H. Gregor Molter

Side Channels in the McEliece PKC

The McEliece public key cryptosystem (PKC) is regarded as secure in the presence of quantum computers because no efficient quantum algorithm is known for the underlying problems, which this cryptosystem is built upon. As we show in this paper, a straightforward implementation of this system may feature several side channels. Specifically, we present a Timing Attack which was executed successfully against a software implementation of the McEliece PKC. Furthermore, the critical system components for key generation and decryption are inspected to identify channels enabling power and cache attacks. Implementation aspects are proposed as countermeasures to face these attacks.

A timing attack against patterson algorithm in the McEliece PKC

The security of McEliece public-key cryptosystem is based on the difficulty of the decoding problem which is NP-hard. In this paper we propose a timing attack on the Patterson Algorithm, which is used for efficient decoding in Goppa codes. The attack is based on the relation between the error vector weight and the iteration number of the extended Euclidean algorithm used in Patterson Algorithm. This attack enables the extraction of the secret error vector with minimal overhead. A countermeasure is proposed and verified for a FPGA implementation.

A Novel Cryptoprocessor Architecture for the McEliece Public-Key Cryptosystem

The McEliece public-key cryptosystem relies on the NP-hard decoding problem, and therefore, is regarded as a solution for postquantum cryptography. Though early known, this cryptosystem was not employed so far because of efficiency questions regarding performance and communication overhead. This paper presents a novel processor architecture as a high-performance platform to execute key generation, encryption, and decryption according to this cryptosystem. A prototype of this processor is realized on a reconfigurable device and tested via a dedicated software interface. A comparison with a similar software solution highlights the performance advantage of the proposed hardware solution.

A simple power analysis attack on a McEliece cryptoprocessor

The security of McEliece public-key cryptosystem is based on the difficulty of the decoding problem which is NP-hard. In this article, we propose a simple power analysis attack on this cryptosystem. The attack exploits an information leakage, which results from the relation between the error vector weight and the iteration number of the extended Euclidean algorithm used in Patterson Algorithm. Executing the proposed attacks enables the extraction of the secret error vector, and thus the plain text with minimal overhead. A countermeasure is presented which removes the information leakage and prevents the simple power analysis attack. The attack procedure and the countermeasure are applied to a cryptoprocessor implementation of the McEliece cryptosystem running on a FPGA platform.

SC-DEVS: an efficient SystemC extension for the DEVS model of computation

This paper describes a systematic approach to integrate the Discrete Event Specified System (DEVS) methodology into SystemC. It thus combines Model of Computation (MoC) specific properties and the features of an advanced SystemC environment. The execution of abstract system level DEVS models is comparable to pure SystemC models and is significantly faster compared to other DEVS environments. Thus, system level models based on abstract MoCs may easily be executed in a SystemC environment. The proposed integration is realized as a non-introspective extension to the SystemC 2.2 kernel. The DEVS models are implemented on an additional software layer above the SystemC simulation kernel. Our approach may be used simultaneously with other layered extensions, e.g., SystemC-AMS or TLM.

The DEVS model of computation A foundation for a novel embedded systems design methodology

In the recent past, abstraction in system-level design has been significantly increased to manage the increasing complexity of modern embedded systems. To establish such higher abstraction levels, Models of Computation were introduced to the design flow.

An Efficient FPGA Implementation for an DECT Brute-Force Attacking Scenario

We present a novel attacking scenario to break into secured DECT-GAP communication. To demonstrate the feasibility of our attack, we propose a brute-force architecture to efficiently recalculate all communication-related shared secrets between the DECT base station and handset. The efficiency of our architecture is demonstrated by a highly pipelined, multi-brute-force-component FPGA implementation. It exploits common weak random number generators implemented at the DECT base stations and a weak authentication scheme between the DECT base stations and their handsets.

A System Level Design Flow for Embedded Systems based on Model of Computation Mappings

This paper describes an embedded systems design flow containing Models of Computation (MoC). We thoroughly survey the different abstraction layers and detail a modeling hierarchy for a MoC-based design flow. Thus, we outline different MoC-classes where the MoCs can be transformed horizontally into each other and successively transformed vertically down to SystemC. Therefore, our proposed design flow can benefit both from MoC specific properties and the features of an advances SystemC environment. The feasibility of our approach is demonstrated by the transformation of the Discrete Event Specified Systems model (DEVS) into SystemC for a complex real life design.

State space optimization within the DEVS model of computation for timing efficiency

This paper presents a state optimization approach within the Discrete Event System Specification Model of Computation. The goal of state optimization is to significantly soften the timing requirements of the model when transformed to a hardware implementation. The algorithm presented relocates the behaviour of zero-timeout states into adjacent states. Thus, the resulting model has much better timing properties, which considerably increase the amount of suitable target hardware architectures. The feasibility of the approach is demonstrated by means of a complex Digital Visual Interface controller application example.

A novel cryptoprocessor architecture for chained Merkle signature scheme

One-time signature schemes rely on hash functions and are, therefore, assumed to be resistant to attacks by quantum computers. These approaches inherently raise a key management problem, as the key pair can be used only for one message. That means, for one-time signature schemes to work, the sender must deliver the verification key together with the message and the signature. Upon reception, the receiver has to verify the authenticity of the verification key before verifying the signature itself. Hash-tree based solutions tackle this problem by basing the authenticity of a large number of verification keys on the authenticity of a root key. This approach, however, causes computation, communication, and storage overhead. Due to hardware acceleration, this paper proposes, for the first time, a processor architecture which boosts the performance of a one-time signature scheme without degrading memory usage and communication properties. This architecture realizes the chained Merkle signature scheme on the basis of Winternitz one-time signature scheme. All operations, i.e., key generation, signing, and verification are implemented on an FPGA platform, which acts as a coprocessor. Timing measurements on the prototype show a performance boost of at least one order of magnitude compared to an identical software solution.