Paper 2022/153

Faulty isogenies: a new kind of leakage

Gora Adj, Jesús-Javier Chi-Domínguez, Víctor Mateu, and Francisco Rodríguez-Henríquez

Abstract

In SIDH and SIKE protocols, public keys are defined over quadratic extensions of prime fields. We present in this work a projective invariant property characterizing affine Montgomery curves defined over prime fields. We then force a secret 3-isogeny chain to repeatedly pass through a curve defined over a prime field in order to exploit the new property and inject zeros in the A-coefficient of an intermediate curve to successfully recover the isogeny chain one step at a time. Our results introduce a new kind of fault attacks applicable to SIDH and SIKE.

Note: Extended countermeasures: this version coincides with the arXiv version

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. Minor revision.
Keywords
isogeny-based cryptographyfault injection attack
Contact author(s)
gora adj @ gmail com
jesus dominguez @ tii ae
victor mateu @ tii ae
francisco rodriguez @ tii ae
History
2022-02-28: revised
2022-02-12: received
See all versions
Short URL
https://ia.cr/2022/153
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/153,
      author = {Gora Adj and Jesús-Javier Chi-Domínguez and Víctor Mateu and Francisco Rodríguez-Henríquez},
      title = {Faulty isogenies: a new kind of leakage},
      howpublished = {Cryptology ePrint Archive, Paper 2022/153},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/153}},
      url = {https://eprint.iacr.org/2022/153}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.