Advertisement

EdSIDH: Supersingular Isogeny Diffie-Hellman Key Exchange on Edwards Curves

  • Reza Azarderakhsh
  • Elena Bakos Lang
  • David Jao
  • Brian Koziel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11348)

Abstract

Problems relating to the computation of isogenies between elliptic curves defined over finite fields have been studied for a long time. Isogenies on supersingular elliptic curves are a candidate for quantum-safe key exchange protocols because the best known classical and quantum algorithms for solving well-formed instances of the isogeny problem are exponential. We propose an implementation of supersingular isogeny Diffie-Hellman (SIDH) key exchange for complete Edwards curves. Our work is motivated by the use of Edwards curves to speed up many cryptographic protocols and improve security. Our work does not actually provide a faster implementation of SIDH, but the use of complete Edwards curves and their complete addition formulae provides security benefits against side-channel attacks. We provide run time complexity analysis and operation counts for the proposed key exchange based on Edwards curves along with comparisons to the Montgomery form.

Keywords

Edwards curves Isogeny arithmetic Supersingular isogeny Diffie-Hellman key exchange 

Notes

Acknowledgement

The authors would like to thank the reviewers for their comments. This work is supported in parts by awards NIST 60NANB16D246, NIST 60NANB17D184, and NSF CNS-1801341. Also, this research was undertaken thanks in part to funding from the Canada First Research Excellence Fund, Natural Sciences and Engineering Research Council of Canada, CryptoWorks21, Public Works and Government Services Canada, and the Royal Bank of Canada.

