Faulting original McEliece's implementations is possible: How to mitigate this risk?

TL;DR

The paper addresses the risk of fault injection in white-box implementations of the original McEliece cryptosystem in uncontrolled environments, particularly on ARM. It introduces a fault-injection attack that exploits a single-instruction flip (EOR to RSB) during decryption to reveal the permutation structure and substantially reduce the key-space entropy, effectively enabling private-key recovery under certain conditions. To counter this, the authors propose a variant based on matrix decomposition and shared scrambling to impede precomputation-based white-box attacks, though it requires further validation for security and practicality. The work highlights practical implications for post-quantum, code-based cryptography in open devices and outlines directions for robust WBC-resistant designs and evaluation methods.

Abstract

Private and public actors increasingly encounter use cases where they need to implement sensitive operations on mass-market peripherals for which they have little or no control. They are sometimes inclined to attempt this without using hardware-assisted equipment, such as secure elements. In this case, the white-box attack model is particularly relevant and includes access to every asset, retro-engineering, and binary instrumentation by attackers. At the same time, quantum attacks are becoming more and more of a threat and challenge traditional asymmetrical ciphers, which are treasured by private and public actors. The McEliece cryptosystem is a code-based public key algorithm introduced in 1978 that is not subject to well-known quantum attacks and that could be implemented in an uncontrolled environment. During the NIST post-quantum cryptography standardization process, a derived candidate commonly refer to as classic McEliece was selected. This algorithm is however vulnerable to some fault injection attacks while a priori, this does not apply to the original McEliece. In this article, we thus focus on the original McEliece cryptosystem and we study its resilience against fault injection attacks on an ARM reference implementation. We disclose the first fault injection based attack and we discuss on how to modify the original McEliece cryptosystem to make it resilient to fault injection attacks.

Figures (8)

• Figure 1: Representation of the operational principles in the McEliece cryptosystem. Above is the encryption, below is the decryption.
• Figure 2: Illustration of multiplication between a vector and a permutation matrix, here with $n=12$.
• Figure 3: Representation of a 32-bits instruction designed for ARM processors armv8manual.
• Figure 4: Illustration of faulty multiplications between a vector and a permutation matrix, with EOR replaced by RSB. Figure \ref{['fig:rsb_permu_err']} triggers an error or corruption, whereas Figure \ref{['fig:rsb_permu_ok']} does not.
• Figure 5: Comparison of the permutation matrix's entropy before and after the attack, with multiple $p$ values, for $n = 1024$. The $\emptyset$ value occurred prior to the attack.