Faulting original McEliece's implementations is possible: How to mitigate this risk?

by   Vincent Giraud, et al.

Private and public actors increasingly encounter use cases where they need to implement sensitive operations on mass-market peripherals for which they have little or no control. They are sometimes inclined to attempt this without using hardware-assisted equipment, such as secure elements. In this case, the white-box attack model is particularly relevant and includes access to every asset, retro-engineering, and binary instrumentation by attackers. At the same time, quantum attacks are becoming more and more of a threat and challenge traditional asymmetrical ciphers, which are treasured by private and public actors. The McEliece cryptosystem is a code-based public key algorithm introduced in 1978 that is not subject to well-known quantum attacks and that could be implemented in an uncontrolled environment. During the NIST post-quantum cryptography standardization process, a derived candidate commonly refer to as classic McEliece was selected. This algorithm is however vulnerable to some fault injection attacks while a priori, this does not apply to the original McEliece. In this article, we thus focus on the original McEliece cryptosystem and we study its resilience against fault injection attacks on an ARM reference implementation. We disclose the first fault injection based attack and we discuss on how to modify the original McEliece cryptosystem to make it resilient to fault injection attacks.


Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M

Voltage Fault Injection (VFI), also known as power glitching, has proven...

Stronger and Faster Side-Channel Protections for CSIDH

CSIDH is a recent quantum-resistant primitive based on the difficulty of...

An End-to-End Analysis of EMFI on Bit-sliced Post-Quantum Implementations

Bit-slicing is a software implementation technique that treats an N-bit ...

Rewrite to Reinforce: Rewriting the Binary to Apply Countermeasures against Fault Injection

Fault injection attacks can cause errors in software for malicious purpo...

Injection testing backed refactoring

Injection-based testing while refactoring is a pattern that minimizes th...

EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware

EMFI has become a popular fault injection (FI) technique due to its abil...

Multivariate Public Key Cryptosystem from Sidon Spaces

A Sidon space is a subspace of an extension field over a base field in w...

Please sign up or login with your details

Forgot password? Click here to reset