Abstract
In the last few years, post-quantum cryptography has received much attention. NIST is running a competition to select some post-quantum schemes as standard. As a consequence, implementations of post-quantum schemes have become important and with them side-channel attacks. In this paper, we show a timing attack on a code-based scheme which was submitted to the NIST competition. This timing attack recovers secret information because of a timing variance in finding roots in a polynomial. We present four algorithms to find roots that are protected against remote timing exploitation.
This study was financed in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - Brasil (CAPES) - Finance Code 001; through the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 643161; and by Sweden through the WASP expedition project Massive, Secure, and Low-Latency Connectivity for IoT Applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
available in https://git.dags-project.org/gustavo/roots_finding.
References
Banegas, G., et al.: DAGS: key encapsulation using dyadic GS codes. J. Math. Cryptol. 12(4), 221–239 (2018)
Bardet, M., et al.: BIG QUAKE BInary Goppa QUAsi-cyclic Key Encapsulation, Technical report, National Institute of Standards and Technology (NIST) (2017)
Berlekamp, E.: Algebraic Coding Theory. World Scientific (2015)
Berlekamp, E.R.: Factoring polynomials over large finite fields. Math. Comput. 24(111), 713–735 (1970)
Bernstein, D.J.: Cache-timing attacks on AES (2005). https://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Bernstein, D.J., Persichetti, E.: Towards KEM unification. Cryptology ePrint Archive, Report 2018/526 (2018). https://eprint.iacr.org/2018/526
Biswas, B., Sendrier, N.: HyMES - an open source implementation of the McEliece cryptosystem (2008). http://www-rocq.inria.fr/secret/CBCrypto/index.php?pg=hyme
Black, P.E.: Fisher-Yates shuffle. In: Dictionary Algorithms Data Structures. https://xlinux.nist.gov/dads/HTML/fisherYatesShuffle.html. Accessed 23 Aug 2019
Bruinderink, L.G., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload - a cache attack on the BLISS lattice-based signature scheme. In: Proceedings of the 18th International Conference Cryptographic Hardware and Embedded Systems - CHES 2016, Santa Barbara, CA, USA, 17–19 August 2016, pp. 323–345 (2016). https://doi.org/10.1007/978-3-662-53140-2_16
Bucerzan, D., Cayrel, P.L., Drağoi, V., Richmond, T.: Improved timing attacks against the secret permutation in the McEliece PKC. Int. J. Comput. Commun. Control 12(1), 7–25 (2017)
Chor, B., Rivest, R.L.: A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Trans. Inf. Theor. 34(5), 901–909 (1988)
Chou, T.: McBits revisited. In: Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded Systems - CHES 2017, Taipei, Taiwan, 25–28 September 2017, pp. 213–231 (2017). https://doi.org/10.1007/978-3-319-66787-4_11
Davenport, J.H., Petit, C., Pring, B.: A generalised successive resultants algorithm. In: Duquesne, S., Petkova-Nikova, S. (eds.) WAIFI 2016. LNCS, vol. 10064, pp. 105–124. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-55227-9_9
Fedorenko, S.V., Trifonov, P.V.: Finding roots of polynomials over finite fields. IEEE Trans. Commun. 50(11), 1709–1711 (2002)
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Netw. Prog. Rep. 44, 114–116 (1978)
Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from Goppa codes. In: 16th Annual International Workshop on Selected Areas in Cryptography, SAC 2009, Calgary, Alberta, Canada, August 13–14, 2009, Revised Selected Papers, pp. 376–392 (2009). https://doi.org/10.1007/978-3-642-05445-7_24
Patterson, N.: The algebraic decoding of Goppa codes. IEEE Trans. Inf. Theor. 21(2), 203–207 (1975)
Petit, C.: Finding roots in GF\((p^n)\) with the successive resultant algorithm. IACR Cryptology ePrint Archive 2014, 506 (2014)
Savage, C.: A survey of combinatorial Gray codes. SIAM Rev. 39(4), 605–629 (1997)
Shoufan, A., Strenzke, F., Molter, H.G., Stöttinger, M.: A timing attack against Patterson algorithm in the McEliece PKC. In: 12th International Conference on Information, Security and Cryptology - ICISC 2009, Seoul, Korea, 2–4 December 2009, Revised Selected Papers, pp. 161–175 (2009). https://doi.org/10.1007/978-3-642-14423-3_12
Strenzke, F.: Fast and secure root finding for code-based cryptosystems. In: Proceedings of the 11th International Conference on Cryptology and Network Security, CANS 2012, Darmstadt, Germany, 12–14 December 2012, pp. 232–246 (2012). https://doi.org/10.1007/978-3-642-35404-5_18
Strenzke, F.: Efficiency and implementation security of code-based cryptosystems. Ph.D. thesis, Technische Universität (2013)
The Sage Developers: SageMath, the Sage Mathematics Software System (Version 8.7) (2019). https://www.sagemath.org
Truong, T.K., Jeng, J.H., Reed, I.S.: Fast algorithm for computing the roots of error locator polynomials up to degree 11 in Reed-Solomon decoders. IEEE Trans. Commun. 49(5), 779–783 (2001)
Wang, W., Szefer, J., Niederhagen, R.: FPGA-based Niederreiter cryptosystem using binary Goppa codes. In: Proceedings of the 9th International Conference Post-Quantum Cryptography, PQCrypto 2018, Fort Lauderdale, FL, USA, 9–11 April 2018, pp. 77–98 (2018). https://doi.org/10.1007/978-3-319-79063-3_4
Acknowledgments
We want to thank the reviewers for the thoughtful comments on this work. We would also like to thank Tanja Lange for her valuable feedback. We want to extend the acknowledgments to Sonia Belaïd from Cryptoexperts for the discussions about timing attacks.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Implementation Code
A Implementation Code
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Martins, D., Banegas, G., Custódio, R. (2019). Don’t Forget Your Roots: Constant-Time Root Finding over \(\mathbb {F}_{2^m}\). In: Schwabe, P., Thériault, N. (eds) Progress in Cryptology – LATINCRYPT 2019. LATINCRYPT 2019. Lecture Notes in Computer Science(), vol 11774. Springer, Cham. https://doi.org/10.1007/978-3-030-30530-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-30530-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30529-1
Online ISBN: 978-3-030-30530-7
eBook Packages: Computer ScienceComputer Science (R0)