Paper 2024/581

Fault Attack on SQIsign

JeongHwan Lee, Korea University
Donghoe Heo, Korea University
Hyeonhak Kim, Korea University
Gyusang Kim, Korea University
Suhri Kim, Sungshin women's University
Heeseok Kim, Korea University
Seokhie Hong, Korea University
Abstract

In this paper, we introduce the first fault attack on SQIsign. By injecting a fault into the ideal generator during the commitment phase, we demonstrate a meaningful probability of inducing the generation of order . The probability is bounded by one parameter, the degree of commitment isogeny. We also show that the probability can be reasonably estimated by assuming uniform randomness of a random variable, and provide empirical evidence supporting the validity of this approximation. In addition, we identify a loop-abort vulnerability due to the iterative structure of the isogeny operation. Exploiting these vulnerabilities, we present key recovery fault attack scenarios for two versions of SQIsign---one deterministic and the other randomized. We then analyze the time complexity and the number of queries required for each attack. Finally, we discuss straightforward countermeasures that can be implemented against the attack.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. PQCrypto 2024
Keywords
IsogenyQuaternion AlgebraPost Quantum CryptographyFault Attack
Contact author(s)
hwani0814 @ korea ac kr
History
2024-04-16: revised
2024-04-15: received
See all versions
Short URL
https://ia.cr/2024/581
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/581,
      author = {JeongHwan Lee and Donghoe Heo and Hyeonhak Kim and Gyusang Kim and Suhri Kim and Heeseok Kim and Seokhie Hong},
      title = {Fault Attack on {SQIsign}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/581},
      year = {2024},
      url = {https://eprint.iacr.org/2024/581}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.