Paper 2022/1529

Key-Recovery Fault Injection Attack on the Classic McEliece KEM

Sabine Pircher, Technical University of Munich, HENSOLDT Cyber GmbH
Johannes Geier, Technical University of Munich
Julian Danner, University of Passau
Daniel Mueller-Gritschneder, Technical University of Munich
Antonia Wachter-Zeh, Technical University of Munich
Abstract

We present a key-recovery fault injection attack on the Classic McEliece Key Encapsulation Mechanism (KEM). The fault injections target the error-locator polynomial of the Goppa code and the validity checks in the decryption algorithm, making a chosen ciphertext attack possible. Faulty decryption outputs are used to generate a system of polynomial equations in the secret support elements of the Goppa code. After solving the equations, we can determine a suitable Goppa polynomial and form an alternative secret key. To demonstrate the feasibility of the attack on hardware, we simulate the fault injections on virtual prototypes of two RISC-V cores at register-transfer level.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Post-Quantum Cryptography Key Recovery Fault Attack Classic McEliece
Contact author(s)
sabine pircher @ tum de
johannes geier @ tum de
julian danner @ uni-passau de
daniel mueller @ tum de
antonia wachter-zeh @ tum de
History
2022-11-07: approved
2022-11-04: received
See all versions
Short URL
https://ia.cr/2022/1529
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/1529,
      author = {Sabine Pircher and Johannes Geier and Julian Danner and Daniel Mueller-Gritschneder and Antonia Wachter-Zeh},
      title = {Key-Recovery Fault Injection Attack on the Classic {McEliece} {KEM}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1529},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1529}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.