论文标题
异基因错误:一种新的泄漏
Faulty isogenies: a new kind of leakage
论文作者
论文摘要
在SIDH和SIKE协议中,公共密钥是根据主要字段的二次扩展定义的。我们在这项工作中介绍了一个投影性的不变属性,该属性表征了在主要领域定义的仿生蒙哥马利曲线。然后,我们强迫一个秘密的3衰减链反复穿过在素场上定义的曲线,以利用新属性并注入中间曲线的A型零,以一次成功地恢复了同学链。我们的结果引入了一种适用于Sidh和Sike的新型故障攻击。
In SIDH and SIKE protocols, public keys are defined over quadratic extensions of prime fields. We present in this work a projective invariant property characterizing affine Montgomery curves defined over prime fields. We then force a secret 3-isogeny chain to repeatedly pass through a curve defined over a prime field in order to exploit the new property and inject zeros in the A-coefficient of an intermediate curve to successfully recover the isogeny chain one step at a time. Our results introduce a new kind of fault attacks applicable to SIDH and SIKE.
