Paper 2020/1005

Trouble at the CSIDH: Protecting CSIDH with Dummy-Operations against Fault Injection Attacks

Fabio Campos, Matthias J. Kannwischer, Michael Meyer, Hiroshi Onuki, and Marc Stöttinger

Abstract

The isogeny-based scheme CSIDH is a promising candidate for quantum-resistant static-static key exchanges with very small public keys, but is inherently difficult to implement in constant time. In the current literature, there are two directions for constant-time implementations: algorithms containing dummy computations and dummy-free algorithms. While the dummy-free implementations come with a 2x slowdown, they offer by design more resistance against fault attacks. In this work, we evaluate how practical fault injection attacks are on the constant-time implementations containing dummy calculations. We present three different fault attacker models. We evaluate our fault models both in simulations and in practical attacks. We then present novel countermeasures to protect the dummy isogeny computations against fault injections. The implemented countermeasures result in an overhead of 7% on the Cortex-M4 target, falling well short of the 2x slowdown for dummy-less variants.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. FDTC 2020
Keywords
Isogeny-based CryptographyCSIDHFault Injection AttackFault Resistant Implementation
Contact author(s)
campos @ sopmac de
matthias @ kannwischer eu
michael meyer @ hs-rm de
onuki @ mist i u-tokyo ac jp
marc stoettinger @ gmail com
History
2020-08-19: received
Short URL
https://ia.cr/2020/1005
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/1005,
      author = {Fabio Campos and Matthias J.  Kannwischer and Michael Meyer and Hiroshi Onuki and Marc Stöttinger},
      title = {Trouble at the CSIDH: Protecting CSIDH with Dummy-Operations against Fault Injection Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1005},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1005}},
      url = {https://eprint.iacr.org/2020/1005}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.