# Stronger and Faster Side-Channel Protections for CSIDH

**Authors:** Daniel Cervantes-V\'azquez, Mathilde Chenu, Jes\'us-Javier, Chi-Dom\'inguez, Luca De Feo, Francisco Rodr\'iguez-Henr\'iquez and, Benjamin Smith

arXiv: 1907.08704 · 2019-08-22

## TL;DR

This paper enhances the security and speed of CSIDH, a quantum-resistant cryptographic primitive, by fixing vulnerabilities in constant-time implementations and proposing a dummy-free variant suitable for embedded hardware.

## Contribution

It identifies and repairs oversights in existing constant-time CSIDH algorithms, introduces the fastest constant-time version using Edwards arithmetic, and proposes a dummy-free variant for fault injection resistance.

## Key findings

- Fastest constant-time CSIDH achieved to date.
- Dummy-free CSIDH variant offers improved fault injection resistance.
- Performance remains within a small factor of less-protected versions.

## Abstract

CSIDH is a recent quantum-resistant primitive based on the difficulty of finding isogeny paths between supersingular curves. Recently, two constant-time versions of CSIDH have been proposed: first by Meyer, Campos and Reith, and then by Onuki, Aikawa, Yamazaki and Takagi. While both offer protection against timing attacks and simple power consumption analysis, they are vulnerable to more powerful attacks such as fault injections. In this work, we identify and repair two oversights in these algorithms that compromised their constant-time character. By exploiting Edwards arithmetic and optimal addition chains, we produce the fastest constant-time version of CSIDH to date. We then consider the stronger attack scenario of fault injection, which is relevant for the security of CSIDH static keys in embedded hardware. We propose and evaluate a dummy-free CSIDH algorithm. While these CSIDH variants are slower, their performance is still within a small constant factor of less-protected variants. Finally, we discuss derandomized CSIDH algorithms.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.08704/full.md

## References

30 references — full list in the complete paper: https://tomesphere.com/paper/1907.08704/full.md

---
Source: https://tomesphere.com/paper/1907.08704