Skip to main content

Authentication and key establishment protocol from supersingular isogeny for mobile environments


This paper presents a provably secure post-quantum authentication and key establishment protocol for mobile environments, which is the first one from supersingular isogeny to our best knowledge that achieves the client user authentication by using the convenient password and the server authentication by using the password-transformed secret value and its certificate, together with the final session key establishment between them. This makes it be quite suitable for providing quantum-resilient security assurance in mobile environments in the near future post-quantum era. The presented protocol actually is constructed by integrating the password-based authentication way with the key encapsulation mechanism and thereby is named as PBKEM for short. The presented post-quantum PBKEM protocol from supersingular isogeny is formally proved secure in the random oracle model under the well-known Bellare–Pointcheval–Rogaway (BPR) security model, whose security is finally reduced to the SI-CDH security assumption and the IND-CCA security of the SIKE scheme. Moreover, it is implemented on a personal computer by using the SIDH Library provided by Microsoft, and the experimental results have shown that the protocol is efficient enough to be applied in practice to provide quantum-resilient security assurance.

This is a preview of subscription content, access via your institution.

Fig. 1


  1. 1.

    Announcing request for nominations for public-key post-quantum cryptographic algorithms.

  2. 2.

    SIDH Library.

  3. 3.

    Alagic G, Alperin-Sheriff J, Apon D, Cooper D, Dang Q, Liu YK, Miller C, Moody D, Peralta R, Perlner R et al (2020) Status report on the second round of the nist post-quantum cryptography standardization process. Tech. rep, National Institute of Standards and Technology

  4. 4.

    Alamati N, Feo LD, Montgomery H, Patranabis S (2020) Cryptographic group actions and applications. Cryptology ePrint Archive, Report 2020/1188.

  5. 5.

    Azarderakhsh R, Jao D, Kalach K, Koziel B, Leonardi C (2016) Key compression for isogeny-based cryptosystems. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, pp. 1–10. ACM

  6. 6.

    Azarderakhsh R, Jao D, Koziel B, LeGrow JT, Soukharev V, Taraskin O (2020) How Not to Create an Isogeny-Based PAKE. Cryptology ePrint Archive, Report 2020/361.

  7. 7.

    Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: International conference on the theory and applications of cryptographic techniques, pp. 139–155. Springer

  8. 8.

    Bellovin SM, Merritt M (1992) Encrypted key exchange: Password-based protocols secure against dictionary attacks

  9. 9.

    Bernstein DJ, Chou T, Schwabe P (2013) McBits: fast constant-time code-based cryptography pp. 250–272

  10. 10.

    Castryck W, Lange T, Martindale C, Panny L, Renes J (2018) CSIDH: an efficient post-quantum commutative group action. In: Peyrin T, Galbraith S (eds) Advances in Cryptology - ASIACRYPT 2018. Springer International Publishing, Cham, pp 395–427

    Chapter  Google Scholar 

  11. 11.

    Childs A, Jao D, Soukharev V (2010) Constructing elliptic curve isogenies in quantum subexponential time

  12. 12.

    Costello C, Jao D, Longa P, Naehrig M, Renes J, Urbanik D (2017) Efficient Compression of SIDH Public Keys. Springer, Cham, pp 679–706

    MATH  Google Scholar 

  13. 13.

    Costello C, Longa P, Naehrig M (2016) Efficient algorithms for Supersingular Isogeny Diffie-Hellman. In: Robshaw M, Katz J (eds) Advances in Cryptology - CRYPTO 2016: 36th Annual International Cryptology Conference. Springer, Berlin Heidelberg, pp 572–601

    Chapter  Google Scholar 

  14. 14.

    Couveignes JM (2006) Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006/291.

  15. 15.

    De Feo L, Kieffer J, Smith B (2018) Towards Practical Key Exchange from Ordinary Isogeny Graphs. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 365–394. Springer

  16. 16.

    Dierks T, Rescorla E (2008) The transport layer security (TLS) protocol version 1.2

  17. 17.

