Side-channel attacks on SIKE
This thesis presents, firstly, an introduction to the current state of the art in isogeny-based cryptography, and secondly, a side-channel differential power analysis of SIKE—an isogeny-based key exchange algorithm—in semi-static mode. These attacks have been realized on an ARM implementation of SIKEp434 in the pqm4 library which is itself based on the reference implementation of the SIKE submission to the NIST post-quantum standardization process. We have analyzed the power consumption of an STM32F3 board which features an ARM Cortex-M4 microcontroller through Pearson’s correlation in the Hamming Weight model. We investigated an information leak of the 3-points Ladder involved in the decapsulation mechanism of SIKEp434. As this function was used to compute P + [m]Q where m is Bob’s private key and P, Q are two public points on a known elliptic curve, we showed that we can recover every bit of Bob’s private key by exploiting the power consumption as a bit distinguisher through a correlation with the result of an ADDS assembly instruction. A proof of leakage of the ADDS instruction of ARM has been demonstrated in this thesis. Ideas for countermeasures to prevent this attack are discussed.
Side-channel attacks on SIKE.pdf
Publisher's version
restricted
Copyright
5.02 MB
Adobe PDF
09626f47fe281def94b3dc434e645be5