ROLLO-I

Optimized and secure implementation of ROLLO-I. This paper presents our contribution regarding two implementations of the ROLLO-I algorithm, a code-based candidate for the NIST PQC project. The first part focuses on the implementations, and the second part analyzes a side-channel attack and the associated countermeasures. The first implementation uses existing hardware with a crypto co-processor to speed-up operations in ({mathbb F}_{2^m}). The second one is a full software implementation (not using the crypto co-processor), running on the same hardware. Finally, the side-channel attack allows us to recover the secret key with only 79 ciphertexts for ROLLO-I-128. We propose countermeasures in order to protect future implementations.