Faulty isogenies: a new kind of leakage

In SIDH and SIKE protocols, public keys are defined over quadratic extensions of prime fields. We present in this work a projective invariant property characterizing affine Montgomery curves defined over prime fields. We then force a secret 3-isogeny chain to repeatedly pass through a curve defined...

Full description

Saved in:

Bibliographic Details
Published in	arXiv.org
Main Authors	Gora Adj, Jesús-Javier Chi-Domínguez, Mateu, Víctor, Rodríguez-Henríquez, Francisco
Format	Paper
Language	English
Published	Ithaca Cornell University Library, arXiv.org 28.02.2022
Subjects	Chains
Online Access	Get full text

Cover

Loading…

More Information
Summary:	In SIDH and SIKE protocols, public keys are defined over quadratic extensions of prime fields. We present in this work a projective invariant property characterizing affine Montgomery curves defined over prime fields. We then force a secret 3-isogeny chain to repeatedly pass through a curve defined over a prime field in order to exploit the new property and inject zeros in the A-coefficient of an intermediate curve to successfully recover the isogeny chain one step at a time. Our results introduce a new kind of fault attacks applicable to SIDH and SIKE.
ISSN:	2331-8422