DeepAI AI Chat
Log In Sign Up

Stronger and Faster Side-Channel Protections for CSIDH

CSIDH is a recent quantum-resistant primitive based on the difficulty of finding isogeny paths between supersingular curves. Recently, two constant-time versions of CSIDH have been proposed: first by Meyer, Campos and Reith, and then by Onuki, Aikawa, Yamazaki and Takagi. While both offer protection against timing attacks and simple power consumption analysis, they are vulnerable to more powerful attacks such as fault injections. In this work, we identify and repair two oversights in these algorithms that compromised their constant-time character. By exploiting Edwards arithmetic and optimal addition chains, we produce the fastest constant-time version of CSIDH to date. We then consider the stronger attack scenario of fault injection, which is relevant for the security of CSIDH static keys in embedded hardware. We propose and evaluate a dummy-free CSIDH algorithm. While these CSIDH variants are slower, their performance is still within a small constant factor of less-protected variants. Finally, we discuss derandomized CSIDH algorithms.


page 1

page 2

page 3

page 4


Programmable RO (PRO): A Multipurpose Countermeasure against Side-channel and Fault Injection Attack

Side-channel and fault injection attacks reveal secret information by mo...

Attacking Hardware AES with DFA

We present the first practical attack on a hardware AES accelerator with...

EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware

EMFI has become a popular fault injection (FI) technique due to its abil...

A tool assisted methodology to harden programs against multi-faults injections

Fault attacks consist in changing the program behavior by injecting faul...

SCFI: State Machine Control-Flow Hardening Against Fault Attacks

Fault injection (FI) is a powerful attack methodology allowing an advers...

Voltage regulator assisted lightweight countermeasure against fault injection attacks

The impeccable design of sensitive and cryptographic circuits (CC) again...