FPGA-SIDH: High-Performance Implementation of Supersingular Isogeny Diffie-Hellman Key-Exchange Protocol on FPGA

To the best of our knowledge, we present the first hardware implementation of isogeny-based cryptography available in the literature. Particularly, we present the first implementation of the supersingular isogeny Diffie-Hellman (SIDH) key exchange, which features quantum-resistance. We optimize this design for speed by creating a high throughput multiplier unit, taking advantage of parallelization of arithmetic in Fp2 , and minimizing pipeline stalls with optimal scheduling. Consequently, our results are also faster than software libraries running SIDH even on Intel Haswell processors. For our implementation at 85-bit quantum security and 128-bit classical security, we generate ephemeral public keys in 1.655 million cycles for Alice and 1.490 million cycles for Bob. We generate the shared secret in an additional 1.510 million cycles for Alice and 1.312 million cycles for Bob. On a Virtex-7, these results are approximately 1.5 times faster than the fastest known software implementations for 512-bit SIDH. Our results and observations show that the isogeny-based schemes can be implemented with high efficiency on reconfigurable hardware. Index Terms Post-quantum cryptography, elliptic curve cryptography (ECC), isogeny-based cryptography, Field Programmable Gate Array (FPGA).