Paper 2017/374

Loop-abort faults on supersingular isogeny cryptosystems

Alexandre Gélin and Benjamin Wesolowski

Abstract

Cryptographic schemes based on supersingular isogenies have become an active area of research in the field of post-quantum cryptography. We investigate the resistance of these cryptosystems to fault injection attacks. It appears that the iterative structure of the secret isogeny computation renders these schemes vulnerable to loop-abort attacks. Loop-abort faults allow to perform a full key recovery, bypassing all the previously introduced validation methods. Therefore implementing additional countermeasures seems unavoidable for applications where physical attacks are relevant.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. PQCrypto 2017
Keywords
Supersingular isogeny cryptosystemfault injectionreal-world attackspost-quantum cryptography
Contact author(s)
alexandre gelin @ uvsq fr
benjamin wesolowski @ epfl ch
History
2018-06-11: last of 2 revisions
2017-05-01: received
See all versions
Short URL
https://ia.cr/2017/374
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/374,
      author = {Alexandre Gélin and Benjamin Wesolowski},
      title = {Loop-abort faults on supersingular isogeny cryptosystems},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/374},
      year = {2017},
      url = {https://eprint.iacr.org/2017/374}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.