Horizontal side-channel full key recovery on ephemeral SIKE

This paper describes the first practical single-trace side-channel power analysis of SIKE. The attack exploits the nature of elliptic curve point addition formulas which require the same function to be executed multiple times. We target the three point ladder which involves a loop of a double-and-add procedure, of which each iteration depends on a single bit of the private key. We show how a single trace of a loop iteration can be segmented into different power traces on which several 32-bit words can be hypothesised based on the current value of the private key bit. This segmentation enables a classical correlation power analysis in an extend-and-prune approach. Further error-correction techniques based on depth-search are suggested. The attack was experimentally verified on an STM32F3 featuring a Cortex-M4 microcontroller which runs the SIKEp434 implementation adapted to 32-bit ARM. We obtained a resounding 100% success rate recovering the full private key in each experiment. Finally, we provide a simple countermeasure with a negligible overhead which mitigates our attack successfully.