[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

What a lovely hat

Is it made out of tin foil?

Paper 2024/1694

Full Key-Recovery Cubic-Time Template Attack on Classic McEliece Decapsulation

Vlad-Florin Drăgoi, Aurel Vlaicu University of Arad
Brice Colombier, Laboratoire Hubert Curien
Nicolas Vallet, Laboratoire Hubert Curien
Pierre-Louis Cayrel, Laboratoire Hubert Curien
Vincent Grosso, Laboratoire Hubert Curien, French National Centre for Scientific Research
Abstract

Classic McEliece is one of the three code-based candidates in the fourth round of the NIST post-quantum cryptography standardization process in the Key Encapsulation Mechanism category. As such, its decapsulation algorithm is used to recover the session key associated with a ciphertext using the private key. In this article, we propose a new side-channel attack on the syndrome computation in the decapsulation algorithm that recovers the private key, which consists of the private Goppa polynomial $g$ and the permuted support $\mathcal{L}$. The attack relies on both practical aspects and theoretical contributions, namely that the side-channel distinguisher can accurately discriminate elements of the permuted support $\mathcal{L}$, while relying only on a standard noisy Hamming weight leakage assumption and that there exists a cubic-time algorithm that uses this information to recover the private Goppa polynomial $g$. Compared with previous work targeting the Classic McEliece private key, this drastically improves both on the assumptions made in the attacker model and on the overall efficiency of the key-recovery algorithm. We have carried out the attack in practice on a microcontroller target running the reference implementation of Classic McEliece, and make the full attack source code available.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in TCHES 2025
Keywords
Post-quantum cryptographyCode-based cryptographyClassic McElieceSide-channel attacks
Contact author(s)
vlad dragoi @ uav ro
b colombier @ univ-st-etienne fr
nicolas vallet @ univ-st-etienne fr
pierre louis cayrel @ univ-st-etienne fr
vincent grosso @ univ-st-etienne fr
History
2024-10-18: approved
2024-10-17: received
See all versions
Short URL
https://ia.cr/2024/1694
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1694,
      author = {Vlad-Florin Drăgoi and Brice Colombier and Nicolas Vallet and Pierre-Louis Cayrel and Vincent Grosso},
      title = {Full Key-Recovery Cubic-Time Template Attack on Classic {McEliece} Decapsulation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1694},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1694}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.