2016
DOI: 10.1515/tmmp-2016-0032
|View full text |Cite
|
Sign up to set email alerts
|

Simple Power Analysis Attack on the QC-LDPC McEliece Cryptosystem

Abstract: It is known that a naive implementation of the decryption algorithm in the McEliece cryptosystem allows an attacker to recover the secret matrix P by measuring the power consumption. We demonstrate that a similar threat is present in the QC-LDPC variant of the McEliece cryptosystem. We consider a naive implementation of the decryption algorithm in the QC-LDPC McEliece cryptosystem. We demonstrate that this implementation leaks information about positions of ones in the secret matrix Q. We argue that this leaka… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
6
0

Year Published

2018
2018
2021
2021

Publication Types

Select...
2
2
2

Relationship

0
6

Authors

Journals

citations
Cited by 6 publications
(6 citation statements)
references
References 7 publications
0
6
0
Order By: Relevance
“…success or failure), the required time for decoding, the power consumption of some particular step, etc. (see [14,15,[17][18][19]25] for some concrete possibilities). The adversary first collects all the oracle replies, and then performs a statistical analysis on them, with the aim of guessing some information about the secret key.…”
Section: Gsa Attackmentioning
confidence: 99%
“…success or failure), the required time for decoding, the power consumption of some particular step, etc. (see [14,15,[17][18][19]25] for some concrete possibilities). The adversary first collects all the oracle replies, and then performs a statistical analysis on them, with the aim of guessing some information about the secret key.…”
Section: Gsa Attackmentioning
confidence: 99%
“…This information might be masked through proper implementation strategies; for instance, random permutations might be applied to the order of processing bits in the decoder. This solution, which was proposed by the authors of [11] as a countermeasure to the attack they introduced in the same paper, is however likely not to be strong enough for guaranteeing prevention of other kinds of information leaks.…”
Section: Other Sources Of Information Leakagementioning
confidence: 99%
“…Such a feature is crucial, since it has been shown how this probabilistic nature of the decoder actually exposes the system to cryptanalysis techniques based on the observation of the decryption phase. State-of-the-art attacks of this kind are commonly called reaction attacks, when based on decoding failures events [12], [13], [15], [22], or side-channel attacks, when based on information such as the duration of the decoding phase (in this case we speak properly of timing attacks) or other quantities [10], [11], [21]. All these previous techniques exploit the QC structure of the code and aim at recovering some characteristics of the secret key by performing a statistical analysis on a sufficiently large amount of collected data.…”
Section: Introductionmentioning
confidence: 99%
“…The two most common side channels exploited to breach practical implementations of cryptosystems are the execution time of the primitive and the instantaneous power consumption during its computation. In particular, in [15], it was shown how a QC-LDPC codebased system can be broken by means of simple power analysis, exploiting the control-flow dependent differences of the decoding algorithm. We note that employing ephemeral keys provides a natural resistance against non-profiled power consumption side channel attacks, as a significant amount of measurements with the same key (> 30) must be collected before the key is revealed.…”
Section: Properties Of the Proposed Cryptosystemmentioning
confidence: 99%