Private and public actors increasingly encounter use cases where they need to implement sensitive operations on mass-market peripherals for which they have little or no control. They are sometimes inclined to attempt this without using hardware-assisted equipment, such as secure elements. In this case, the white-box attack model is particularly relevant and includes access to every asset, retro-engineering, and binary instrumentation by attackers. At the same time, quantum attacks are becoming more and more of a threat and challenge traditional asymmetrical ciphers, which are treasured by private and public actors. The McEliece cryptosystem is a code-based public key algorithm introduced in 1978 that is not subject to well-known quantum attacks and that could be implemented in an uncontrolled environment. During the NIST post-quantum cryptography standardization process, a derived candidate commonly refer to as classic McEliece was selected. This algorithm is however vulnerable to some fault injection attacks while a priori, this does not apply to the original McEliece. In this article, we thus focus on the original McEliece cryptosystem and we study its resilience against fault injection attacks on an ARM reference implementation. We disclose the first fault injection based attack and we discuss on how to modify the original McEliece cryptosystem to make it resilient to fault injection attacks.

翻译：公共与私营部门越来越多地遇到需要在不受控的通用外设上执行敏感操作的应用场景，但往往缺乏硬件辅助设备（如安全元件）的支持。在此情况下，白盒攻击模型尤为相关，攻击者可获取所有资产、进行逆向工程及二进制程序插桩。与此同时，量子攻击日益构成威胁，挑战着公私部门珍视的传统非对称密码体系。McEliece密码系统是一种基于编码的公钥算法，于1978年提出，既不受已知量子攻击影响，又可在不可控环境中实现。在NIST后量子密码标准化进程中，一个通常称为经典McEliece的衍生候选算法被选中。然而，该算法易受某些故障注入攻击，而原始McEliece原则上不受此影响。本文聚焦原始McEliece密码系统，研究其在ARM参考实现中抵御故障注入攻击的能力。我们首次披露了基于故障注入的攻击方法，并探讨如何修改原始McEliece密码系统以使其具备抗故障注入攻击的能力。