پیاده‌سازی روشی برای مقابله با حمله تحلیل ‌توان بر روی الگوریتم مک‌الیس

یکی از مهم‌ترین مسائل امنیتی پیش‌رو، ظهور رایانه‌های کوانتومی و شکسته‌شدن الگوریتم‌های رمزنگاری کنونی است؛ ازاین‌رو توجه به الگوریتم‌های رمزنگاری پسا‌کوانتوم و بررسی روش‌های پیاده‌سازی و حملات ارائه‌شده روی آن‌ها موضوع مهمی است. یکی از چالش‌های پیاده‌سازی موجود در این دسته از الگوریتم‌ها طول کلید زیاد است که برای پیاده‌سازی روی سامانه‌های تعبیه‌شده از اهمیت زیادی برخوردار است؛ ازطرفی مقابله با حملات کانال جانبی که ناشی از نشت اطلاعات از پیاده‎‌سازی سخت‌افزاری است، نیز یکی از چالش‌های موجود است. در این‌ مقاله، با تمرکز بر روی الگوریتم پساکوانتومی رمزنگاری مبتنی‌برکد qc-mdpc مک‌الیس و با استفاده از روشی نوین در پیاده‌سازی، طول کلید نگه‌داری‌شده در سخت‌افزار برای تامین امنیت هشتادبیتی از 1200 بایت به 180 بایت کاهش یافته‌است؛ همچنین با استفاده از روش پیاده‌سازی پوشانه‌گذاری آستانه، با حمله تحلیل تفاضلی توان مقابله و نشت‌های اطلاعاتی موجود در پیاده‌سازی‌های قبلی رفع شده‌است. [1] embedded system[2] quasi cyclic moderate density parity check[3] threshold implementation (ti) masking[4] differential power analysis (dpa)

implementation of a countermeasure method against dpa on mceliece post quantum cryptosystem

in recent years, embedded systems have continuously gained importance. this ubiquity is accompanied by an increased need for embedded security. cryptography can address these security requirements. many symmetric and asymmetric algorithms, such as aes, des, rsa, elgamal, and ecc, have been implemented on embedded devices.all frequently implemented public-key cryptosystems rely on the presumed hardness of either factoring the product of two large primes (fp) or computing discrete logarithms (dlp). these two problems are closely related. therefore, solving these problems would have significant ramifications for classical public-key cryptography and, consequently, for all embedded devices that utilize these algorithms.currently, both problems are believed to be computationally infeasible with a conventional computer. however, a quantum computer capable of performing computations on a few thousand qubits could solve both problems using shor’s algorithm[1]. although a quantum computer of this scale has not been reported, it could become a reality within the next one to three decades. consequently, the development and cryptanalysis of alternative post-quantum cryptosystems are crucial. post-quantum cryptosystems refer to cryptosystems that are not susceptible to the critical security loss or complete compromise caused by quantum computers.one of the major security challenges is the development of quantum computers and the potential compromise of current cryptosystems in the future. therefore, it is essential to consider post-quantum cryptosystem algorithms and the challenges of implementing and attacking them. post-quantum cryptosystems encompass various types, including hash-based cryptography, multivariate-quadratic-equations cryptography, lattice-based cryptography, and code-based cryptography. in this study, our focus is on the qc-mdpc mceliece code-based algorithm. post-quantum public keys must be designed to gain popularity in practice; they should be optimized for implementation and efficient in execution. mceliece encryption and decryption do not require computationally expensive processing, making it more suitable for implementation[2].one of the implementation challenges for these algorithms is the large key length, which poses an important issue for implementation on embedded systems. additionally, countering side-channel attacks caused by information leakage from hardware equipment is crucial. we have addressed this by reducing the key length from 1200 bytes to 180 bytes, providing 80-bit security, and introducing a new method for implementing the qc-mdpc mceliece cryptosystem. differential power analysis attacks (dpa) exploit the relationship between power consumption and intermediate data to recover the key. in this study, we have used a masking technique for multiplication in the finite field in the syndrome computation part of the decryption algorithm. we have implemented the threshold implementation (ti) masking countermeasure for dpa to eliminate information leaks from the previous implementation.