Cryptology ePrint Archive: Report 2019/837

Stronger and Faster Side-Channel Protections for CSIDH

Daniel Cervantes-Vázquez and Mathilde Chenu and Jesús-Javier Chi-Domínguez and Luca De Feo and Francisco Rodríguez-Henríquez and Benjamin Smith

Abstract: CSIDH is a recent quantum-resistant primitive based on the difficulty of finding isogeny paths between supersingular curves. Recently, two constant-time versions of CSIDH have been proposed: first by Meyer, Campos and Reith, and then by Onuki, Aikawa, Yamazaki and Takagi. While both offer protection against timing attacks and simple power consumption analysis, they are vulnerable to more powerful attacks such as fault injections. In this work, we identify and repair two oversights in these algorithms that compromised their constant-time character. By exploiting Edwards arithmetic and optimal addition chains, we produce the fastest constant-time version of CSIDH to date. We then consider the stronger attack scenario of fault injection, which is relevant for the security of CSIDH static keys in embedded hardware. We propose and evaluate a dummy-free CSIDH algorithm. While these CSIDH variants are slower, their performance is still within a small constant factor of less-protected variants. Finally, we discuss derandomized CSIDH algorithms.

Category / Keywords: public-key cryptography / CSIDH, Isogeny-based post-quantum cryptography, key exchange

Original Publication (in the same form): LATINCRYPT 2019

Date: received 18 Jul 2019, last revised 20 Aug 2019

Contact author: dcervantes at computacion cs cinvestav mx,mathilde de-la-morinerie@inria fr,jjchi@computacion cs cinvestav mx,luca de-feo@uvsq fr,francisco@cs cinvestav mx,smith@lix polytechnique fr

Available format(s): PDF | BibTeX Citation

Version: 20190821:011311 (All versions of this report)

Short URL: ia.cr/2019/837


[ Cryptology ePrint archive ]