Paper 2019/837

Stronger and Faster Side-Channel Protections for CSIDH

Daniel Cervantes-Vázquez, Mathilde Chenu, Jesús-Javier Chi-Domínguez, Luca De Feo, Francisco Rodríguez-Henríquez, and Benjamin Smith


CSIDH is a recent quantum-resistant primitive based on the difficulty of finding isogeny paths between supersingular curves. Recently, two constant-time versions of CSIDH have been proposed: first by Meyer, Campos and Reith, and then by Onuki, Aikawa, Yamazaki and Takagi. While both offer protection against timing attacks and simple power consumption analysis, they are vulnerable to more powerful attacks such as fault injections. In this work, we identify and repair two oversights in these algorithms that compromised their constant-time character. By exploiting Edwards arithmetic and optimal addition chains, we produce the fastest constant-time version of CSIDH to date. We then consider the stronger attack scenario of fault injection, which is relevant for the security of CSIDH static keys in embedded hardware. We propose and evaluate a dummy-free CSIDH algorithm. While these CSIDH variants are slower, their performance is still within a small constant factor of less-protected variants. Finally, we discuss derandomized CSIDH algorithms.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. LATINCRYPT 2019
CSIDHIsogeny-based post-quantum cryptographykey exchange
Contact author(s)
dcervantes @ computacion cs cinvestav mx
mathilde de-la-morinerie @ inria fr
jjchi @ computacion cs cinvestav mx
luca de-feo @ uvsq fr
francisco @ cs cinvestav mx
smith @ lix polytechnique fr
2019-08-21: revised
2019-07-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Cervantes-Vázquez and Mathilde Chenu and Jesús-Javier Chi-Domínguez and Luca De Feo and Francisco Rodríguez-Henríquez and Benjamin Smith},
      title = {Stronger and Faster Side-Channel Protections for CSIDH},
      howpublished = {Cryptology ePrint Archive, Paper 2019/837},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.