Preventing Timing Attacks Against RQC Using Constant Time Decoding of Gabidulin Codes
This paper studies the resistance of the code-based encryption scheme RQC to timing attacks. We describe two chosen ciphertext timing attacks that rely on a correlation between the weight of the error to be decoded and the running time of Gabidulin code’s decoding algorithm. These attacks are of theoretical interest as they outperform the best known algorithm to solve the rank syndrome decoding problem in term of complexity. Nevertheless, they are quite impracticable in real situations as they require a huge number of requests to a timing oracle. We also provide a constant-time algorithm for the decoding of Gabidulin codes that prevent these attacks without any performance cost for honest users.
KeywordsRQC Gabidulin decoding Timing attack Rank metric
- 1.Aguilar-Melchor, C., et al.: Hamming Quasi-Cyclic (HQC) (2017)Google Scholar
- 2.Aguilar-Melchor, C., et al.: Rank Quasi-Cyclic (RQC) (2017)Google Scholar
- 4.Aragon, N., Gaborit, P., Hauteville, A., Tillich, J.P.: A new algorithm for solving the rank syndrome decoding problem. In: 2018 IEEE International Symposium on Information Theory (ISIT), pp. 2421–2425 (2018)Google Scholar