Skip to main content

Adaptive Attacks Against FESTA Without Input Validation or Constant-Time Implementation

  • Conference paper
  • First Online:
Post-Quantum Cryptography (PQCrypto 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14772))

Included in the following conference series:

  • 199 Accesses

Abstract

A FESTA trapdoor function is an isogeny-based trapdoor function based on an attempt to apply Kani’s theorem to cryptography. This paper claims that there are adaptive attacks for a FESTA-based scheme if this scheme does not check the correctness of the input matrix or is not implemented in constant time. Our attacks do not apply to the constant-time implementation of the IND-CCA PKE scheme named FESTA proposed in the FESTA original paper. In this paper, we provide adaptive attacks for a FESTA trapdoor function using auxiliary oracles, which reveals the secret key of the function. These oracles may be constructed if the FESTA trapdoor function is used without validating the input matrix or implemented in non-constant time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Azarderakhsh, R., et al.: Supersingular isogeny key encapsulation. In: Submission to the NIST Post-Quantum Standardization project (2017)

    Google Scholar 

  2. Basso, A., Maino, L., Pope, G.: FESTA: fast encryption from supersingular torsion attacks. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT 2023. LNCS, vol. 14444, pp. 98–126. Springer, Singapore (2023). https://doi.org/10.1007/978-981-99-8739-9_4

    Chapter  Google Scholar 

  3. Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 423–447. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_15

    Chapter  Google Scholar 

  4. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  5. Dartois, P., Leroux, A., Robert, D., Wesolowski, B.: SQIsignHD: new dimensions in cryptography. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024. LNCS, vol. 14651, pp. 3–32. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-58716-0_1, https://ia.cr/2023/436

  6. De Feo, L., Kohel, D., Leroux, A., Petit, C., Wesolowski, B.: SQISign: compact post-quantum signatures from quaternions and isogenies. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 64–93. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_3

    Chapter  Google Scholar 

  7. Fouotsa, T.B., Petit, C.: A new adaptive attack on SIDH. In: Galbraith, S.D. (ed.) CT-RSA 2022. LNCS, vol. 13161, pp. 322–344. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-95312-6_14

    Chapter  Google Scholar 

  8. Galbraith, S.D., Petit, C., Shani, B., Ti, Y.B.: On the security of supersingular isogeny cryptosystems. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 63–91. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_3

    Chapter  Google Scholar 

  9. Ibukiyama, T., Katsura, T., Oort, F.: Supersingular curves of genus two and class numbers. Compos. Math. 57(2), 127–152 (1986)

    MathSciNet  Google Scholar 

  10. Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2

    Chapter  Google Scholar 

  11. Kani, E.: The number of curves of genus two with elliptic differentials (1997)

    Google Scholar 

  12. Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987)

    Article  MathSciNet  Google Scholar 

  13. Maino, L., Martindale, C., Panny, L., Pope, G., Wesolowski, B.: A direct key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 448–471. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_16

    Chapter  Google Scholar 

  14. Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31

    Chapter  Google Scholar 

  15. Moriya, T.: IS-CUBE: An isogeny-based compact KEM using a boxed SIDH diagram (2023). https://eprint.iacr.org/2023/1516

  16. Mumford, D., Ramanujam, C.P., Manin, J.I.: Abelian Varieties, vol. 5. Oxford University Press, Oxford (1974)

    Google Scholar 

  17. National Institute of Standards and Technology. Post–quantum cryptography standardization. https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions

  18. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)

    Article  MathSciNet  Google Scholar 

  19. Robert, D.: Breaking SIDH in polynomial time. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 472–503. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_17

    Chapter  Google Scholar 

  20. Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science – FOCS 1994, pp. 124–134. IEEE (1994)

    Google Scholar 

  21. Silverman, J.H.: The Arithmetic of Elliptic Curves, vol. 106. Springer, New York (2009). https://doi.org/10.1007/978-0-387-09494-6

    Book  Google Scholar 

  22. Smith, B.: Explicit endomorphisms and correspondences. PhD thesis, University of Sydney (2005)

    Google Scholar 

  23. Vélu, J.: Isogénies entre courbes elliptiques. CR Acad. Sci. Paris Sér. A 273(5), 238–241 (1971)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank Andrea Basso, Luciano Maino, Giacomo Pope, and the anonymous referees for helpful comments on an earlier raft of this paper. This work was supported by the National Key R &D Program of China under Grant No. 2022YFB2703000, the National Natural Science Foundation of China under Grants Nos. 62072011 and 61672059, EPSRC through grant EP/V011324/1 and in part conducted under a contract of “Research and development on new generation cryptography for secure wireless communication services” among “Research and Development for Expansion of Radio Wave Resources (JPJ000254)”, which was supported by the Ministry of Internal Affairs and Communications, Japan.

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Maozhi Xu or Guoqing Zhou .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Moriya, T., Onuki, H., Xu, M., Zhou, G. (2024). Adaptive Attacks Against FESTA Without Input Validation or Constant-Time Implementation. In: Saarinen, MJ., Smith-Tone, D. (eds) Post-Quantum Cryptography. PQCrypto 2024. Lecture Notes in Computer Science, vol 14772. Springer, Cham. https://doi.org/10.1007/978-3-031-62746-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-62746-0_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-62745-3

  • Online ISBN: 978-3-031-62746-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics