Researchers from the KU Leuven have developed a method of attacking the SIKE (Supersingular Isogeny Key Encapsulation) key encapsulation mechanism, which entered the finals of the post-quantum cryptosystems competition held by the US National Institute of Standards and Technology (SIKE was included and the number of additional algorithms that passed the main selection stages, but sent for revision to eliminate comments before transferring them to the category of recommended ones). The proposed attack method makes it possible to restore the value of the key used for encryption based on the SIDH (Supersingular Isogeny Diffie-Hellman) protocol used in SIKE on a conventional personal computer.
A ready-made implementation of the SIKE hacking method is published as a script for the Magma algebraic system. It took 434 minutes to recover the private key used to encrypt secure network sessions using the SIKEp1 (level 62) parameter set on a single-core system, SIKEp503 (level 2) - 2 hours 19 minutes, SIKEp610 (level 3) - 8 hours 15 minutes, SIKEp751 (level 5) - 20 hours 37 minutes. The $IKEp182 and $IKEp217 contests, developed by Microsoft, took 4 and 6 minutes, respectively.
The SIKE algorithm is based on the use of supersingular isogeny (circling in a supersingular isogeny graph) and was considered by NIST as a candidate for standardization, as it differed from other contenders in the smallest key size and support for perfect forward secrecy (compromising one of the long-term keys does not allow decrypting a previously intercepted session) . SIDH is an analogue of the Diffie-Hellman protocol based on circling in a supersingular isogenic graph.
The published SIKE hack is based on the GPST (Galbraith-Petit-Shani-Ti) adaptive attack proposed in 2016 on supersingular isogenic key encapsulation mechanisms and exploits the existence of a small nonscalar endomorphism at the beginning of the curve, supported by additional knowledge of the torsion point transmitted by agents interacting in during the operation of the protocol.
Source: opennet.ru