Quantum-Resistant Diffie-Hellman Key Exchange from Supersingular Elliptic Curve Isogenies

Possibility of the emergence of quantum computers in the near future, pose a serious threat against the security of widely-used public key cryptosystems such as RSA or Elliptic Curve Cryptography (ECC). Algorithms involving isogeny computations on supersingular elliptic curves have been shown to be difficult to break, even to quantum computers. Thus, isogeny-based protocols represent promising solution to provide quantum-resistant cryptography. This paper, explores a relatively new scheme which allows two parties to generate DH secret shared using isogenies between supersingular elliptic curves. The reason behind using supersingular elliptic curve, is the development of a sub-exponential time quantum algorithm which is able to break isogenies between ordinary elliptic curves. On the other hand, in the case of supersingular elliptic curves, the fastest known quantum attack remains exponential, because of non-commutativity of the endomorphism ring. However, the noncommutativity feature causes the main technical difficulty in the supersingular case, because Diffie-Hellman key-exchange protocol require commutativity of elements to generate shared secret. In this paper, solution to this problem is also investigates and it is shown that providing the outputs of the isogeny on certain points can be deployed to overcome the non-commutativity problem in Diffie-Hellman Key-Exchange protocol.