References

  1. 1.
    Azarderakhsh, R., Fishbein, D., Jao, D.: Efficient implementations of a quantum-resistant key-exchange protocol on embedded systems. Technical report (2014)Google Scholar
  2. 2.
    Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, AsiaPKC 2016, pp. 1–10. ACM, New York (2016)Google Scholar
  3. 3.
    Azarderakhsh, R., Jao, D., Leonardi, C.: Post-quantum static-static key agreement using multiple protocol instances. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 45–63. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-72565-9_3CrossRefGoogle Scholar
  4. 4.
    Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68164-9_26CrossRefGoogle Scholar
  5. 5.
    Bernstein, D.J., Birkner, P., Lange, T., Peters, C.: ECM using Edwards curves. Math. Comp. 82(282), 1139–1179 (2013)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-76900-2_3CrossRefGoogle Scholar
  7. 7.
    Bernstein, D.J., Lange, T.: A complete set of addition laws for incomplete Edwards curves. J. Number Theory 131(5), 858–872 (2011). Elliptic Curve CryptographyMathSciNetCrossRefGoogle Scholar
  8. 8.
    Charles, D., Lauter, K., Goren, E.: Cryptographic hash functions from expander graphs. J. Cryptol. 22(1), 93–113 (2009)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Chen, L., et al.: Report on post-quantum cryptography. Technical report, National Institute of Standards and Technology (NIST) (2016)Google Scholar
  10. 10.
    Costache, A., Feigon, B., Lauter, K., Massierer, M., Puskas, A.: Ramanujan graphs in cryptography. Cryptology ePrint Archive, Report 2018/593 (2018)Google Scholar
  11. 11.
    Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_21CrossRefGoogle Scholar
  12. 12.
    Costello, C., Hisil, H.: A simple and compact algorithm for SIDH with arbitrary degree isogenies. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 303–329. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70697-9_11CrossRefGoogle Scholar
  13. 13.
    Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient compression of SIDH public keys. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 679–706. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_24CrossRefGoogle Scholar
  14. 14.
    De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209–247 (2014)MathSciNetzbMATHGoogle Scholar
  15. 15.
    Edwards, H.M.: A normal form for elliptic curves. In: Bulletin of the American Mathematical Society, pp. 393–422 (2007)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Faz-Hernández, A., López, J., Ochoa-Jiménez, E., Rodríguez-Henríquez, F.: A faster software implementation of the supersingular isogeny Diffie-Hellman key exchange protocol. IEEE Trans. Comput. (2018, to appear)Google Scholar
  17. 17.
    Jalali, A., Azarderakhsh, R., Mozaffari-Kermani, M., Jao, D.: Supersingular isogeny Diffie-Hellman key exchange on 64-bit ARM. IEEE Trans. Dependable Secur. Comput. I: Regul. Pap. (2017)Google Scholar
  18. 18.
    Jao, D., et al.: Supersingular isogeny key encapsulation. Submission to the NIST Post-Quantum Standardization Project (2017)Google Scholar
  19. 19.
    Kim, S., Yoon, K., Kwon, J., Hong, S., Park, Y.-H.: Efficient isogeny computations on twisted Edwards curves. Secur. Commun. Netw. (2018)Google Scholar
  20. 20.
    Koziel, B., Azarderakhsh, R., Jao, D.: An exposure model for supersingular isogeny Diffie-Hellman key exchange. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 452–469. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-76953-0_24CrossRefGoogle Scholar
  21. 21.
    Koziel, B., Azarderakhsh, R., Jao, D.: Side-channel attacks on quantum-resistant supersingular isogeny Diffie-Hellman. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 64–81. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-72565-9_4CrossRefGoogle Scholar
  22. 22.
    Koziel, B., Azarderakhsh, R., Jao, D., Mozaffari-Kermani, M.: On fast calculation of addition chains for isogeny-based cryptography. In: Chen, K., Lin, D., Yung, M. (eds.) Inscrypt 2016. LNCS, vol. 10143, pp. 323–342. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-54705-3_20CrossRefGoogle Scholar
  23. 23.
    Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M.: Fast hardware architectures for supersingular isogeny Diffie-Hellman key exchange on FPGA. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 191–206. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-49890-4_11CrossRefGoogle Scholar
  24. 24.
    Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M.: A high-performance and scalable hardware architecture for isogeny-based cryptography. IEEE Trans. Comput. PP(99), 1 (2018)zbMATHGoogle Scholar
  25. 25.
    Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M., Jao, D.: Post-quantum cryptography on FPGA based on isogenies on elliptic curves. IEEE Trans. Circ. Syst. I: Regul. Pap. 64, 86–99 (2017)zbMATHGoogle Scholar
  26. 26.
    Koziel, B., Jalali, A., Azarderakhsh, R., Jao, D., Mozaffari-Kermani, M.: NEON-SIDH: efficient implementation of supersingular isogeny Diffie-Hellman key exchange protocol on ARM. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 88–103. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-48965-0_6CrossRefGoogle Scholar
  27. 27.
    Meyer, M., Reith, S., Campos, F.: On hybrid SIDH schemes using Edwards and Montgomery curve arithmetic. Cryptology ePrint Archive, Report 2017/1213 (2017)Google Scholar
  28. 28.
    Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Moody, D., Shumow, D.: Analogues of Vélu’s formulas for isogenies on alternate models of elliptic curves. Math. Comp. 85(300), 1929–1951 (2016)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Valyukh, V.: Performance and comparison of post-quantum cryptographic algorithms. Master’s thesis, Linkoping University (2017)Google Scholar
  31. 31.
    Vélu, J.: Isogénies entre courbes elliptiques. C. R. Acad. Sci. Paris Sér. A-B 273, A238–A241 (1971)zbMATHGoogle Scholar
  32. 32.
    Yoo, Y., Azarderakhsh, R., Jalali, A., Jao, D., Soukharev, V.: A post-quantum digital signature scheme based on supersingular isogenies. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 163–181. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70972-7_9CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Reza Azarderakhsh
    • 1
  • Elena Bakos Lang
    • 2
  • David Jao
    • 2
    • 3
    • 4
  • Brian Koziel
    • 5
  1. 1.Department of Computer and Electrical Engineering and Computer ScienceFlorida Atlantic UniversityBoca RatonUSA
  2. 2.Department of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada
  3. 3.Centre for Applied Cryptographic ResearchUniversity of WaterlooWaterlooCanada
  4. 4.evolutionQ, Inc.WaterlooCanada
  5. 5.Texas InstrumentsDallasUSA

Personalised recommendations