Advertisement

Optimized Method for Computing Odd-Degree Isogenies on Edwards Curves

  • Suhri Kim
  • Kisoon Yoon
  • Young-Ho ParkEmail author
  • Seokhie Hong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11922)

Abstract

In this paper, we present an efficient method to compute arbitrary odd-degree isogenies on Edwards curves. By using the w-coordinate, we optimized the isogeny formula on Edwards curves by Moody and Shumow. We demonstrate that Edwards curves have an additional benefit when recovering the coefficient of the image curve during isogeny computation. For \(\ell \)-degree isogeny where \(\ell =2s+1\), our isogeny formula on Edwards curves outperforms Montgomery curves when \(s \ge 2\). To better represent the performance improvements when w-coordinate is used, we implement CSIDH using our isogeny formula. Our implementation is about 20% faster than the previous implementation. The result of our work opens the door for the usage of Edwards curves in isogeny-based cryptography, especially for CSIDH which requires higher degree isogenies.

Keywords

Isogeny Post-quantum cryptography Montgomery curves Edwards curves SIDH CSIDH 

Notes

Acknowledgement

We thank the anonymous reviewers for their useful and constructive comments.

References

  1. 1.
    Azarderakhsh, R., Bakos Lang, E., Jao, D., Koziel, B.: EdSIDH: supersingular isogeny Diffie-Hellman key exchange on Edwards curves. In: Chattopadhyay, A., Rebeiro, C., Yarom, Y. (eds.) SPACE 2018. LNCS, vol. 11348, pp. 125–141. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-05072-6_8CrossRefGoogle Scholar
  2. 2.
    Azarderakhsh, R., et al.: Supersingular isogeny key encapsulation. Submission to the NIST Post-Quantum Standardization Project (2017)Google Scholar
  3. 3.
    Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68164-9_26CrossRefGoogle Scholar
  4. 4.
    Bernstein, D.J., Lange, T.: Inverted Edwards coordinates. In: Boztaş, S., Lu, H.-F.F. (eds.) AAECC 2007. LNCS, vol. 4851, pp. 20–27. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77224-8_4CrossRefGoogle Scholar
  5. 5.
    Bos, J.W., Friedberger, S.J.: Arithmetic considerations for isogeny-based cryptography. IEEE Trans. Comput. 68(7), 979–990 (2019)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Bröker, R.: Constructing supersingular elliptic curves. J. Comb. Number Theory 1(3), 269–273 (2009)MathSciNetzbMATHGoogle Scholar
  7. 7.
    Mendel, F., Nad, T., Schläffer, M.: Finding SHA-2 characteristics: searching through a minefield of contradictions. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 288–307. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_16CrossRefGoogle Scholar
  8. 8.
    Childs, A., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Cryptol. 8(1), 1–29 (2014)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Costello, C., Hisil, H.: A simple and compact algorithm for SIDH with arbitrary degree isogenies. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 303–329. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70697-9_11CrossRefGoogle Scholar
  10. 10.
    Costello, C., Longa, P., Naehrig, M.: SIDH library (2016–2018). https://github.com/Microsoft/PQCrypto-SIDH
  11. 11.
    Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_21CrossRefGoogle Scholar
  12. 12.
    Couveignes, J.M.: Hard homogeneous spaces (2006). https://eprint.iacr.org/2006/291
  13. 13.
    De Feo, L., Kieffer, J., Smith, B.: Towards practical key exchange from ordinary isogeny graphs. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 365–394. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-03332-3_14CrossRefGoogle Scholar
  14. 14.
    Farashahi, R.R., Hosseini, S.G.: Differential addition on twisted Edwards curves. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 366–378. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59870-3_21CrossRefGoogle Scholar
  15. 15.
    Hisil, H., Wong, K.K.-H., Carter, G., Dawson, E.: Twisted Edwards curves revisited. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 326–343. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89255-7_20CrossRefGoogle Scholar
  16. 16.
    Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25405-5_2CrossRefzbMATHGoogle Scholar
  17. 17.
    Kim, S., Yoon, K., Kwon, J., Hong, S., Park, Y.H.: Efficient isogeny computations on twisted Edwards curves. Secur. Commun. Netw. 2018, 1–11 (2018)Google Scholar
  18. 18.
    Kim, S., Yoon, K., Kwon, J., Park, Y.H., Hong, S.: New hybrid method for isogeny-based cryptosystems using Edwards curves. IEEE Trans. Inf. Theory (2019).  https://doi.org/10.1109/TIT.2019.2938984
  19. 19.
    Meyer, M., Reith, S.: A faster way to the CSIDH. In: Chakraborty, D., Iwata, T. (eds.) INDOCRYPT 2018. LNCS, vol. 11356, pp. 137–152. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-05378-9_8CrossRefGoogle Scholar
  20. 20.
    Meyer, M., Reith, S., Campos, F.: On hybrid SIDH schemes using Edwards and Montgomery curve arithmetic (2017). https://eprint.iacr.org/2017/1213
  21. 21.
    Moody, D., Shumow, D.: Analogues of Vélu’s formulas for isogenies on alternate models of elliptic curves. Math. Comput. 85(300), 1929–1951 (2016)CrossRefGoogle Scholar
  22. 22.
    Moriya, T., Onuki, H., Takagi, T.: How to construct CSIDH on Edwards curves. Cryptology ePrint Archive, Report 2019/843 (2019). https://eprint.iacr.org/2019/843
  23. 23.
    Stolbunov, A.: Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Adv. Math. Commun. 4(2), 215–235 (2010)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Suhri Kim
    • 1
  • Kisoon Yoon
    • 2
  • Young-Ho Park
    • 3
    Email author
  • Seokhie Hong
    • 1
  1. 1.Center for Information Security Technologies (CIST)Korea UniversitySeoulRepublic of Korea
  2. 2.NSHC Inc.UiwangRepublic of Korea
  3. 3.Sejong Cyber UniversitySeoulRepublic of Korea

Personalised recommendations