    Diffie W, Hellman ME (1976) New directions in cryptography. IEEE Trans Inform Theory IT–22(6):644–654

    MathSciNet  Article  Google Scholar 

  18. 18.

    Dods C, Smart NP, Stam M (2005) Hash Based Digital Signature Schemes. In: IMA international conference on cryptography and coding, pp. 96–115. Springer

  19. 19.

    Fujioka A, Takashima K, Terada S, Yoneyama K (2018) Supersingular Isogeny Diffie-Hellman Authenticated Key Exchange. In: International Conference on Information Security and Cryptology, pp. 177–195

  20. 20.

    Galbraith SD (2018) Authenticated key exchange for SIDH. Cryptology ePrint Archive, Report 2018/266.

  21. 21.

    Galbraith SD, Petit C, Shani B, Ti YB (2016) On the Security of Supersingular Isogeny Cryptosystems. In: Advances in Cryptology–ASIACRYPT 2016: 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4-8, 2016, Proceedings, Part I 22, pp. 63–91. Springer

  22. 22.

    Galbraith SD, Petit C, Silva J (2017) Identification Protocols and Signature Schemes Based on Supersingular Isogeny Problems. In: International conference on the theory and application of cryptology and information security, pp. 3–33

  23. 23.

    Hoffstein J, Pipher J, Silverman JH (1998) NTRU: a ring-based public key cryptosystem. In: International Algorithmic Number Theory Symposium, pp. 267–288. Springer

  24. 24.

    Jao D, Azarderakhsh R, Campagna M, Costello C, De Feo L, Hess B, Jalali A, Koziel B, LaMacchia B, Longa P et al. (2017) SIKE: supersingular isogeny key encapsulation. Submission to the nist standardization process on post-quantum cryptography

  25. 25.

    Jao D, De Feo L (2011) Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: International Workshop on Post-Quantum Cryptography, pp. 19–34. Springer

  26. 26.

    Petzoldt A, Chen MS, Yang BY, Tao C, Ding J (2015) Design principles for hfev- based multivariate signature schemes. In: Iwata T, Cheon JH (eds) Advances in Cryptology - ASIACRYPT 2015. Springer, Berlin Heidelberg, Berlin, Heidelberg, pp 311–334

    Chapter  Google Scholar 

  27. 27.

    Pritzker P, Gallagher PD (2014) Sha-3 standard: permutation-based hash and extendable-output functions. Information Tech Laboratory National Institute of Standards and Technology pp. 1–35

  28. 28.

    Rostovtsev A, Stolbunov A (2006) Public-key cryptosystem based on isogenies. Cryptology ePrint Archive, Report 2006/145.

  29. 29.

    Shor PW (1994) Algorithms for quantum computation: Discrete logarithms and factoring. In: Foundations of Computer Science, Proceedings., 35th Annual Symposium on, pp. 124–134. IEEE

  30. 30.

    Taraskin O, Soukharev V, Jao D, LeGrow J (2018) An isogeny-based password-authenticated key establishment protocol. Cryptology ePrint Archive, Report 2018/886.

  31. 31.

    Terada S, Yoneyama K (2019) Password-Based Authenticated Key Exchange from Standard Isogeny Assumptions. In: International Conference on Provable Security, pp. 41–56. Springer

  32. 32.

    Xu X, Xue H, Wang K, Au MH, Tian S (2019) Strongly Secure Authenticated Key Exchange from Supersingular Isogenies. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 278–308. Springer

Download references


The author would like to sincerely gratitude to the editor and anonymous reviewers for their valuable comments and work for this paper. This work was supported in part by the Natural Science Basic Research Program of Shaanxi Province of China under Grant 2021JQ-123, in part by National Natural Science Foundation of China (No. 62074131), and in part by the Fundamental Research Funds for the Central Universities (No. 31020200QD011).

Author information



Corresponding author

Correspondence to Mingping Qi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Qi, M., Chen, J. Authentication and key establishment protocol from supersingular isogeny for mobile environments. J Supercomput (2021).

Download citation


  • Supersingular
  • Isogeny
  • SIDH
  • SIKE
  • Elliptic curve