(8), 1047–1059 (2004)CrossRefGoogle Scholar
  7. 7.
    Gauthier Umaña, V., Leander, G.: Practical key recovery attacks on two McEliece variants.
  8. 8.
    Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys. In: Advances in Cryptology—EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Berlin (2010).
  9. 9.
    Heyse, S., Moradi, A., Paar, C.: Practical power analysis attacks on software implementations of McEliece. In: Proceedings of PQCrypto 2010, LNCS, vol. 6061, pp. 165–181. Springer, Berlin (2010)Google Scholar
  10. 10.
    Huber, K.: Note on decoding binary Goppa codes. In: Electronics Letters, vol. 32, no. 2, pp. 102–103 (1996).
  11. 11.
    Hoerder, S.: Explicit computational aspects of McEliece encryption schemes. Diploma Thesis. Ruhr-Universität Bochum (2009)Google Scholar
  12. 12.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Jet Propulsion Laboratory DSN Progress Report 42–44, January and February 1978, pp. 114-116.
  13. 13.
    Merkle, R.: A certified digital signature. In: Advances in Cryptology—CRYPTO’89, LNCS 1462, pp. 218–238. Springer, Berlin (1989)Google Scholar
  14. 14.
    Niederreiter H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory (Problemy Upravlenija i Teorii Informacii) 15, 159–166 (1986)zbMATHMathSciNetGoogle Scholar
  15. 15.
    Patterson N.: The algebraic decoding of Goppa codes. IEEE Trans. Inf. Theory 21/2, 203–207 (1975)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Proos J., Zalka C.: Shor’s discrete logarithm quantum algorithm for elliptic curves. Quantum Inf. Comput. 3, 317–344 (2003)zbMATHMathSciNetGoogle Scholar
  17. 17.
    Sendrier, N.: Encoding information into constant weight words. In: Proceedings of the 2005 IEEE International Symposium on Information Theory, Adelaide, pp. 435–438. Springer, Berlin (2005)Google Scholar
  18. 18.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. In: Foundations of Computer Science, IEEE Computer Society Press, pp. 124–134, 1994. Extended version: SIAM Journal on Computing, vol. 26, pp. 1484–1509 (1997)Google Scholar
  19. 19.
    Shoufan, A., Strenzke, F., Molter, H.G., Stöttinger, M.: A timing attack against Patterson algorithm in the McEliece PKC. In: Proceedings of ICISC 2009, LNCS, vol. 5984, pp. 161–175. Springer, Berlin (2010)Google Scholar
  20. 20.
    Shoup, V.: NTL—a library for doing numbery theory, v. 5.4.1. (2007).
  21. 21.
    Sidel’nikov V.M., Shestakov S.O.: On insecurity of cryptosystems based on generalized Reed-Solomon codes. Discret. Math. Appl. 2(4), 439–444 (1992)CrossRefMathSciNetGoogle Scholar
  22. 22.
    Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: A method for solving key equation for decoding Goppa codes. In: Information and Control, vol. 27, pp. 87–99 (1975)Google Scholar
  23. 23.
    Strenzke, F., Tews, E., Molter, H.G., Overbeck, R., Shoufan, A.: Side channels in the McEliece PKC. In: Proceedings of PQCrypto 2008, LNCS, vol. 5299, pp. 216–229. Springer, Berlin (2008)Google Scholar
  24. 24.
    Strenzke, F.: A timing attack against the secret permutation in the McEliece PKC. In: Proceedings of PQCrypto 2010, LNCS, vol. 6061, pp. 95–107. Springer, Berlin (2010)Google Scholar

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  • Roberto Avanzi
    • 1
    Email author
  • Simon Hoerder
    • 1
    • 2
  • Dan Page
    • 2
  • Michael Tunstall
    • 2
  1. 1.Qualcomm CDMA Technologies GmbHMunichGermany
  2. 2.Department of Computer ScienceUniversity of BristolBristolUK

Personalised recommendations