Practical Power Analysis Attacks on Software Implementations of McEliece

  • Stefan Heyse
  • Amir Moradi
  • Christof Paar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6061)

Abstract

The McEliece public-key cryptosystem is based on the fact that decoding unknown linear binary codes is an NP-complete problem. The interest on implementing post-quantum cryptographic algorithms, e.g. McEliece, on microprocessor-based platforms has been extremely raised due to the increasing storage space of these platforms. Therefore, their vulnerability and robustness against physical attacks, e.g., state-of-the-art power analysis attacks, must be investigated. In this work, we address mainly two power analysis attacks on various implementations of McEliece on an 8-bit AVR microprocessor. To the best of our knowledge, this is the first time that such side-channel attacks are practically evaluated.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Berlekamp, E.R.: Goppa Codes. IEEE Trans. on Information Theory 19(3), 590–592 (1973)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008), http://eprint.iacr.org/2008/318 CrossRefGoogle Scholar
  3. 3.
    Biswas, B., Sendrier, N.: McEliece Cryptosystem Implementation: Theory and Practice. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 47–62. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 251–265. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Cayrel, P.-L., Dusart, P.: Fault Injection’s Sensitivity of the McEliece PKC (2009), http://www.cayrel.net/IMG/pdf/Fault_injection_s_sensitivity_of_the_McEliece_PKC.pdf
  7. 7.
    den Boer, B., Lemke, K., Wicke, G.: A DPA Attack against the Modular Reduction within a CRT Implementation of RSA. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 228–243. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for Embedded Devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)Google Scholar
  10. 10.
    Engelbert, D., Overbeck, R., Schmidt, A.: A Summary of McEliece-Type Cryptosystems and their Security. Journal of Mathematical Cryptology 1(2), 151–199 (2006), http://eprint.iacr.org/2006/162 CrossRefMathSciNetGoogle Scholar
  11. 11.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Hoerder, S.: Explicit Computational Aspects of McEliece Encryption Scheme. Master’s thesis, Ruhr University Bochum, Germany (2009)Google Scholar
  13. 13.
    Howenga, T.: Efficient Implementation of the McEliece Cryptosystem on Graphics Processing Units. Master’s thesis, Ruhr-University Bochum, Germany (2009)Google Scholar
  14. 14.
    Kasper, M., Kasper, T., Moradi, A., Paar, C.: Breaking KeeLoq in a Flash. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 403–420. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Lee, P.J., Brickell, E.F.: An Observation on the Security of McEliece’s Public-Key Cryptosystem. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988)Google Scholar
  17. 17.
    Leon, J.S.: A Probabilistic Algorithm for Computing Minimum Weights of Large Error-Correcting Codes. IEEE Transactions on Information Theory 34(5), 1354–1359 (1988)CrossRefMathSciNetGoogle Scholar
  18. 18.
    McEliece, R.J.: A Public-Key Cryptosystem Based On Algebraic Coding Theory. Deep Space Network Progress Report 44, 114–116 (1978)Google Scholar
  19. 19.
    Messerges, T.S.: Using Second-Order Power Analysis to Attack DPA Resistant Software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    Oswald, E.: Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 82–97. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Patterson, N.: The Algebraic Decoding of Goppa Codes. IEEE Transactions on Information Theory 21, 203–207 (1975)MATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Schramm, K., Leander, G., Felke, P., Paar, C.: A Collision-Attack on AES: Combining Side Channel- and Differential-Attack. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 163–175. Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Schramm, K., Paar, C.: Higher Order Masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208–225. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Schramm, K., Wollinger, T.J., Paar, C.: A New Class of Collision Attacks and Its Application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)Google Scholar
  27. 27.
    Shoufan, A., Strenzke, F., Molter, H.G., Stoettinger, M.: A Timing Attack Against Patterson Algorithm in the McEliece PKC. In: International Conference on Information Security and Cryptology - ICISC 2009. LNCS, Springer, Heidelberg (2009) (to appear)Google Scholar
  28. 28.
    Shoufan, A., Wink, T., Molter, G., Huss, S., Strentzke, F.: A Novel Processor Architecture for McEliece Cryptosystem and FPGA Platforms. In: Application-specific Systems, Architectures and Processors - ASAP 2009, pp. 98–105. IEEE Computer Society, Los Alamitos (2009)Google Scholar
  29. 29.
    Silverman, J.H., Whyte, W.: Timing Attacks on NTRUEncrypt Via Variation in the Number of Hash Calls. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 208–224. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Standaert, F.-X., Örs, S.B., Quisquater, J.-J., Preneel, B.: Power Analysis Attacks Against FPGA Implementations of the DES. In: Becker, J., Platzner, M., Vernalde, S. (eds.) FPL 2004. LNCS, vol. 3203, pp. 84–94. Springer, Heidelberg (2004)Google Scholar
  31. 31.
    Stern, J.: A Method for Finding Codewords of Small Weight. In: Wolfmann, J., Cohen, G. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989)CrossRefGoogle Scholar
  32. 32.
    Strenzke, F., Tews, E., Molter, H.G., Overbeck, R., Shoufan, A.: Side Channels in the McEliece PKC. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  33. 33.
    van Tilborg, H.C.: Fundamentals of Cryptology. Kluwer Academic Publishers, Dordrecht (2000)MATHGoogle Scholar
  34. 34.
    Vizev, N.V.: Side Channel Attacks on NTRUEncrypt. Bachelor’s thesis, Technical University of Darmstadt, Germany (2007), http://www.cdc.informatik.tu-darmstadt.de/reports/reports/Nikolay_Vizev.bachelor.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Stefan Heyse
    • 1
  • Amir Moradi
    • 1
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany

Personalised recommendations