Skip to Main content Skip to Navigation
New interface
Conference papers

Worst case QC-MDPC decoder for McEliece cryptosystem

Abstract : QC-MDPC-McEliece is a recent variant of the McEliece encryption scheme which enjoys relatively small key sizes as well as a security reduction to hard problems of coding theory. Furthermore, it remains secure against a quantum adversary and is very well suited to low cost implementations on embedded devices. Decoding MDPC codes is achieved with the (iterative) bit flipping algorithm, as for LDPC codes. Variable time decoders might leak some information on the code structure (that is on the sparse parity check equations) and must be avoided. A constant time decoder is easy to emulate, but its running time depends on the worst case rather than on the average case. So far implementations were focused on minimizing the average cost. We show that the tuning of the algorithm is not the same to reduce the maximal number of iterations as for reducing the average cost. This provides some indications on how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel attack.
Document type :
Conference papers
Complete list of metadata

Cited literature [20 references]  Display  Hide  Download
Contributor : Nicolas Sendrier Connect in order to contact the contributor
Submitted on : Monday, December 5, 2016 - 10:57:48 AM
Last modification on : Wednesday, June 8, 2022 - 12:50:05 PM
Long-term archiving on: : Tuesday, March 21, 2017 - 11:23:22 AM


Files produced by the author(s)




Julia Chaulet, Nicolas Sendrier. Worst case QC-MDPC decoder for McEliece cryptosystem. IEEE International Symposium on Information Theory, ISIT 2016, Jul 2016, Barcelone, Spain. pp.5, ⟨10.1109/ISIT.2016.7541522⟩. ⟨hal-01408633⟩



Record views


Files downloads