Cryptology ePrint Archive: Report 2017/374

Loop-abort faults on supersingular isogeny cryptosystems

Alexandre Gélin and Benjamin Wesolowski

Abstract: Cryptographic schemes based on supersingular isogenies have become an active area of research in the field of post-quantum cryptography. We investigate the resistance of these cryptosystems to fault injection attacks. It appears that the iterative structure of the secret isogeny computation renders these schemes vulnerable to loop-abort attacks. Loop-abort faults allow to perform a full key recovery, bypassing all the previously introduced validation methods. Therefore implementing additional countermeasures seems unavoidable for applications where physical attacks are relevant.

Category / Keywords: public-key cryptography / Supersingular isogeny cryptosystem, fault injection, real-world attacks, post-quantum cryptography

Original Publication (in the same form): PQCrypto 2017

Date: received 27 Apr 2017, last revised 10 May 2017

Contact author: alexandre gelin at lip6 fr, benjamin wesolowski@epfl ch

Available format(s): PDF | BibTeX Citation

Version: 20170510:124656 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]