Timing Attacks against the Syndrome Inversion in Code-Based Cryptosystems

  • Falko Strenzke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7932)


In this work we present the first practical key-aimed timing attack against code-based cryptosystems. It arises from vulnerabilities that are present in the inversion of the error syndrome through the Extended Euclidean Algorithm that is part of the decryption operation of these schemes. Three types of timing vulnerabilities are combined to a successful attack. Each is used to gain information about the secret support, which is part of code-based decryption keys: The first allows recovery of the zero-element, the second is a refinement of a previously described vulnerability yielding linear equations, and the third enables to retrieve cubic equations.


side channel attack timing attack post quantum cryptography code-based cryptography 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    McEliece, R.J.: A public key cryptosystem based on algebraic coding theory. DSN Progress Report 42-44, 114–116 (1978)Google Scholar
  2. 2.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problems Control Inform. Theory 15(2), 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  3. 3.
    Bernstein, D.J., Buchmann, J., Dahmen, E.: Post Quantum Cryptography. Springer Publishing Company, Incorporated (2008)Google Scholar
  4. 4.
    Biswas, B., Sendrier, N.: McEliece Cryptosystem Implementation: Theory and Practice. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 47–62. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Heyse, S.: Low-Reiter: Niederreiter Encryption Scheme for Embedded Microcontrollers. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 165–181. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for Embedded Devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Shoufan, A., Wink, T., Molter, G., Huss, S., Strenzke, F.: A Novel Processor Architecture for McEliece Cryptosystem and FPGA Platforms. In: Proceedings of the 2009 20th IEEE International Conference on Application-Specific Systems, Architectures and Processors, ASAP 2009, pp. 98–105. IEEE Computer Society, Washington, DC (2009)CrossRefGoogle Scholar
  8. 8.
    Strenzke, F.: A Smart Card Implementation of the McEliece PKC. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 47–59. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Molter, H.G., Stöttinger, M., Shoufan, A., Strenzke, F.: A Simple Power Analysis Attack on a McEliece Cryptoprocessor. Journal of Cryptographic Engineering (2011)Google Scholar
  10. 10.
    Strenzke, F., Tews, E., Molter, H., Overbeck, R., Shoufan, A.: Side Channels in the McEliece PKC. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Strenzke, F.: A Timing Attack against the Secret Permutation in the McEliece PKC. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 95–107. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Shoufan, A., Strenzke, F., Molter, H., Stöttinger, M.: A Timing Attack against Patterson Algorithm in the McEliece PKC. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 161–175. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Heyse, S., Moradi, A., Paar, C.: Practical power analysis attacks on software implementations of mceliece. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 108–125. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Avanzi, R., Hoerder, S., Page, D., Tunstall, M.: Side-channel attacks on the mceliece and niederreiter public-key cryptosystems. J. Cryptographic Engineering 1(4), 271–281 (2011)CrossRefGoogle Scholar
  15. 15.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Engelbert, D., Overbeck, R., Schmidt, A.: A Summary of McEliece-Type Cryptosystems and their Security. Journal of Mathematical Cryptology 1(2), 151–199 (2006)MathSciNetGoogle Scholar
  18. 18.
    Goppa, V.D.: A new class of linear correcting codes. Problems of Information Transmission 6, 207–212 (1970)MathSciNetGoogle Scholar
  19. 19.
    MacWilliams, F.J., Sloane, N.J.A.: The theory of error correcting codes. North Holland (1997)Google Scholar
  20. 20.
    Patterson, N.: Algebraic decoding of Goppa codes. IEEE Trans. Info. Theory 21, 203–207 (1975)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: A method for solving key equation for decoding goppa codes. Information and Control 27(1), 87–99 (1975)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Biswas, B., Herbert, V.: Efficient Root Finding of Polynomials over Fields of Characteristic 2. In: WEWoRK (2009),

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Falko Strenzke
    • 1
  1. 1.Cryptography and Computeralgebra, Department of Computer ScienceTechnische Universität DarmstadtGermany

Personalised recommendations