Loop-Abort Faults on Supersingular Isogeny Cryptosystems
نویسندگان
چکیده
Cryptographic schemes based on supersingular isogenies have become an active area of research in the field of post-quantum cryptography. We investigate the resistance of these cryptosystems to fault injection attacks. It appears that the iterative structure of the secret isogeny computation renders these schemes vulnerable to loop-abort attacks. Loop-abort faults allow to perform a full key recovery, bypassing all the previously introduced validation methods. Therefore implementing additional countermeasures seems unavoidable for applications where physical attacks are relevant.
منابع مشابه
On the Security of Supersingular Isogeny Cryptosystems
We study cryptosystems based on supersingular isogenies. This is an active area of research in post-quantum cryptography. Our first contribution is to give a very powerful active attack on the supersingular isogeny encryption scheme. This attack can only be prevented by using a (relatively expensive) countermeasure. Our second contribution is to show that the security of all schemes of this typ...
متن کاملFault Attack on Supersingular Isogeny Cryptosystems
We present the first fault attack on cryptosystems based on supersingular isogenies. During the computation of the auxiliary points, the attack aims to change the base point to a random point on the curve via a fault injection. We will show that this would reveal the secret isogeny with one successful perturbation with high probability. We will exhibit the attack by placing it against signature...
متن کاملTowards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies
We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring. Ou...
متن کاملQuantum-Resistant Diffie-Hellman Key Exchange from Supersingular Elliptic Curve Isogenies
Possibility of the emergence of quantum computers in the near future, pose a serious threat against the security of widely-used public key cryptosystems such as RSA or Elliptic Curve Cryptography (ECC). Algorithms involving isogeny computations on supersingular elliptic curves have been shown to be difficult to break, even to quantum computers. Thus, isogeny-based protocols represent promising ...
متن کاملClassical and Quantum Algorithms for Isogeny-based Cryptography
Isogeny-based cryptography using supersingular elliptic curves — most prominently, the constructions of De Feo-Jao-Plut — is one of the few practical candidates for post-quantum public key cryptography. Its formidable security claim is earned through the continual exploration of quantum algorithms for ‘isogeny problems’ and the assessment of the threat they pose to supersingular isogeny-based c...
متن کامل