Cryptology ePrint Archive: Report 2021/1132

Safe-Error Attacks on SIKE and CSIDH

Fabio Campos and Juliane Krämer and Marcel Müller

Abstract: The isogeny-based post-quantum schemes SIKE (NIST PQC round 3 alternate candidate) and CSIDH (Asiacrypt 2018) have received only little attention with respect to their fault attack resilience so far. We aim to fill this gap and provide a better understanding of their vulnerability by analyzing their resistance towards safe-error attacks. We present four safe-error attacks, two against SIKE and two against a constant-time implementation of CSIDH that uses dummy isogenies. The attacks use targeted bitflips during the respective isogeny-graph traversals. All four attacks lead to full key recovery. By using voltage and clock glitching, we physically carried out two of the attacks - one against each scheme -, thus demonstrate that full key recovery is also possible in practice.

Category / Keywords: public-key cryptography / post-quantum cryptography, isogeny-based cryptography, fault attacks

Date: received 6 Sep 2021, last revised 7 Sep 2021

Contact author: campos at sopmac de, juliane at qpc tu-darmstadt de, marcel at qpc tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20210907:174531 (All versions of this report)

Short URL: ia.cr/2021/1132


[ Cryptology ePrint archive ]