 Hi, everyone, I'm Grace Colombier. It's a pleasure to be here today at EuroCrip 21 and present our work and titled Message Recovery Laser for Immunization Attack on the Classic Mackeyless Cryptosystem. This is a joint work with Pierre-Louis Kirel, Vlad Dragoi, Alexandre Monu, and Léviens-Bossier. So as it's well known, most public crypto systems base their security on the hardness of number of theoretic problems, such as the discrete logarithm problem or the prime factorization problem. But actually, in 1997, Peter Shaw showed that quantum algorithms can solve these problems in polynomial time. Therefore, they are threatening the security of those public key crypto systems. And actually, with the quantum computer being more and more realistic by the day, in 2016, NIST started a process for cryptography standards that are quantum-resistant. That is, an attacker does not gain any advantage by having a quantum computer available. So we are now at the third round of this process. And in the key encapsulation mechanism category, four finalists were announced on July 22, 2020. And one of them is Classic McElis, which is a crypto system based on error-correcting codes. So Classic McElis, as its name does not suggest, is based on the netherite or crypto system. So for key generation in this crypto system, we have three parameters, N, K, and T. So we first get the parity check matrix H of the N, K linear code that can correct up to T errors. Then we sample an invertible matrix S over F2 of size N minus K. And then we generate the public key H pub, which is S times H times P, which is a random permutation matrix. And so the public key is H pub and T, T, which is the error correction capacity of the code. And the secret key, SK, is S, H, and P, the permutation matrix. So now whenever we want to encrypt the message M with the public key to get S, which is the syndrome or the ciphertext, the first step is to encode M into a constant weight vector E. So the weight of the error vector E is T. And then we multiply H pub by E to obtain the syndrome S. And that's the step we will focus on today. The security of this crypto system is based on the syndrome decoding problem. The binary syndrome decoding problem can be defined as the following. We have a matrix H over F2 with N minus K rows and N columns. We have a vector S over F2 of size N minus K. And we have T, which is a natural positive number. And so the output of the syndrome decoding problem is a vector X of length N over F2, such that the weight of X is below T and such that H times X is equal to S. And recovering the vector X is known to be NP-hard since the work of their account in 1978. But actually, if we look a bit further into this syndrome decoding problem, we find that it's quite similar to another problem, which is the integer linear programming problem. In this problem, we have N and M, which are both positive numbers. B is a vector of natural numbers of size N. C is a vector of natural numbers of size M. And A is a matrix of size M and N. And so the ILP problem is defined as the following optimization problem. We want to minimize B transpose times X, such that A times X is equal to C. And this time, X is a vector of size N of natural numbers and it's positive. And actually, we can draw some connections between those two problems because we have a matrix multiplied by a vector on both sides. The matrix is H at the top and A at the bottom. And the vector is S for the syndrome decoding problem and C for the integer linear programming problem. And actually, the constraint for the hamming weight in the syndrome decoding problem, such that the weight of X should be below T, can be actually related to the minimization of B transpose times X, as we will see. So what we do now is we define N syndrome decoding problem as opposed to the binary syndrome decoding problem. So we have now a matrix H of N minus k rows and N columns over natural numbers. We have the entries of this matrix, which are, in fact, binary, either 0 or 1. And we have a vector S, which is not binary. It's a vector of size N minus k of natural numbers. And we still have T, which is a positive number. And we want to recover the vector X, which is binary, such that the weight of X is below T, and such that H times S, X is equal to S. And so we have now the following theorem. Let us suppose that there exists a unique vector, X star over 0, 1 to the N, with the weight of X star is equal to T, which is solution to the NFDP. Then X star is the optimum solution of an ILP problem. What this shows is that the N syndrome decoding problem can actually be solved by a linear programming solver. And so can also be solved efficiently by a linear programming solver. Also, we simply follow the following procedure, which has for inputs the matrix H, the vector S and T. And so what we want to do is recover X, which is solution to the NFDP. So we set B to be the vector of all ones. That's for the hamming weight constraints. And then we want to solve the ILP problem using the linear programming solver. Then once we have X star, we will round it to 0, 1 because of the convergence of the linear programming solver, the coordinates might not be perfectly 0 or 1. And then if H times X star is equal to S and the weight of X is below T, then we found the solution and we return X star. Otherwise, we say, we return an error saying that we could not find a solution. So H, the matrix and T, the hamming weight are parameters of the crypto system. So the next input that we would like is to get S, but this time we need S to be a vector of natural numbers of size N minus K, so that we can be in the NSDP framework. So we need a way to obtain this vector over natural numbers instead of over F2. And for this, we will rely on laser fault injection. So laser fault injection is a technique which was proposed in 2002 by Skorobogatov and Anderson. And the principle of this technique is to shine an infrared laser on the backside of an integrated circuit. So as you can see here on the left, the integrated circuit must be prepared for laser fault injection. We need to have access to the backside of the die. That's not so common. And so then we simply shine the infrared laser on the backside of the circuit. And because the laser is infrared that goes through the substrate and that it will reach the active areas of the transistors and inject faults inside the integrated circuits. So laser fault injection has been quite an area of study. There's been a lot of work on this area, but recently laser fault injection was performed in flash memory. And when we perform fault induction in flash memory, we get the following