Cryptology ePrint Archive: Report 2015/271
Toward Secure Implementation of McEliece Decryption
Mariya Georgieva and Frédéric de Portzamparc
Abstract: We analyse the security regarding timing attacks of implementations of the decryption in McEliece PKC with binary Goppa codes. First, we review and extend the existing attacks, both on the messages and on the keys. We show that, until now, no satisfactory countermeasure could erase all the timing leakages in the Extended Euclidean Algorithm (EEA) step. Then, we describe a version of the EEA never used for McEliece so far. It uses a constant number of operations for given public parameters. In particular, the operation flow does not depend on the input of the decryption, and thus closes all previous timing attacks. We end up with what should become a central tool toward a secure implementation of McEliece decryption.
Category / Keywords: implementation / McEliece, Extended Euclidean Algorithm, timing attacks
Original Publication (with major differences): COSADE 2015
Date: received 23 Mar 2015
Contact author: frederic urvoy-de-portzamparc at polytechnique org
Available format(s): PDF | BibTeX Citation
Note: Extended version of the COSADE 2015 article "Toward Secure Implementation of McEliece Decryption".
Version: 20150323:123058 (All versions of this report)
Short URL: ia.cr/2015/271
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]