Cryptology ePrint Archive: Report 2015/271

Toward Secure Implementation of McEliece Decryption

Mariya Georgieva and Frédéric de Portzamparc

Abstract: We analyse the security regarding timing attacks of implementations of the decryption in McEliece PKC with binary Goppa codes. First, we review and extend the existing attacks, both on the messages and on the keys. We show that, until now, no satisfactory countermeasure could erase all the timing leakages in the Extended Euclidean Algorithm (EEA) step. Then, we describe a version of the EEA never used for McEliece so far. It uses a constant number of operations for given public parameters. In particular, the operation flow does not depend on the input of the decryption, and thus closes all previous timing attacks. We end up with what should become a central tool toward a secure implementation of McEliece decryption.

Category / Keywords: implementation / McEliece, Extended Euclidean Algorithm, timing attacks

Original Publication (with major differences): COSADE 2015

Date: received 23 Mar 2015

Contact author: frederic urvoy-de-portzamparc at polytechnique org

Available format(s): PDF | BibTeX Citation

Note: Extended version of the COSADE 2015 article "Toward Secure Implementation of McEliece Decryption".

Version: 20150323:123058 (All versions of this report)

Short URL: ia.cr/2015/271

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]