Cryptology ePrint Archive: Report 2021/850

Resistance of Isogeny-Based Cryptographic Implementations to a Fault Attack

Élise Tasso and Luca De Feo and Nadia El Mrabet and and Simon Pontié

Abstract: The threat of quantum computers has sparked the development of a new kind of cryptography to resist their attacks. Isogenies between elliptic curves are one of the tools used for such cryptosystems. They are championed by SIKE (Supersingular isogeny key encapsulation), an "alternate candidate" of the third round of the NIST Post-Quantum Cryptography Standardization Process. While all candidates are believed to be mathematically secure, their implementations may be vulnerable to hardware attacks. In this work we investigate for the first time whether Ti's 2017 theoretical fault injection attack is exploitable in practice. We also examine suitable countermeasures. We manage to recover the secret thanks to electromagnetic fault injection on an ARM Cortex A53 using a correct and an altered public key generation. Moreover we propose a suitable countermeasure to detect faults that has a low overhead as it takes advantage of a redundancy already present in SIKE implementations.

Category / Keywords: public-key cryptography / Post-quantum Cryptography - SIKE - Elliptic Curve - Isogeny - Fault Injection Attack

Original Publication (in the same form): COSADE 2021

Date: received 22 Jun 2021

Contact author: elise tasso2 at cea fr, cosade21 at defeo lu, nadia el-mrabet at emse fr, simon pontie at cea fr

Available format(s): PDF | BibTeX Citation

Version: 20210622:143645 (All versions of this report)

Short URL: ia.cr/2021/850


[ Cryptology ePrint archive ]