4.7 Article

Profiled Side-Channel Attack on Cryptosystems Based on the Binary Syndrome Decoding Problem

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (2022)

Get Full Text
Add to Collection

Journal

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Volume 17, Issue -, Pages 3407-3420

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TIFS.2022.3198277

Keywords

Decoding; NIST; Side-channel attacks; Semiconductor lasers; Encryption; Encapsulation; Public key; Post-quantum cryptography; syndrome decoding problem; side-channel attack

Categories

Computer Science, Theory & Methods Engineering, Electrical & Electronic

Funding

  1. French National Research Agency [ANR-15-IDEX-02]
  2. LabEx PERSYVAL [ANR-11-LABX-0025-01]
  3. Ministry of Research, Innovation and Digitization, CNCS/CCCDI-UEFISCDI within PNCDI III [PN-III-P1-1.1PD-2019-0285]

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

The NIST standardization process for post-quantum cryptography has attracted researchers' attention. This article proposes a message-recovery attack that relies solely on side-channel information. By using machine learning techniques and a simple dot product algorithm, improvements are made on previous work.
The NIST standardization process for post-quantum cryptography has been drawing the attention of researchers to the submitted candidates. One direction of research consists in implementing those candidates on embedded systems and that exposes them to physical attacks in return. The Classic McEliece cryptosystem, which is among the four finalists of round 3 in the Key Encapsulation Mechanism category, builds its security on the hardness of the syndrome decoding problem, which is a classic hard problem in code-based cryptography. This cryptosystem was recently targeted by a laser fault injection attack leading to message recovery. Regrettably, the attack setting is very restrictive and it does not tolerate any error in the faulty syndrome. Moreover, it depends on the very strong attacker model of laser fault injection, and does not apply to optimised implementations of the algorithm that make optimal usage of the machine words capacity. In this article, we propose a to change the angle and perform a message-recovery attack that relies on side-channel information only. We improve on the previously published work in several key aspects. First, we show that side-channel information, obtained with power consumption analysis, is sufficient to obtain an integer syndrome, as required by the attack framework. This is done by leveraging classic machine learning techniques that recover the Hamming weight information very accurately. Second, we put forward a computationally-efficient method, based on a simple dot product and information-set decoding algorithms, to recover the message from the, possibly inaccurate, recovered integer syndrome. Finally, we present a masking countermeasure against the proposed attack.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.