Disorientation Faults in CSIDH

We investigate a new class of fault-injection attacks against the CSIDH family of cryptographic group actions, dubbed disorientation attacks. These attacks flip the direction of specific isogeny steps by targeting subroutines like Legendre symbol or Elligator computations.

Highlights:

• Break both CSIDH and CTIDH with modest computational effort
• Exploit widespread components in real implementations
• Provide post-processing techniques to infer constraints on the secret
• Propose lightweight countermeasures and assess their effectiveness

This work contributes to understanding and defending against physical attacks on isogeny-based cryptography.