Paper 2024/581
Fault Attack on SQIsign
, Korea University, Korea University, Korea University, Korea University, Sungshin women's University, Korea University, Korea UniversityAbstract
In this paper, we introduce the first fault attack on SQIsign. By injecting a fault into the ideal generator during the commitment phase, we demonstrate a meaningful probability of inducing the generation of order $\mathcal{O}_0$. The probability is bounded by one parameter, the degree of commitment isogeny. We also show that the probability can be reasonably estimated by assuming uniform randomness of a random variable, and provide empirical evidence supporting the validity of this approximation. In addition, we identify a loop-abort vulnerability due to the iterative structure of the isogeny operation. Exploiting these vulnerabilities, we present key recovery fault attack scenarios for two versions of SQIsign---one deterministic and the other randomized. We then analyze the time complexity and the number of queries required for each attack. Finally, we discuss straightforward countermeasures that can be implemented against the attack.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. PQCrypto 2024
- Keywords
- IsogenyQuaternion AlgebraPost Quantum CryptographyFault Attack
- Contact author(s)
- hwani0814 @ korea ac kr
- History
- 2024-04-16: revised
- 2024-04-15: received
- See all versions
- Short URL
- https://ia.cr/2024/581
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/581,
author = {JeongHwan Lee and Donghoe Heo and Hyeonhak Kim and Gyusang Kim and Suhri Kim and Heeseok Kim and Seokhie Hong},
title = {Fault Attack on {SQIsign}},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/581},
year = {2024},
url = {https://eprint.iacr.org/2024/581}
}
