2019
DOI: 10.1007/978-3-030-30530-7_9
|View full text |Cite
|
Sign up to set email alerts
|

Stronger and Faster Side-Channel Protections for CSIDH

Abstract: CSIDH is a recent quantum-resistant primitive based on the difficulty of finding isogeny paths between supersingular curves. Recently, two constant-time versions of CSIDH have been proposed: first by Meyer, Campos and Reith, and then by Onuki, Aikawa, Yamazaki and Takagi. While both offer protection against timing attacks and simple power consumption analysis, they are vulnerable to more powerful attacks such as fault injections. In this work, we identify and repair two oversights in these algorithms that comp… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
72
0

Year Published

2020
2020
2020
2020

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 37 publications
(72 citation statements)
references
References 24 publications
0
72
0
Order By: Relevance
“…We stress that this improvement is totally orthogonal to all previous speed-ups, constant-time measures (see e.g. [9,15]) and cryptographic applications (see e.g. [7,4,11]) that have appeared in the literature so far.…”
Section: Contributionsmentioning
confidence: 61%
“…We stress that this improvement is totally orthogonal to all previous speed-ups, constant-time measures (see e.g. [9,15]) and cryptographic applications (see e.g. [7,4,11]) that have appeared in the literature so far.…”
Section: Contributionsmentioning
confidence: 61%
“…For future work, we plan to study a potential attack against CSIDH-based algorithms with the collisions presented in this paper. Additionally, we plan to implement an optimized algorithm for each form of base primes and to provide more obvious standards for parameter selection by applying the various optimization methods as in [19][20][21].…”
Section: Discussionmentioning
confidence: 99%
“…We do not apply other technical optimization methods like SIMBA [19], new addition chains for a scalar multiplication [20], and Velusqrt algorithm [21]. This is because we intend to present the comparison results of primitive algorithms as possible.…”
Section: Remarkmentioning
confidence: 99%
“…Recently, Cervantes-Vázquez, Chenu, Chi-Domínguez, De Feo, Rodríguez-Henríquez, and Smith [20] proposed a new constant-time CSIDH resistant against a fault injection attack, which uses our method that keeps two torsion points. Furtheremore, they proposed speedup techniques for CSIDH and reported that the cost of our algorithm can be reduced by about 12% by using their speedup techniques.…”
Section: Related Workmentioning
confidence: 99%
“…Cervantes-Vázquez et al [20] pointed out that the implementation of Elligator in [17] is not correct in the sense of constant-time, since it does not use randomness. However, this can be easily fixed.…”
Section: Remarkmentioning
confidence: 99%