Simple Power Analysis on Post-Quantum Code Based Cryptosystems

TL;DR

This paper demonstrates that simple power analysis can effectively extract secret keys from post-quantum code-based cryptosystems like McEliece and BIKE using minimal power traces and machine learning.

Contribution

It shows that low-cost SPA techniques combined with machine learning can compromise the security of post-quantum code-based cryptosystems during key decapsulation.

Findings

Correlation exists between electromagnetic emissions and secret keys.

200 power traces suffice for machine learning models to predict secret bits.

SPA can be a practical attack vector against post-quantum cryptosystems.

Abstract

Post-Quantum cryptography is about to substitute current cryptographic schemes as being resilient in attacks from quantum computers. McEleiece and Bit Flip Key Encapsulation (BIKE) are two delight representatives based on coding theory where classical structural attacks against these algorithms can be successfully phased out by selecting the appropriate key size. Using low cost equipment, the method of Simple Power Analysis (SPA) is used in this paper to evaluate whether or not there is significant information leakage during the decapsulation phase where the shared secret key is generated. Executing a related experiment it is shown that correlation between electromagnetic emissions and secret values exists. In the aftermath, with only 200 power traces collected, machine learning models can predict secret bits of the shared session key, produced during the decapsulation.