In EDS ansehen

How to lose some weight: a practical template syndrome decoding attack.

Gespeichert in:
Bibliographische Detailangaben
Titel: How to lose some weight: a practical template syndrome decoding attack.
Autoren: Bitzer, Sebastian, Delvaux, Jeroen, Kirshanova, Elena, Maaßen, Sebastian, May, Alexander, Wachter-Zeh, Antonia
Quelle: Designs, Codes & Cryptography; Jul2025, Vol. 93 Issue 7, p2503-2519, 17p
Schlagwörter: CRYPTOGRAPHY, HAMMING weight, ERROR-correcting codes, DIMENSIONAL reduction algorithms, DECODING algorithms
Abstract: We study the hardness of the Syndrome Decoding problem, the base of most code-based cryptographic schemes, such as Classic McEliece, in the presence of side-channel information. We use ChipWhisperer equipment to perform a template attack on Classic McEliece running on an ARM Cortex-M4, and accurately classify the Hamming weights of consecutive 32-bit blocks of the secret error vector e ∈ F 2 n . With these weights at hand, we optimize Information Set Decoding algorithms. Technically, we demonstrate how to speed up information set decoding via a dimension reduction, additional parity-check equations, and an improved information set search, all derived from the Hamming-weight information. Consequently, using our template attack, we can practically recover an error vector e ∈ F 2 n in dimension n = 2197 in a matter of seconds. Without side-channel information, such an instance has a complexity of around 88 bit. We also estimate how our template attack affects the security of the proposed McEliece parameter sets. Roughly speaking, even an error-prone leak of our Hamming weight information leads for n = 3488 to a security drop of 89 bits. [ABSTRACT FROM AUTHOR]
Copyright of Designs, Codes & Cryptography is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Datenbank: Complementary Index
Beschreibung
Abstract:We study the hardness of the Syndrome Decoding problem, the base of most code-based cryptographic schemes, such as Classic McEliece, in the presence of side-channel information. We use ChipWhisperer equipment to perform a template attack on Classic McEliece running on an ARM Cortex-M4, and accurately classify the Hamming weights of consecutive 32-bit blocks of the secret error vector e ∈ F 2 n . With these weights at hand, we optimize Information Set Decoding algorithms. Technically, we demonstrate how to speed up information set decoding via a dimension reduction, additional parity-check equations, and an improved information set search, all derived from the Hamming-weight information. Consequently, using our template attack, we can practically recover an error vector e ∈ F 2 n in dimension n = 2197 in a matter of seconds. Without side-channel information, such an instance has a complexity of around 88 bit. We also estimate how our template attack affects the security of the proposed McEliece parameter sets. Roughly speaking, even an error-prone leak of our Hamming weight information leads for n = 3488 to a security drop of 89 bits. [ABSTRACT FROM AUTHOR]
ISSN:09251022
DOI:10.1007/s10623-025-01603-1