QC-MDPC: A Timing Attack and a CCA2 KEM

@inproceedings{Eaton2018QCMDPCAT,
  title={QC-MDPC: A Timing Attack and a CCA2 KEM},
  author={Edward Eaton and Matthieu Lequesne and Alex Parent and Nicolas Sendrier},
  booktitle={IACR Cryptol. ePrint Arch.},
  year={2018}
}
In 2013, Misoczki, Tillich, Sendrier and Barreto proposed a variant of the McEliece cryptosystem based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes. This proposal uses an iterative bit-flipping algorithm in its decryption procedure. Such algorithms fail with a small probability. 
A Statistical Explanation of the Timing Attack on QC-MDPC Code Crypto-system
TLDR
A mathematical model is proposed to explain both attacks of the McEliece cryptosystem by connecting the spectrum of private key and first-layer performance of the decoder.
Binding BIKE errors to a key pair
TLDR
The current BIKE design does not bind the randomness of the ciphertexts to a specific public key, so this design is proposed to change, although currently, there is no attack that leverages this property.
On constant-time QC-MDPC decoding with negligible failure rate
TLDR
This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps, and builds a constant-time software implementation of the proposed instantiation, which is quite close to the IND-CPA variant.
A Statistical Explanation of the Timing Attack on QC-MDPC Code Crypto-system
  • Han Li
  • Computer Science
    ArXiv
  • 2019
TLDR
A mathematical model is proposed to explain both attacks by connecting the spectrum of private key and first-layer performance of the decoder.
Tree authenticated ephemeral keys
  • Pavol Zajac
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2019
TLDR
This work proposes to combine ephemeral public keys with a simple Merkle-tree to obtain a server authenticated key encapsulation/transport suitable for TLS-like handshake protocols.
Code-Based Cryptography
TLDR
These parameters show that HermitianRLCE has much smaller public keys than GRS-RLCE, and based on the security analysis, this paper provides hermitian code based RLCE parameters at the 128, 192, and 256 bits security level.
A Key Recovery Reaction Attack on QC-MDPC
TLDR
A very efficient key recovery attack on the QC-MDPC scheme using the fact that decryption uses an iterative decoding step, and this can fail with some small probability, to identify a dependence between the secret key and the failure in decoding.
Optimized implementation of QC‐MDPC code‐based cryptography
TLDR
This paper presents a new enhanced version of the QcBits key encapsulation mechanism, which is a constant‐time implementation of the Niederreiter cryptosystem using QC‐MDPC codes, that is 1.9 times faster when decrypting messages.
A Timing Attack on the HQC Encryption Scheme
TLDR
This work presents the first timing attack against the HQC public-key encryption scheme, requiring the attacker to record the decryption time of around 400 million ciphertexts for a set of HQC parameters corresponding to 128 bits of security.
Assessing and countering reaction attacks against post-quantum public-key cryptosystems based on QC-LDPC codes
TLDR
It follows from the results that QC-LDPC code-based systems can indeed withstand reaction attacks, on condition that some specific decoding algorithms are used and the secret code has a sufficiently high rate.
...
...

References

SHOWING 1-10 OF 45 REFERENCES
Towards Side-Channel Resistant Implementations of QC-MDPC McEliece Encryption on Constrained Devices
TLDR
The use of quasi-cyclic MDPC (QC-MDPC) codes for the McEliece cryptosystem is proposed and it was shown that these codes can provide both compact key representations and solid performance on high-end computing platforms.
Using low density parity check codes in the McEliece cryptosystem
TLDR
The implications of using a low density parity check code (LDPCC) in place of the usual Goppa code in McEliece's cryptosystem allows for larger block lengths and the possibility of a combined error correction/encryption protocol.
Differential Power Analysis of a McEliece Cryptosystem
TLDR
The presented cryptanalysis succeeds to recover the complete secret key after a few observed decryptions and consists of a combination of a differential leakage analysis during the syndrome computation followed by an algebraic step that exploits the relation between the public and private key.
Worst case QC-MDPC decoder for McEliece cryptosystem
TLDR
It is shown that the tuning of the algorithm is not the same to reduce the maximal number of iterations as for reducing the average cost, which provides some indications on how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel attack.
A Timing Attack against the Secret Permutation in the McEliece PKC
TLDR
This work devise how to exploit a vulnerability in the Patterson algorithm that allows the attacker to gather information about the secret permutation through a timing side channel to dramatically reduce the cost of a brute force attack against the secret key.
Side Channels in the McEliece PKC
TLDR
A Timing Attack is presented which was executed successfully against a software implementation of the McEliece PKC, and the critical system components for key generation and decryption are inspected to identify channels enabling power and cache attacks.
A CCA2 Secure Variant of the McEliece Cryptosystem
TLDR
This paper shows the first construction of a McEliece-based public-key cryptosystem secure against chosen ciphertext attacks in the standard model, inspired by a recently proposed technique by Rosen and Segev.
Ouroboros: A Simple, Secure and Efficient Key Exchange Protocol Based on Coding Theory
TLDR
The Ouroboros protocol is introduced, a new Key Exchange protocol based on coding theory that gathers the best properties of the recent MDPC-McEliece and HQC protocols for the Hamming metric: simplicity of decoding and security reduction, based on a double cyclic structure.
Implementing QC-MDPC McEliece Encryption
TLDR
It is concluded that McEliece encryption in combination with QC-MDPC codes not only enables high-performance implementations but also allows for lightweight designs on a wide range of different platforms.
QcBits: Constant-Time Small-Key Code-Based Cryptography
  • T. Chou
  • Computer Science, Mathematics
    CHES
  • 2016
TLDR
This paper introduces a constant-time implementation for a quasi-cyclic moderate-density-parity-check (QC-MDPC) code based encryption scheme that takes 14 679 937 Cortex-M4 and 1 560 072 Haswell cycles to decrypt a short message.
...
...