# QC-MDPC: A Timing Attack and a CCA2 KEM

@inproceedings{Eaton2018QCMDPCAT, title={QC-MDPC: A Timing Attack and a CCA2 KEM}, author={Edward Eaton and Matthieu Lequesne and Alex Parent and Nicolas Sendrier}, booktitle={IACR Cryptol. ePrint Arch.}, year={2018} }

In 2013, Misoczki, Tillich, Sendrier and Barreto proposed a variant of the McEliece cryptosystem based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes. This proposal uses an iterative bit-flipping algorithm in its decryption procedure. Such algorithms fail with a small probability.

## 39 Citations

A Statistical Explanation of the Timing Attack on QC-MDPC Code Crypto-system

- Computer Science
- 2019

A mathematical model is proposed to explain both attacks of the McEliece cryptosystem by connecting the spectrum of private key and first-layer performance of the decoder.

Binding BIKE errors to a key pair

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

The current BIKE design does not bind the randomness of the ciphertexts to a specific public key, so this design is proposed to change, although currently, there is no attack that leverages this property.

On constant-time QC-MDPC decoding with negligible failure rate

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

This paper proposes a decoder that has a negligible DFR and also runs in a fixed (and small) number of steps, and builds a constant-time software implementation of the proposed instantiation, which is quite close to the IND-CPA variant.

A Statistical Explanation of the Timing Attack on QC-MDPC Code Crypto-system

- Computer ScienceArXiv
- 2019

A mathematical model is proposed to explain both attacks by connecting the spectrum of private key and first-layer performance of the decoder.

Tree authenticated ephemeral keys

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

This work proposes to combine ephemeral public keys with a simple Merkle-tree to obtain a server authenticated key encapsulation/transport suitable for TLS-like handshake protocols.

Code-Based Cryptography

- Computer Science, MathematicsLecture Notes in Computer Science
- 2019

These parameters show that HermitianRLCE has much smaller public keys than GRS-RLCE, and based on the security analysis, this paper provides hermitian code based RLCE parameters at the 128, 192, and 256 bits security level.

A Key Recovery Reaction Attack on QC-MDPC

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2019

A very efficient key recovery attack on the QC-MDPC scheme using the fact that decryption uses an iterative decoding step, and this can fail with some small probability, to identify a dependence between the secret key and the failure in decoding.

Optimized implementation of QC‐MDPC code‐based cryptography

- Computer ScienceConcurr. Comput. Pract. Exp.
- 2019

This paper presents a new enhanced version of the QcBits key encapsulation mechanism, which is a constant‐time implementation of the Niederreiter cryptosystem using QC‐MDPC codes, that is 1.9 times faster when decrypting messages.

A Timing Attack on the HQC Encryption Scheme

- Computer Science, MathematicsSAC
- 2019

This work presents the first timing attack against the HQC public-key encryption scheme, requiring the attacker to record the decryption time of around 400 million ciphertexts for a set of HQC parameters corresponding to 128 bits of security.

Assessing and countering reaction attacks against post-quantum public-key cryptosystems based on QC-LDPC codes

- Computer ScienceCANS
- 2018

It follows from the results that QC-LDPC code-based systems can indeed withstand reaction attacks, on condition that some specific decoding algorithms are used and the secret code has a sufficiently high rate.

## References

SHOWING 1-10 OF 45 REFERENCES

Towards Side-Channel Resistant Implementations of QC-MDPC McEliece Encryption on Constrained Devices

- Computer SciencePQCrypto
- 2014

The use of quasi-cyclic MDPC (QC-MDPC) codes for the McEliece cryptosystem is proposed and it was shown that these codes can provide both compact key representations and solid performance on high-end computing platforms.

Using low density parity check codes in the McEliece cryptosystem

- Computer Science2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060)
- 2000

The implications of using a low density parity check code (LDPCC) in place of the usual Goppa code in McEliece's cryptosystem allows for larger block lengths and the possibility of a combined error correction/encryption protocol.

Differential Power Analysis of a McEliece Cryptosystem

- Computer Science, MathematicsACNS
- 2015

The presented cryptanalysis succeeds to recover the complete secret key after a few observed decryptions and consists of a combination of a differential leakage analysis during the syndrome computation followed by an algebraic step that exploits the relation between the public and private key.

Worst case QC-MDPC decoder for McEliece cryptosystem

- Computer Science2016 IEEE International Symposium on Information Theory (ISIT)
- 2016

It is shown that the tuning of the algorithm is not the same to reduce the maximal number of iterations as for reducing the average cost, which provides some indications on how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel attack.

A Timing Attack against the Secret Permutation in the McEliece PKC

- Computer Science, MathematicsPQCrypto
- 2010

This work devise how to exploit a vulnerability in the Patterson algorithm that allows the attacker to gather information about the secret permutation through a timing side channel to dramatically reduce the cost of a brute force attack against the secret key.

Side Channels in the McEliece PKC

- Computer Science, MathematicsPQCrypto
- 2008

A Timing Attack is presented which was executed successfully against a software implementation of the McEliece PKC, and the critical system components for key generation and decryption are inspected to identify channels enabling power and cache attacks.

A CCA2 Secure Variant of the McEliece Cryptosystem

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2012

This paper shows the first construction of a McEliece-based public-key cryptosystem secure against chosen ciphertext attacks in the standard model, inspired by a recently proposed technique by Rosen and Segev.

Ouroboros: A Simple, Secure and Efficient Key Exchange Protocol Based on Coding Theory

- Computer SciencePQCrypto
- 2017

The Ouroboros protocol is introduced, a new Key Exchange protocol based on coding theory that gathers the best properties of the recent MDPC-McEliece and HQC protocols for the Hamming metric: simplicity of decoding and security reduction, based on a double cyclic structure.

Implementing QC-MDPC McEliece Encryption

- Computer ScienceACM Trans. Embed. Comput. Syst.
- 2015

It is concluded that McEliece encryption in combination with QC-MDPC codes not only enables high-performance implementations but also allows for lightweight designs on a wide range of different platforms.

QcBits: Constant-Time Small-Key Code-Based Cryptography

- Computer Science, MathematicsCHES
- 2016

This paper introduces a constant-time implementation for a quasi-cyclic moderate-density-parity-check (QC-MDPC) code based encryption scheme that takes 14 679 937 Cortex-M4 and 1 560 072 Haswell cycles to decrypt a short message.