A timing attack on Codecrypt


Codecrypt is a software developed by Miroslav ‘Mirek’ Kratochvil (@__exa__). From the documentation of codecrypt:

This is a GnuPG-like unix program for encryption and signing that uses only quantum-computer-resistant algorithms:

  • McEliece cryptosystem (compact QC-MDPC variant) for encryption
  • Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures

Scribbles on timing attack on codecrypt:

  1. Message recovery: The error weight (when below correction bound) determines the time it takes to decrypt a block. Flip bits in encrypted block and note when decryption time decreases. Takes n \cdot w, were n is dimension and w error weight. Adaptive known-ciphertext attack. The timing attack is briefly investigated here.
  2. Key recovery: Basically the same principle as above, but we choose ciphertexts adaptively and use the decoding to determine which bits are set in the private key. TODO: formulate a clear description.

Addition: There is a result on the key recovery here!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s