QC-MDPC: A Timing Attack and a CCA2 KEM

@inproceedings{Eaton2018QCMDPCAT,
  title={QC-MDPC: A Timing Attack and a CCA2 KEM},
  author={Edward Eaton and Matthieu Lequesne and Alex Parent and Nicolas Sendrier},
  booktitle={IACR Cryptol. ePrint Arch.},
  year={2018}
}
In 2013, Misoczki, Tillich, Sendrier and Barreto proposed a variant of the McEliece cryptosystem based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes. This proposal uses an iterative bit-flipping algorithm in its decryption procedure. Such algorithms fail with a small probability. 
Binding BIKE errors to a key pair
TLDR
This work proposes to change the design of the KEM BIKE, which does not bind the randomness of the ciphertexts to a specific public key, although currently, there is no attack that leverages this property.
A Statistical Explanation of the Timing Attack on QC-MDPC Code Crypto-system
TLDR
A mathematical model is proposed to explain both attacks of the McEliece cryptosystem by connecting the spectrum of private key and first-layer performance of the decoder.
On constant-time QC-MDPC decoding with negligible failure rate
TLDR
This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps, and builds a constant-time software implementation of the proposed instantiation, which is quite close to the IND-CPA variant.
A Statistical Explanation of the Timing Attack on QC-MDPC Code Crypto-system
  • Han Li
  • Computer Science
    ArXiv
  • 2019
TLDR
A mathematical model is proposed to explain both attacks by connecting the spectrum of private key and first-layer performance of the decoder.
A Closer Look at the Guo-Johansson-Stankovski Attack Against QC-MDPC Codes
TLDR
A reaction attack against QC-MDPC McEliece by observing the difference in failure rates for various sets of error vectors, the attacker obtains the distances between 1’s in the secret key and can thus recover the whole secret key.
Tree authenticated ephemeral keys
  • Pavol Zajac
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2019
TLDR
This work proposes to combine ephemeral public keys with a simple Merkle-tree to obtain a server authenticated key encapsulation/transport suitable for TLS-like handshake protocols.
Code-Based Cryptography
TLDR
These parameters show that HermitianRLCE has much smaller public keys than GRS-RLCE, and based on the security analysis, this paper provides hermitian code based RLCE parameters at the 128, 192, and 256 bits security level.
A Key Recovery Reaction Attack on QC-MDPC
TLDR
A very efficient key recovery attack on the QC-MDPC scheme using the fact that decryption uses an iterative decoding step, and this can fail with some small probability, to identify a dependence between the secret key and the failure in decoding.
Optimized implementation of QC‐MDPC code‐based cryptography
TLDR
This paper presents a new enhanced version of the QcBits key encapsulation mechanism, which is a constant‐time implementation of the Niederreiter cryptosystem using QC‐MDPC codes, that is 1.9 times faster when decrypting messages.
A Timing Attack on the HQC Encryption Scheme
TLDR
This work presents the first timing attack against the HQC public-key encryption scheme, requiring the attacker to record the decryption time of around 400 million ciphertexts for a set of HQC parameters corresponding to 128 bits of security.
...
...

References

SHOWING 1-10 OF 45 REFERENCES
A Reaction Attack on the QC-LDPC McEliece Cryptosystem
TLDR
A reaction attack against the QC-MDPC McEliece cryptosystem is presented which exploits a dependence between the secret matrix H and the failure probability of the bit-flipping algorithm to reveal the matrix H which constitutes the private key in the cryptos system.
Towards Side-Channel Resistant Implementations of QC-MDPC McEliece Encryption on Constrained Devices
TLDR
The use of quasi-cyclic MDPC (QC-MDPC) codes for the McEliece cryptosystem is proposed and it was shown that these codes can provide both compact key representations and solid performance on high-end computing platforms.
Using low density parity check codes in the McEliece cryptosystem
TLDR
The implications of using a low density parity check code (LDPCC) in place of the usual Goppa code in McEliece's cryptosystem allows for larger block lengths and the possibility of a combined error correction/encryption protocol.
Differential Power Analysis of a McEliece Cryptosystem
TLDR
The presented cryptanalysis succeeds to recover the complete secret key after a few observed decryptions and consists of a combination of a differential leakage analysis during the syndrome computation followed by an algebraic step that exploits the relation between the public and private key.
A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes
TLDR
A new variant of the McEliece cryptosystem based on QC-LDPC codes is improved and it is shown that a new attack has been discovered that can recover the private key with limited complexity can be avoided by changing the form of some constituent matrices.
Worst case QC-MDPC decoder for McEliece cryptosystem
TLDR
It is shown that the tuning of the algorithm is not the same to reduce the maximal number of iterations as for reducing the average cost, which provides some indications on how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel attack.
A Timing Attack against the Secret Permutation in the McEliece PKC
TLDR
This work devise how to exploit a vulnerability in the Patterson algorithm that allows the attacker to gather information about the secret permutation through a timing side channel to dramatically reduce the cost of a brute force attack against the secret key.
Side Channels in the McEliece PKC
TLDR
A Timing Attack is presented which was executed successfully against a software implementation of the McEliece PKC, and the critical system components for key generation and decryption are inspected to identify channels enabling power and cache attacks.
MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes
TLDR
This work proposes two McEliece variants: one from Moderate Density Parity-Check (MDPC) codes and another from quasi-cyclic MDPC codes, which reduce under certain hypotheses the security of the scheme to the well studied decoding problem.
A CCA2 Secure Variant of the McEliece Cryptosystem
TLDR
This paper shows the first construction of a McEliece-based public-key cryptosystem secure against chosen ciphertext attacks in the standard model, inspired by a recently proposed technique by Rosen and Segev.
...
...