Cryptology ePrint Archive: Report 2017/374

Loop-abort faults on supersingular isogeny cryptosystems

Alexandre Gélin and Benjamin Wesolowski

Abstract: Cryptographic schemes based on supersingular isogenies have become an active area of research in the field of post-quantum cryptography. We investigate the resistance of these cryptosystems to fault injection attacks. It appears that the iterative structure of the secret isogeny computation renders these schemes vulnerable to loop-abort attacks. Loop-abort faults allow to perform a full key recovery, bypassing all the previously introduced validation methods. Therefore implementing additional countermeasures seems unavoidable for applications where physical attacks are relevant.

Category / Keywords: public-key cryptography / Supersingular isogeny cryptosystem, fault injection, real-world attacks, post-quantum cryptography

Original Publication (in the same form): PQCrypto 2017

Date: received 27 Apr 2017, last revised 11 Jun 2018

Contact author: alexandre gelin at uvsq fr; benjamin wesolowski at epfl ch

Available format(s): PDF | BibTeX Citation

Version: 20180611:191957 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]