Thomas Eisenbarth - Workshop on Secure Implementation of Post-Quantum Cryptography in Israel

Side Channel Analysis and Protection for McEliece Implementations


Cryptographic implementations usually process secret states that must be inaccessible to the attacker. Side channels such as power, EM or sound analysis are a common violation of this assumption, enabling an attacker with physical access to overcome the security of the implementations.

The McEliece Cryptosystem has several properties such as large keys and an unusual mixing of key and state that make its side channel analysis more challenging than other contemporary cryptosystems.

In this talk we present how side channel analysis can be applied to a state-of-the-art hardware implementation of the efficient quasi-cyclic moderate-density parity-check McEliece implementation presented at Design, Automation and Test in Europe (DATE) 2014. The cryptanalysis consists of a combination of side-channel analysis during the syndrome computation followed by an algebraic step that exploits the relation between the public key and the private key. The complete secret key is recovered after a few observed decryptions.

We further show how the implementation can be efficiently protected against these kinds of side channel analysis by applying a masking countermeasure to the implementation. The side channel resistance of the resulting design is verified by practical DPA attacks and statistical tests for leakage detection.

The presentation is based on joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt.