Paper 2022/1529
Key-Recovery Fault Injection Attack on the Classic McEliece KEM
, Technical University of Munich, HENSOLDT Cyber GmbH, Technical University of Munich, Technical University of Munich, Technical University of MunichAbstract
We present a key-recovery fault injection attack on the Classic McEliece Key Encapsulation Mechanism (KEM). The fault injections target the error-locator polynomial of the Goppa code and the validity checks in the decryption algorithm, making a chosen ciphertext attack possible. Faulty decryption outputs are used to generate a system of polynomial equations in the secret support elements of the Goppa code. After solving the equations, we can determine a suitable Goppa polynomial and form an alternative secret key. To demonstrate the feasibility of the attack on hardware, we simulate the fault injections on virtual prototypes of two RISC-V cores at register-transfer level.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Post-Quantum Cryptography Key Recovery Fault Attack Classic McEliece
- Contact author(s)
-
sabine pircher @ tum de
johannes geier @ tum de
julian danner @ uni-passau de
daniel mueller @ tum de
antonia wachter-zeh @ tum de - History
- 2022-11-07: approved
- 2022-11-04: received
- See all versions
- Short URL
- https://ia.cr/2022/1529
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1529,
author = {Sabine Pircher and Johannes Geier and Julian Danner and Daniel Mueller-Gritschneder and Antonia Wachter-Zeh},
title = {Key-Recovery Fault Injection Attack on the Classic McEliece KEM},
howpublished = {Cryptology ePrint Archive, Paper 2022/1529},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1529}},
url = {https://eprint.iacr.org/2022/1529}
}
