Power analysis on FPGA implementation of Classic McEliece

Johansson, Andreas

Power analysis on FPGA implementation of Classic McEliece

Mark

Johansson, Andreas ^LU (2021) EITM01 20211
Department of Electrical and Information Technology

Abstract: In this work, the hardware implementation of Classic McEliece has been assessed for side-channel leakage through a power analysis. The official, unprotected, decryption procedure of Classic McEliece was implemented on a Xilinx Atix7 \acl{fpga} and incorporated into the \acl{cw} framework. Traces captured during decryption was assessed for information leakage and it was concluded that the implementation leaks information at multiple points. A procedure for a partial message-recovery on Classic McEliece was suggested where a neural network was employed to predict the distribution of bit values in the plaintext. The suggested attack procedure managed to predict if the Hamming weight of the first half plaintext bits was greater than 32 or not... (More); In this work, the hardware implementation of Classic McEliece has been assessed for side-channel leakage through a power analysis. The official, unprotected, decryption procedure of Classic McEliece was implemented on a Xilinx Atix7 \acl{fpga} and incorporated into the \acl{cw} framework. Traces captured during decryption was assessed for information leakage and it was concluded that the implementation leaks information at multiple points. A procedure for a partial message-recovery on Classic McEliece was suggested where a neural network was employed to predict the distribution of bit values in the plaintext. The suggested attack procedure managed to predict if the Hamming weight of the first half plaintext bits was greater than 32 or not with an accuracy of 78~\%. During the attack, only a single trace was used for predicting the Hamming weight. The suggested attack procedure targets the last step of decryption where plaintext bits are recovered. More specifically, the suggested attack procedure exploits leakage from the incremental storage of plaintext bits in a shift register. (Less)

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/9067081

author

Johansson, Andreas ^LU

supervisor

Qian Guo ^LU

organization

Department of Electrical and Information Technology

course

EITM01 20211

year

2021

type

H2 - Master's Degree (Two Years)

subject

Technology and Engineering

report number

LU/LTH-EIT 2021-849

language

English

id

9067081

date added to LUP

2021-10-25 15:50:10

date last changed

2021-10-25 15:50:10

@misc{9067081,
  abstract     = {{In this work, the hardware implementation of Classic McEliece has been assessed for side-channel leakage through a power analysis. The official, unprotected, decryption procedure of Classic McEliece was implemented on a Xilinx Atix7 \acl{fpga} and incorporated into the \acl{cw} framework. Traces captured during decryption was assessed for information leakage and it was concluded that the implementation leaks information at multiple points. A procedure for a partial message-recovery on Classic McEliece was suggested where a neural network was employed to predict the distribution of bit values in the plaintext. The suggested attack procedure managed to predict if the Hamming weight of the first half plaintext bits was greater than 32 or not with an accuracy of 78~\%. During the attack, only a single trace was used for predicting the Hamming weight. The suggested attack procedure targets the last step of decryption where plaintext bits are recovered. More specifically, the suggested attack procedure exploits leakage from the incremental storage of plaintext bits in a shift register.}},
  author       = {{Johansson, Andreas}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Power analysis on FPGA implementation of Classic McEliece}},
  year         = {{2021}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Power analysis on FPGA implementation of Classic McEliece