fault model. We are able to perform monobit faults. We can only perform bit set faults. So zero are turned to ones, but not the opposite. And another aspect of this fault model is that it's a transient fault that is only performed on data which is fetched from the flash memory, but the data which is actually stored remains unchanged. So if we fetch the data again without injecting fault, then it's correct. And what that allows us, this fault model is to corrupt the instructions whenever they are fetched from the flash memory. Before they are executed by the microcontroller. So as an example, we can turn the ARS instruction which is represented here. We can turn it into an add ADCS instruction which is add with carry by performing a bit set on the 8th bit here. So when we perform a bit set, we effectively turn the addition in F2 into an addition in N. And that's exactly what we want to do to get the syndrome in, and instead of having the syndrome in F2. So the function that we will target is the matrix vector multiplication that is used for syndrome computation. S is equal to H prep times E. So this function is the following. We first initialize the syndrome to zero and then we go over the rows and columns of the matrix and the vector and we perform the bitwise and between the matrix entry and the error vector entry. And we accumulate the results by successive XORs in the syndrome. And what we will do here is we will turn the XOR into a plus so that the operation is performed over natural numbers and not in F2. So after performing N minus K times N faults during one encryption, what we get is the faulty syndrome S star over natural numbers. So we will now be able to fit this faulty syndrome to the ILP solver and recover the error vector E. So now some experimental results. What we use for a solver is the standard sci-pi LP solver that is available and so not a fancy solver, nothing too optimized. And for the parameters of the crypto system, we use the one of the classic Michaelis submission to the NIST standardization process. So here we give the values of NK and D that correspond to equivalent bit level securities of 128, 196 and 256. The public matrix H has N minus K rows and N columns and it's the parity check matrix of a random linear code. So we insist here that we use a random linear code. We do not pick any special codes so that we don't exploit any structure inside the parity check matrix. And the vector E is of size N and of having weight T. And that's the one that we want to recover with the solver. The first interesting aspect of this attack is that we only need a fraction of the faulty syndrome entries to solve the problem. So the number of faulty syndrome entries that we need actually depend on the weight of the error vector T. The higher the weight, the more syndrome entries we need. But actually when N grows, so when we want to reach a higher level of security, then the required number of syndrome entries actually drops. So here, if T is of the order square root of N, then you see that for N equals 10 to the three, we need approximately 35 faulty syndrome entries. But as N grows, we need a smaller fraction of faulty syndrome entries. And so for the classic macular script system, we need just less than 40% faulty syndrome entries to recover the secret vector E. So that's interesting from a fault injection point of view because we don't need perfect faults and get the full faulty syndrome. We only need 40% of it to recover the vector E. What is also interesting about this attack is its computational complexity. It's quite fast, as you will see. So on a desktop computer, we don't write it on a server. It's a standard desktop computer with six cores running at 2.8 gigahertz and 32 gigabytes of RAM. So here the purple stars are for the classic macalice parameters. And what we see is that the classic macalice cryptosystem with 128-bit security can be attacked in less than one second. And with 256-bit security, it can be attacked in less than three seconds. So that makes the attack very efficient from a computational point of view. And another interesting observation here is that if we consider the full faulty syndrome, then we have an attack complexity, which is cubic with respect to N. So it's shown here. As you can see, the slope is cubic. But if we only consider the optimal number of syndrome entries to recover E, then the complexity is quadratic. So this isn't just an empirical observation, but it's just to show that the attack is in fact very efficient. So to conclude in this work, what we proposed is a message recovery attack. So given the public matrix HPUB and the syndrome S, what we want is to recover the private error vector E, such that S is equal to HPUB times E. So this message recovery attack is done in four steps. First of all, we perform laser fault injection during the encryption process so that we can modify the XOR operation into an addition. So instead of performing addition over F2, we perform it over natural numbers. That allows us to get a faulty syndrome, S star over natural numbers. And then we feed this faulty syndrome along the public matrix HPUB to the integer linear programming solver. And that gives us the private error vector E in polynomial time. What we would like to do to continue this work is to try to export this idea to key recovery attacks instead of message recovery attacks. We would like to also study deeper the attack complexity of the full and optimal cases. So that is try to find out why when considering the full syndrome, we have a cubic complexity. And when we consider only the optimal number of entries, we get a quadratic complexity. We would like then to try to extend our attack to other code-based cryptosystems for which we can get an implementation on the microcontroller. Then we also would like to inspect other fault injection techniques to corrupt the instructions because the laser fault injection attack is quite costly. It also requires quite a strong attacker model because the attacker needs to have access to the backside of the die. So it's quite restrictive. We would like to improve on this and try cheaper fault injection techniques to achieve the same goal. And finally, we would like also to look into other types of corruption of instructions such as turning XOR operations into shifts or other instructions and trying to define new challenging theoretical problems from this. I'd like now to thank you for watching this video. And if you have any question, please feel free to ask them to the two, my two co-authors who are present at XeroCrypt 21 in Zagreb, Pierre Louis and Vlad. Thank you for your attention.