International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Side Channel Information Set Decoding using Iterative Chunking

Authors:
Norman Lahr
Ruben Niederhagen
Richard Petri
Simona Samardjiska
Download:
DOI: 10.1007/978-3-030-64837-4_29
Search ePrint
Search Google
Presentation: Slides
Abstract: This paper presents an attack based on side-channel information and information set decoding (ISD) on the code-based Niederreiter cryptosystem and an evaluation of the practicality of the attack using an electromagnetic side channel. We start by directly adapting the timing side-channel plaintext-recovery attack by Shoufan et al. from 2010 to the constant-time implementation of the Niederreiter cryptosystem as used in the official FPGA-implementation of the NIST finalist “Classic McEliece”. We then enhance our attack using ISD and a new technique that we call iterative chunking to further significantly reduce the number of required side-channel measurements. We theoretically show that our attack improvements have a significant impact on reducing the number of required side-channel measurements. For example, for the 256-bit security parameter set kem/mceliece6960119 of “Classic McEliece”, we improve the basic attack that requires 5415 measurements to less than 562 measurements on average to mount a successful plaintext-recovery attack. Further reductions can be achieved at the price of increasing the cost of the ISD computations. We confirm our findings by practically mounting the attack on the official FPGA-implementation of “Classic McEliece” for all proposed parameter sets.
Video from ASIACRYPT 2020
BibTeX
@article{asiacrypt-2020-30668,
  title={Side Channel Information Set Decoding using Iterative Chunking},
  booktitle={Advances in Cryptology - ASIACRYPT 2020},
  publisher={Springer},
  doi={10.1007/978-3-030-64837-4_29},
  author={Norman Lahr and Ruben Niederhagen and Richard Petri and Simona Samardjiska},
  year=2020
}