Paper 2022/125

Message-recovery Profiled Side-channel Attack on the Classic McEliece Cryptosystem

Brice Colombier, Vlad-Florin Dragoi, Pierre-Louis Cayrel, and Vincent Grosso


The NIST standardization process for post-quantum cryptography has been drawing the attention of researchers to the submitted candidates. One direction of research consists in implementing those candidates on embedded systems and that exposes them to physical attacks in return. The Classic McEliece cryptosystem, which is among the four finalists of round 3 in the Key Encapsulation Mechanism category, was recently targeted by a laser fault injection attack leading to message recovery. Regrettably, the attack setting is very restrictive. Indeed, it does not tolerate errors in the faulty syndrome. Moreover, it depends on the very strong attacker model of laser fault injection, and is not applicable to optimised implementations of the algorithm that make optimal usage of the machine words capacity. In this article, we propose a change of attack angle and perform a message-recovery attack that relies on side-channel information only. We improve on the previously published work in several key aspects. First, we show that side-channel information is sufficient to obtain a faulty syndrome in $\N$, as required by the attack. This is done by leveraging classic machine learning techniques that recover the Hamming weight information very accurately. Second, we put forward a computationally-efficient method, based on a simple dot product, to recover the message from the, possibly noisy, syndrome in $\N$. We show that this new method, which additionally leverages existing information-set decoding algorithms from coding theory, is very robust to noise. Finally, we present a countermeasure against the proposed attack.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
post-quantum cryptographyClassic McElieceside-channel attack
Contact author(s)
brice colombier @ grenoble-inp fr
vlad dragoi @ uav ro
pierre louis cayrel @ univ-st-etienne fr
vincent grosso @ univ-st-etienne fr
2022-02-09: received
Short URL
Creative Commons Attribution


      author = {Brice Colombier and Vlad-Florin Dragoi and Pierre-Louis Cayrel and Vincent Grosso},
      title = {Message-recovery Profiled Side-channel Attack on the Classic McEliece Cryptosystem},
      howpublished = {Cryptology ePrint Archive, Paper 2022/125},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.