Paper 2021/1132

Safe-Error Attacks on SIKE and CSIDH

Fabio Campos, Juliane Krämer, and Marcel Müller


The isogeny-based post-quantum schemes SIKE (NIST PQC round 3 alternate candidate) and CSIDH (Asiacrypt 2018) have received only little attention with respect to their fault attack resilience so far. We aim to fill this gap and provide a better understanding of their vulnerability by analyzing their resistance towards safe-error attacks. We present four safe-error attacks, two against SIKE and two against a constant-time implementation of CSIDH that uses dummy isogenies. The attacks use targeted bitflips during the respective isogeny-graph traversals. All four attacks lead to full key recovery. By using voltage and clock glitching, we physically carried out two of the attacks - one against each scheme -, thus demonstrate that full key recovery is also possible in practice.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
post-quantum cryptographyisogeny-based cryptographyfault attacks
Contact author(s)
campos @ sopmac de
juliane @ qpc tu-darmstadt de
marcel @ qpc tu-darmstadt de
2021-11-22: last of 2 revisions
2021-09-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Fabio Campos and Juliane Krämer and Marcel Müller},
      title = {Safe-Error Attacks on SIKE and CSIDH},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1132},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.