Paper 2021/1132

Safe-Error Attacks on SIKE and CSIDH

Fabio Campos, Juliane Krämer, and Marcel Müller

Abstract

The isogeny-based post-quantum schemes SIKE (NIST PQC round 3 alternate candidate) and CSIDH (Asiacrypt 2018) have received only little attention with respect to their fault attack resilience so far. We aim to fill this gap and provide a better understanding of their vulnerability by analyzing their resistance towards safe-error attacks. We present four safe-error attacks, two against SIKE and two against a constant-time implementation of CSIDH that uses dummy isogenies. The attacks use targeted bitflips during the respective isogeny-graph traversals. All four attacks lead to full key recovery. By using voltage and clock glitching, we physically carried out two of the attacks - one against each scheme -, thus demonstrate that full key recovery is also possible in practice.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
post-quantum cryptographyisogeny-based cryptographyfault attacks
Contact author(s)
campos @ sopmac de
juliane @ qpc tu-darmstadt de
marcel @ qpc tu-darmstadt de
History
2021-11-22: last of 2 revisions
2021-09-07: received
See all versions
Short URL
https://ia.cr/2021/1132
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/1132,
      author = {Fabio Campos and Juliane Krämer and Marcel Müller},
      title = {Safe-Error Attacks on SIKE and CSIDH},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1132},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1132}},
      url = {https://eprint.iacr.org/2021/1132}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.