A closer look at the guo–johansson–stankovski attack against QC-MDPC codes

Abstract

In Asiacrypt 2016, Guo, Johansson, and Stankovski presented a reaction attack against QC-MDPC McEliece. In their attack, by observing the difference in failure rates for various sets Φd of error vectors, the attacker obtains the distances between 1’s in the secret key and can thus recover the whole secret key. While the attack appears to be powerful, the paper only shows experiment results against the bit-flipping algorithm that uses precomputed thresholds, and the explanation of why the attack works does not seem to be convincing. In this paper, we give some empirical evidence to show that the Guo–Johansson–Stankovski attack, to some extent, works independently of the way that the thresholds in the bit-flipping algorithm are chosen. Also, by viewing the bit-flipping algorithm as a variant of “statistical decoding”, we point out why the explanation of the Guo–Johansson–Stankovski paper is not reasonable, identify some factors that can affect the failure rates, and show how the factors change for different Φd.