Paper 2022/125

Profiled Side-channel Attack on Cryptosystems based on the Binary Syndrome Decoding Problem

Brice Colombier, Univ Grenoble Alpes, CNRS, Grenoble INP, TIMA, Grenoble, France
Vlad-Florin Drăgoi, Faculty of Exact Sciences, Aurel Vlaicu University, Arad, Romania, LITIS, University of Rouen Normandie, Saint-Etienne du Rouvray, France
Pierre-Louis Cayrel, Univ Lyon, UJM-Saint-Etienne, CNRS, Laboratoire Hubert Curien UMR 5516, Saint-Etienne, France
Vincent Grosso, Univ Lyon, UJM-Saint-Etienne, CNRS, Laboratoire Hubert Curien UMR 5516, Saint-Etienne, France
Abstract

The NIST standardization process for post-quantum cryptography has been drawing the attention of researchers to the submitted candidates. One direction of research consists in implementing those candidates on embedded systems and that exposes them to physical attacks in return. The Classic McEliece cryptosystem, which is among the four finalists of round 3 in the Key Encapsulation Mechanism category, builds its security on the hardness of the syndrome decoding problem, which is a classic hard problem in code-based cryptography. This cryptosystem was recently targeted by a laser fault injection attack leading to message recovery. Regrettably, the attack setting is very restrictive and it does not tolerate any error in the faulty syndrome. Moreover, it depends on the very strong attacker model of laser fault injection, and does not apply to optimised implementations of the algorithm that make optimal usage of the machine words capacity. In this article, we propose a to change the angle and perform a message-recovery attack that relies on side-channel information only. We improve on the previously published work in several key aspects. First, we show that side-channel information, obtained with power consumption analysis, is sufficient to obtain an integer syndrome, as required by the attack framework. This is done by leveraging classic machine learning techniques that recover the Hamming weight information very accurately. Second, we put forward a computationally-efficient method, based on a simple dot product and information-set decoding algorithms, to recover the message from the, possibly inaccurate, recovered integer syndrome. Finally, we present a masking countermeasure against the proposed attack.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. IEEE Transactions on Information Forensics and Security
Keywords
post-quantum cryptography Classic McEliece side-channel attack
Contact author(s)
brice colombier @ grenoble-inp fr
vlad dragoi @ uav ro
pierre louis cayrel @ univ-st-etienne fr
vincent grosso @ univ-st-etienne fr
History
2022-07-12: revised
2022-02-09: received
See all versions
Short URL
https://ia.cr/2022/125
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/125,
      author = {Brice Colombier and Vlad-Florin Drăgoi and Pierre-Louis Cayrel and Vincent Grosso},
      title = {Profiled Side-channel Attack on Cryptosystems based on the Binary Syndrome Decoding Problem},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/125},
      year = {2022},
      url = {https://eprint.iacr.org/2022/125}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.