Skip to main content

(Short Paper) Analysis of a Strong Fault Attack on Static/Ephemeral CSIDH

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12835))

Included in the following conference series:

  • 441 Accesses

Abstract

CSIDH is an isogeny-based post-quantum key establishment protocol proposed in 2018. In this work we analyze attacking implementations of CSIDH which use dummy isogeny operations using fault injections from a mathematical perspective. We detail an attack (implicit in prior works on implementations of CSIDH) by which a static private key can be learned (up to sign) by the attacker with certainty using \(\sum \lceil \log _2(b_i) + 1 \rceil \) faults using a binary search approach, where \(\boldsymbol{\mathbf {b}}\) is the bound vector defining the keyspace. A natural idea for a countermeasure to this attack is to randomly mix the real degree \(\ell _j\) isogenies together with the dummy ones, so that binary search becomes ineffective. In this work we evaluate the efficacy of this idea as a fault attack countermeasure; in particular, we give bounds (as a function of the bound vector entries) on the number of fault injections (of a particular relatively strong, hypothetical type) required for an attacker to have a given success probability for guessing an unknown key, and present the results of simulated attacks on keys sampled from 6 keyspaces found in the literature. We find that the number of faults required to reach any constant success probability in guessing a static key is quadratic in the bound vector entries, rather than logarithmic as in the “real-then-dummy” setting—concretely, the number of faults required increases from a few hundred to tens of thousands. Broadly, this behaviour is reflected in our simulations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Campos, F., Kannwischer, M.J., Meyer, M., Onuki, H., Stöttinger, M.: Trouble at the CSIDH: protecting CSIDH with dummy-operations against fault injection attacks. In: 2020 Workshop on Fault Detection and Tolerance in Cryptography (FDTC), pages 57–65, Los Alamitos, CA, USA, September 2020. IEEE Computer Society (2020)

    Google Scholar 

  2. Castryck, W., Decru, T.: CSIDH on the Surface. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 111–129. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_7

    Chapter  Google Scholar 

  3. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  4. Cervantes-Vázquez, D., Chenu, M., Chi-Domínguez, J.-J., De Feo, L., Rodríguez-Henríquez, F., Smith, B.: Stronger and Faster Side-Channel Protections for CSIDH. In: Schwabe, P., Thériault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 173–193. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30530-7_9

    Chapter  Google Scholar 

  5. Chow, Y., Teicher, H.: Probability Theory: Independence, Interchangeability, Martingales. Springer, New York (1997)

    Book  Google Scholar 

  6. Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58(301), 13–30 (1963)

    Article  MathSciNet  Google Scholar 

  7. Hutchinson, A., LeGrow, J., Koziel, B., Azarderakhsh, R.: Further optimizations of CSIDH: a systematic approach to efficient strategies, permutations, and bound vectors. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020. LNCS, vol. 12146, pp. 481–501. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57808-4_24

    Chapter  MATH  Google Scholar 

  8. Marcinkiewicz, J., Zygmund, A.: Sur les fonctions indépendantes. Fundam. Math. 29(1), 60–90 (1937)

    Article  Google Scholar 

  9. Meyer, M., Campos, F., Reith, S.: On lions and elligators: an efficient constant-time implementation of CSIDH. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 307–325. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_17

    Chapter  Google Scholar 

  10. Meyer, M., Reith, S.: A faster way to the CSIDH. In: Chakraborty, D., Iwata, T. (eds.) INDOCRYPT 2018. LNCS, vol. 11356, pp. 137–152. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05378-9_8

    Chapter  Google Scholar 

  11. Moriya, T., Onuki, H., Takagi, T.: How to construct CSIDH on edwards curves. Cryptology ePrint Archive, Report 2019/843 (2019)

    Google Scholar 

  12. Onuki, H., Aikawa, Y., Yamazaki, T., Takagi, T.: (Short Paper) A Faster constant-time algorithm of CSIDH keeping two points. In: Attrapadung, N., Yagi, T. (eds.) IWSEC 2019. LNCS, vol. 11689, pp. 23–33. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26834-3_2

    Chapter  Google Scholar 

  13. Paley, R.E.A.C., Zygmund, A.: On some series of functions, (3). Math. Proc. Cambridge Philos. Soc. 28(2), 190–205 (1932)

    Article  Google Scholar 

Download references

Acknowledgements

Jason T. LeGrow was funded in part by MBIE fund UOAX1933.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jason T. LeGrow .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

LeGrow, J.T., Hutchinson, A. (2021). (Short Paper) Analysis of a Strong Fault Attack on Static/Ephemeral CSIDH. In: Nakanishi, T., Nojima, R. (eds) Advances in Information and Computer Security. IWSEC 2021. Lecture Notes in Computer Science(), vol 12835. Springer, Cham. https://doi.org/10.1007/978-3-030-85987-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85987-9_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85986-2

  • Online ISBN: 978-3-030-85987-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics