Efficient Loop Abort Fault Attacks on Supersingular Isogeny based Key Exchange (SIKE)

Abstract

Post-quantum secure public key algorithm Super-singular Isogeny based Key Exchange (SIKE) has emerged as a viable candidate for post-quantum secure key encapsulation mechanism. SIKE is based on isogeny property of elliptic curves and its security depends upon the intractability of computing the isogenous path from the source and image curve. In this paper, we focus on the vulnerability of SIKE against fault attacks, specifically against loop abort fault attacks. The fault attacks proposed in this paper can be applied to both naive and optimized implementations of large degree isogeny computation. The attack on naive implementation is based on creating loop abort faults during scalar multiplication and isogeny computation. The effectiveness of such loop abort faults is twofold: it can transform the post-quantum hardness of SIKE to a post-quantum vulnerable ECDLP (Elliptic Curve Discrete Log), while in the other case the adversary can retrieve the secret key of SIKE protocol with little computational effort. The attack on optimized implementation of SIKE takes advantage of the publicly available computation strategy of isogeny computation. Therefore, it can recover the private key of SIKE with only a few fault injections.