Advertisement

Practical Power Analysis Attacks on Software Implementations of McEliece

  • Stefan Heyse
  • Amir Moradi
  • Christof Paar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6061)

Abstract

The McEliece public-key cryptosystem is based on the fact that decoding unknown linear binary codes is an NP-complete problem. The interest on implementing post-quantum cryptographic algorithms, e.g. McEliece, on microprocessor-based platforms has been extremely raised due to the increasing storage space of these platforms. Therefore, their vulnerability and robustness against physical attacks, e.g., state-of-the-art power analysis attacks, must be investigated. In this work, we address mainly two power analysis attacks on various implementations of McEliece on an 8-bit AVR microprocessor. To the best of our knowledge, this is the first time that such side-channel attacks are practically evaluated.

Keywords

Software Implementation Permutation Matrix Execution Path Parity Check Matrix Goppa Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Berlekamp, E.R.: Goppa Codes. IEEE Trans. on Information Theory 19(3), 590–592 (1973)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008), http://eprint.iacr.org/2008/318 CrossRefGoogle Scholar
  3. 3.
    Biswas, B., Sendrier, N.: McEliece Cryptosystem Implementation: Theory and Practice. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 47–62. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 251–265. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Cayrel, P.-L., Dusart, P.: Fault Injection’s Sensitivity of the McEliece PKC (2009), http://www.cayrel.net/IMG/pdf/Fault_injection_s_sensitivity_of_the_McEliece_PKC.pdf
  7. 7.
    den Boer, B., Lemke, K., Wicke, G.: A DPA Attack against the Modular Reduction within a CRT Implementation of RSA. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 228–243. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for Embedded Devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)Google Scholar
  10. 10.
    Engelbert, D., Overbeck, R., Schmidt, A.: A Summary of McEliece-Type Cryptosystems and their Security. Journal of Mathematical Cryptology 1(2), 151–199 (2006), http://eprint.iacr.org/2006/162 CrossRefMathSciNetGoogle Scholar
  11. 11.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Hoerder, S.: Explicit Computational Aspects of McEliece Encryption Scheme. Master’s thesis, Ruhr University Bochum, Germany (2009)Google Scholar
  13. 13.
    Howenga, T.: Efficient Implementation of the McEliece Cryptosystem on Graphics Processing Units. Master’s thesis, Ruhr-University Bochum, Germany (2009)Google Scholar
  14. 14.
    Kasper, M., Kasper, T., Moradi, A., Paar, C.: Breaking KeeLoq in a Flash. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 403–420. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Lee, P.J., Brickell, E.F.: An Observation on the Security of McEliece’s Public-Key Cryptosystem. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988)Google Scholar
  17. 17.
    Leon, J.S.: A Probabilistic Algorithm for Computing Minimum Weights of Large Error-Correcting Codes. IEEE Transactions on Information Theory 34(5), 1354–1359 (1988)CrossRefMathSciNetGoogle Scholar
  18. 18.
    McEliece, R.J.: A Public-Key Cryptosystem Based On Algebraic Coding Theory. Deep Space Network Progress Report 44, 114–116 (1978)Google Scholar
  19. 19.
    Messerges, T.S.: Using Second-Order Power Analysis to Attack DPA Resistant Software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    Oswald, E.: Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 82–97. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Patterson, N.: The Algebraic Decoding of Goppa Codes. IEEE Transactions on Information Theory 21, 203–207 (1975)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Schramm, K., Leander, G., Felke, P., Paar, C.: A Collision-Attack on AES: Combining Side Channel- and Differential-Attack. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 163–175. Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Schramm, K., Paar, C.: Higher Order Masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208–225. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Schramm, K., Wollinger, T.J., Paar, C.: A New Class of Collision Attacks and Its Application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)Google Scholar
  27. 27.
    Shoufan, A., Strenzke, F., Molter, H.G., Stoettinger, M.: A Timing Attack Against Patterson Algorithm in the McEliece PKC. In: International Conference on Information Security and Cryptology - ICISC 2009. LNCS, Springer, Heidelberg (2009) (to appear)Google Scholar
  28. 28.
    Shoufan, A., Wink, T., Molter, G., Huss, S., Strentzke, F.: A Novel Processor Architecture for McEliece Cryptosystem and FPGA Platforms. In: Application-specific Systems, Architectures and Processors - ASAP 2009, pp. 98–105. IEEE Computer Society, Los Alamitos (2009)Google Scholar
  29. 29.
    Silverman, J.H., Whyte, W.: Timing Attacks on NTRUEncrypt Via Variation in the Number of Hash Calls. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 208–224. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Standaert, F.-X., Örs, S.B., Quisquater, J.-J., Preneel, B.: Power Analysis Attacks Against FPGA Implementations of the DES. In: Becker, J., Platzner, M., Vernalde, S. (eds.) FPL 2004. LNCS, vol. 3203, pp. 84–94. Springer, Heidelberg (2004)Google Scholar
  31. 31.
    Stern, J.: A Method for Finding Codewords of Small Weight. In: Wolfmann, J., Cohen, G. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989)CrossRefGoogle Scholar
  32. 32.
    Strenzke, F., Tews, E., Molter, H.G., Overbeck, R., Shoufan, A.: Side Channels in the McEliece PKC. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  33. 33.
    van Tilborg, H.C.: Fundamentals of Cryptology. Kluwer Academic Publishers, Dordrecht (2000)zbMATHGoogle Scholar
  34. 34.
    Vizev, N.V.: Side Channel Attacks on NTRUEncrypt. Bachelor’s thesis, Technical University of Darmstadt, Germany (2007), http://www.cdc.informatik.tu-darmstadt.de/reports/reports/Nikolay_Vizev.bachelor.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Stefan Heyse
    • 1
  • Amir Moradi
    • 1
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany

Personalised recommendations