A Timing Attack against the Secret Permutation in the McEliece PKC

  • Falko Strenzke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6061)


In this work we present a novel timing attack against the McEliece public key cryptosystem (PKC). In contrast to former works investigating timing attacks that aim at recovering the message, we devise how to exploit a vulnerability in the Patterson algorithm that allows the attacker to gather information about the secret permutation through a timing side channel. This information can be used to dramatically reduce the cost of a brute force attack against the secret key. We also describe the results obtained from a proof of concept implementation of the attack and give an appropriate countermeasure.


side channel attack timing attack post quantum cryptography code-based cryptography 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    McEliece, R.J.: A public key cryptosystem based on algebraic coding theory. DSN progress report 42–44, 114–116 (1978)Google Scholar
  2. 2.
    Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography (2004) ISBN 978-0387952734Google Scholar
  3. 3.
    Miller, V.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  4. 4.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings of 35th Annual Symposium on Foundation of Computer Science (1994)Google Scholar
  7. 7.
    Peter, W.: Shor: Polynomial time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing 26(5), 1484–1509 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Proos, J., Zalka, C.: Shor’s discrete logarithm quantum algorithm for elliptic curves, Technical Report quant-ph/0301141, arXiv (2006)Google Scholar
  9. 9.
    Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, pp. 104–113 (1996)Google Scholar
  10. 10.
    Kocher, P.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Shoufan, A., Strenzke, F., Molter, H.G., Stöttinger, M.: A Timing Attack Against Patterson Algorithm in the McEliece PKC (2009); To be published in ICISC 2009 (2009)Google Scholar
  12. 12.
    Strenzke, F., Tews, E., Molter, H.G., Overbeck, R., Shoufan, A.: Side Channels in the McEliece PKC. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Patterson, N.: Algebraic decoding of Goppa codes. IEEE Trans. Info. Theory 21, 203–207 (1975)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Engelbert, D., Overbeck, R., Schmidt, A.: A Summary of McEliece-Type Cryptosystems and their Security. Journal of Mathematical Cryptology (2006)Google Scholar
  15. 15.
    Goppa, V.D.: A new class of linear correcting codes. Problems of Information Transmission 6, 207–212 (1970)MathSciNetGoogle Scholar
  16. 16.
    MacWilliams, F.J., Sloane, N.J.A.: The theory of error correcting codes. North-Holland, Amsterdam (1997)Google Scholar
  17. 17.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems - conversions for McEliece PKC. In: Practice and Theory in Public Key Cryptography - PKC ’01 Proceedings (2001)Google Scholar
  19. 19.
    Pointcheval, D.: Chosen-chipertext security for any one-way cryptosystem. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 129–146. Springer, Heidelberg (2000)Google Scholar
  20. 20.
    Biswas, B., Sendrier, N.: McEliece Cryptosystem Implementation: Theory and Practice. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 47–62. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smard Cards. Springer, Heidelberg (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Falko Strenzke
    • 1
    • 2
  1. 1.FlexSecure GmbHGermany
  2. 2.Cryptography and Computeralgebra, Department of Computer ScienceTechnische Universität DarmstadtGermany

Personalised recommendations