Simple Power Analysis Attack on SQIsign

Mukherjee, Anisha and Czuprynko, Maciej and Jacquemin, David and Kutas, Péter and Roy, Sujoy Sinha (2026) Simple Power Analysis Attack on SQIsign. LECTURE NOTES IN COMPUTER SCIENCE, 15651. pp. 245-269. ISSN 0302-9743

Text 2025-830.pdf - Published Version Restricted to Registered users only Download (857kB) | Request a copy

Abstract

The isogeny-based post-quantum digital signature algorithm SQIsign offers the most compact key and signature sizes among all candidates in the ongoing NIST call for additional post-quantum signature algorithms. To the best of our knowledge, we present the first Simple Power Analysis (SPA) side-channel attack on SQIsign, demonstrating its feasibility for key recovery. Our attack specifically targets secret-dependent computations within Cornacchia’s algorithm, a fundamental component of SQIsign’s quaternion module. At the core of this algorithm, a secretderived yet ephemeral exponent is used in a modular exponentiation subroutine. By performing SPA on the modular exponentiation, we successfully recover this ephemeral exponent. We then develop a method to show how this leaked exponent can be exploited to ultimately reconstruct the secret signing key of SQIsign. Our findings emphasize the critical need for side-channel-resistant implementations of SQIsign, highlighting previously unexplored vulnerabilities in its design.

Actions (login required)

Edit Item