Faulty isogenies: a new kind of leakage
Gora Adj, Jes\'us-Javier Chi-Dom\'inguez, V\'ictor Mateu and, Francisco Rodr\'iguez-Henr\'iquez
TL;DR
This paper introduces a novel fault attack on SIDH and SIKE protocols by exploiting a projective invariant property of affine Montgomery curves, enabling the recovery of secret isogeny chains through targeted zero injections.
Contribution
It presents a new fault attack method that leverages a projective invariant property to recover secret isogeny chains in SIDH and SIKE.
Findings
Successfully recovered isogeny chains using the new fault attack.
Demonstrated the attack's applicability to SIDH and SIKE protocols.
Introduced a method to inject zeros in the A-coefficient to facilitate attack.
Abstract
In SIDH and SIKE protocols, public keys are defined over quadratic extensions of prime fields. We present in this work a projective invariant property characterizing affine Montgomery curves defined over prime fields. We then force a secret 3-isogeny chain to repeatedly pass through a curve defined over a prime field in order to exploit the new property and inject zeros in the A-coefficient of an intermediate curve to successfully recover the isogeny chain one step at a time. Our results introduce a new kind of fault attacks applicable to SIDH and SIKE.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Security and Verification in Computing · Cryptography and Residue Arithmetic