A Closer Look at the Guo–Johansson–Stankovski Attack Against QC-MDPC Codes
In Asiacrypt 2016, Guo, Johansson, and Stankovski presented a reaction attack against QC-MDPC McEliece. In their attack, by observing the difference in failure rates for various sets \(\varPhi _d\) of error vectors, the attacker obtains the distances between 1’s in the secret key and can thus recover the whole secret key. While the attack appears to be powerful, the paper only shows experiment results against the bit-flipping algorithm that uses precomputed thresholds, and the explanation of why the attack works does not seem to be convincing.
In this paper, we give some empirical evidence to show that the Guo–Johansson–Stankovski attack, to some extent, works independently of the way that the thresholds in the bit-flipping algorithm are chosen. Also, by viewing the bit-flipping algorithm as a variant of “statistical decoding”, we point out why the explanation of the Guo–Johansson–Stankovski paper is not reasonable, identify some factors that can affect the failure rates, and show how the factors change for different \(\varPhi _d\).
- 6.McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory, pp. 114–116. JPL DSN Progress Report (1978). http://ipnpr.jpl.nasa.gov/progress_report2/42-44/44N.PDF
- 7.Misoczki, R., Tillich, J.-P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: IEEE International Symposium on Information Theory, pp. 2069–2073 (2013). http://eprint.iacr.org/2012/409.pdf
- 9.Heyse, S., von Maurich, I., Güneysu, T.: Smaller keys for code-based cryptography: QC-MDPC McEliece implementations on embedded devices. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 273–292. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40349-1_16. http://eprint.iacr.org/2015/425.pdfCrossRefzbMATHGoogle Scholar