Worst case QC-MDPC decoder for McEliece cryptosystem
| Autor: | Julia Chaulet, Nicolas Sendrier |
|---|---|
| Přispěvatelé: | THALES COMMUNICATIONS & SECURITY, THALES, Security, Cryptology and Transmissions (SECRET), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), THALES [France] |
| Rok vydání: | 2016 |
| Předmět: |
FOS: Computer and information sciences
Computer Science - Cryptography and Security business.industry Computer science Information Theory (cs.IT) Computer Science - Information Theory 020206 networking & telecommunications 02 engineering and technology Coding theory Adversary Encryption 020202 computer hardware & architecture [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] McEliece cryptosystem 0202 electrical engineering electronic engineering information engineering Code (cryptography) Low-density parity-check code business Cryptography and Security (cs.CR) Algorithm Quantum Decoding methods Parity bit Computer Science::Cryptography and Security |
| Zdroj: | 2016 IEEE International Symposium on Information Theory (ISIT) IEEE International Symposium on Information Theory, ISIT 2016 IEEE International Symposium on Information Theory, ISIT 2016, Jul 2016, Barcelone, Spain. pp.5, ⟨10.1109/ISIT.2016.7541522⟩ ISIT |
| DOI: | 10.1109/ISIT.2016.7541522 |
| Popis: | McEliece encryption scheme which enjoys relatively small key sizes as well as a security reduction to hard problems of coding theory. Furthermore, it remains secure against a quantum adversary and is very well suited to low cost implementations on embedded devices. Decoding MDPC codes is achieved with the (iterative) bit flipping algorithm, as for LDPC codes. Variable time decoders might leak some information on the code structure (that is on the sparse parity check equations) and must be avoided. A constant time decoder is easy to emulate, but its running time depends on the worst case rather than on the average case. So far implementations were focused on minimizing the average cost. We show that the tuning of the algorithm is not the same to reduce the maximal number of iterations as for reducing the average cost. This provides some indications on how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel attack. 5 pages, conference ISIT 2016 |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|