Efficient Algorithms for Supersingular Isogeny Diffie-Hellman
نویسندگان
چکیده
We propose a new suite of algorithms that significantly improve the performance of supersingular isogeny Diffie-Hellman (SIDH) key exchange. Subsequently, we present a full-fledged implementation of SIDH that is geared towards the 128-bit quantum and 192bit classical security levels. Our library is the first constant-time SIDH implementation and is up to 2.9 times faster than the previous best (non-constant-time) SIDH software. The high speeds in this paper are driven by compact, inversion-free point and isogeny arithmetic and fast SIDH-tailored field arithmetic: on an Intel Haswell processor, generating ephemeral public keys takes 46 million cycles for Alice and 52 million cycles for Bob, while computing the shared secret takes 44 million and 50 million cycles, respectively. The size of public keys is only 564 bytes, which is significantly smaller than most of the popular post-quantum key exchange alternatives. Ultimately, the size and speed of our software illustrates the strong potential of SIDH as a post-quantum key exchange candidate and we hope that these results encourage a wider cryptanalytic effort.
منابع مشابه
Quantum-Resistant Diffie-Hellman Key Exchange from Supersingular Elliptic Curve Isogenies
Possibility of the emergence of quantum computers in the near future, pose a serious threat against the security of widely-used public key cryptosystems such as RSA or Elliptic Curve Cryptography (ECC). Algorithms involving isogeny computations on supersingular elliptic curves have been shown to be difficult to break, even to quantum computers. Thus, isogeny-based protocols represent promising ...
متن کاملDiffie-Hellman type key exchange protocols based on isogenies
In this paper, we propose some Diffie-Hellman type key exchange protocols using isogenies of elliptic curves. The first method which uses the endomorphism ring of an ordinary elliptic curve $ E $, is a straightforward generalization of elliptic curve Diffie-Hellman key exchange. The method uses commutativity of the endomorphism ring $ End(E) $. Then using dual isogenies, we propose...
متن کاملSide-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman
In this paper, we present three side-channel attacks on the quantum-resistant supersingular isogeny Di e-Hellman (SIDH) key exchange protocol. These re ned power analysis attacks target the representation of a zero value in a physical implementation of SIDH to extract bits of the secret key. To understand the behavior of these zero-attacks on SIDH, we investigate the representation of zero in t...
متن کاملFPGA-SIDH: High-Performance Implementation of Supersingular Isogeny Diffie-Hellman Key-Exchange Protocol on FPGA
To the best of our knowledge, we present the first hardware implementation of isogeny-based cryptography available in the literature. Particularly, we present the first implementation of the supersingular isogeny Diffie-Hellman (SIDH) key exchange, which features quantum-resistance. We optimize this design for speed by creating a high throughput multiplier unit, taking advantage of parallelizat...
متن کاملA Faster Software Implementation of the Supersingular Isogeny Diffie-Hellman Key Exchange Protocol
Since its introduction by Jao and De Feo in 2011, the supersingular isogeny Diffie-Hellman (SIDH) key exchange protocol has positioned itself as a promising candidate for post-quantum cryptography. One salient feature of the SIDH protocol is that it requires exceptionally short key sizes. However, the latency associated to SIDH is higher than the ones reported for other post-quantum cryptosyste...
متن کامل