Faulty isogenies: a new kind of leakage
This work introduces a new kind of fault attack for SIDH and SIKE protocols, which are used in post-quantum cryptography, addressing a security vulnerability for cryptographic systems.
The authors tackled the problem of leakage in SIDH and SIKE protocols by exploiting a projective invariant property of affine Montgomery curves over prime fields, enabling them to recover secret isogeny chains step-by-step through fault attacks.
In SIDH and SIKE protocols, public keys are defined over quadratic extensions of prime fields. We present in this work a projective invariant property characterizing affine Montgomery curves defined over prime fields. We then force a secret 3-isogeny chain to repeatedly pass through a curve defined over a prime field in order to exploit the new property and inject zeros in the A-coefficient of an intermediate curve to successfully recover the isogeny chain one step at a time. Our results introduce a new kind of fault attacks applicable to SIDH and SIKE.