Paper 2021/850

Resistance of Isogeny-Based Cryptographic Implementations to a Fault Attack

Élise Tasso, Luca De Feo, Nadia El Mrabet, and Simon Pontié


The threat of quantum computers has sparked the development of a new kind of cryptography to resist their attacks. Isogenies between elliptic curves are one of the tools used for such cryptosystems. They are championed by SIKE (Supersingular isogeny key encapsulation), an "alternate candidate" of the third round of the NIST Post-Quantum Cryptography Standardization Process. While all candidates are believed to be mathematically secure, their implementations may be vulnerable to hardware attacks. In this work we investigate for the first time whether Ti's 2017 theoretical fault injection attack is exploitable in practice. We also examine suitable countermeasures. We manage to recover the secret thanks to electromagnetic fault injection on an ARM Cortex A53 using a correct and an altered public key generation. Moreover we propose a suitable countermeasure to detect faults that has a low overhead as it takes advantage of a redundancy already present in SIKE implementations.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. COSADE 2021
Contact author(s)
elise tasso2 @ cea fr
cosade21 @ defeo lu
nadia el-mrabet @ emse fr
simon pontie @ cea fr
2021-06-22: received
Short URL
Creative Commons Attribution


      author = {Élise Tasso and Luca De Feo and Nadia El Mrabet and Simon Pontié},
      title = {Resistance of Isogeny-Based Cryptographic Implementations to a Fault Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2021/850},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.