Advertisement

Dual Isogenies and Their Application to Public-Key Compression for Isogeny-Based Cryptography

  • Michael NaehrigEmail author
  • Joost Renes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11922)

Abstract

The isogeny-based protocols SIDH and SIKE have received much attention for being post-quantum key agreement candidates that retain relatively small keys. A recent line of work has proposed and further improved compression of public keys, leading to the inclusion of public-key compression in the SIKE proposal for Round 2 of the NIST Post-Quantum Cryptography Standardization effort. We show how to employ the dual isogeny to significantly increase performance of compression techniques, reducing their overhead from 160–182% to 77–86% for Alice’s key generation and from 98–104% to 59–61% for Bob’s across different SIDH parameter sets. For SIKE, we reduce the overhead of (1) key generation from 140–153% to 61–74%, (2) key encapsulation from 67–90% to 38–57%, and (3) decapsulation from 59–65% to 34–39%. This is mostly achieved by speeding up the pairing computations, which has until now been the main bottleneck, but we also improve (deterministic) basis generation.

Keywords

Post-Quantum Cryptography Public-key compression Supersingular elliptic curves Dual isogenies Reduced Tate pairings 

Notes

Acknowledgements

We thank the anonymous reviewers for their detailed remarks and Paulo S.L.M. Barreto for valuable feedback to improve the paper.

References

  1. 1.
    Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: AsiaPKC 2016, pp. 1–10. ACM (2016)Google Scholar
  2. 2.
    Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: ACM SIGSAC 2013, pp. 967–980. ACM (2013)Google Scholar
  3. 3.
    Blake, I., Seroussi, G., Smart, N., Cassels, J.W.S.: Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2005)CrossRefGoogle Scholar
  4. 4.
    Bos, J.W., et al.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. In: EuroS&P 2018, pp. 353–367. IEEE (2018)Google Scholar
  5. 5.
    Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-03332-3_15CrossRefGoogle Scholar
  6. 6.
    Costello, C., Hisil, H.: A simple and compact algorithm for SIDH with arbitrary degree isogenies. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 303–329. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70697-9_11CrossRefGoogle Scholar
  7. 7.
    Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient compression of SIDH public keys. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 679–706. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_24CrossRefGoogle Scholar
  8. 8.
    Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_21CrossRefGoogle Scholar
  9. 9.
    Costello, C., Longa, P., Naehrig, M., Renes, J., Virdia, F.: Improved classical cryptanalysis of the computational supersingular isogeny problem. Cryptology ePrint Archive, Report 2019/298 (2019). https://eprint.iacr.org/2019/298
  10. 10.
    Costello, C., Stebila, D.: Fixed argument pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 92–108. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14712-8_6CrossRefGoogle Scholar
  11. 11.
    D’Anvers, J.-P., Karmakar, A., Sinha Roy, S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282–305. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-89339-6_16CrossRefGoogle Scholar
  12. 12.
    De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8, 209–247 (2014)MathSciNetzbMATHGoogle Scholar
  13. 13.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_34CrossRefGoogle Scholar
  14. 14.
    Galbraith, S.D.: Mathematics of Public Key Cryptography. Cambridge University Press, Cambridge (2012)CrossRefGoogle Scholar
  15. 15.
    Galbraith, S.D., Petit, C., Shani, B., Ti, Y.B.: On the security of supersingular isogeny cryptosystems. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 63–91. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_3CrossRefGoogle Scholar
  16. 16.
    Hofheinz, D., Hövelmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 341–371. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70500-2_12CrossRefzbMATHGoogle Scholar
  17. 17.
    Jao, D., et al.: SIKE (2019). Submission to round 2 of [24]. http://sike.org
  18. 18.
    Jao, D., et al.: SIKE (2016). Submission to [24]. http://sike.org
  19. 19.
    Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25405-5_2CrossRefzbMATHGoogle Scholar
  20. 20.
    Lichtenbaum, S.: Duality theorems for curves over \(P\)-adic fields. Inventiones Mathematicae 7, 120–136 (1969)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Miller, V.S.: The Weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Naehrig, M., Renes, J.: Dual isogenies and their application to public-key compression for isogeny-based cryptography. Cryptology ePrint Archive, Report 2019/499 (2019). https://eprint.iacr.org/2019/499
  24. 24.
    National Institute of Standards and Technology: Post-quantum cryptography standardization, December 2016. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization
  25. 25.
    Renes, J.: Computing isogenies between Montgomery curves using the action of (0, 0). In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 229–247. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-79063-3_11CrossRefGoogle Scholar
  26. 26.
    Renes, J., Smith, B.: qDSA: small and secure digital signatures with curve-based Diffie–Hellman key pairs. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 273–302. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70697-9_10CrossRefGoogle Scholar
  27. 27.
    Schaefer, E., Stoll, M.: How to do a \(p\)-descent on an elliptic curve. Trans. Am. Math. Soc. 356(3), 1209–1231 (2004)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Scott, M.: Implementing cryptographic pairings. In: Takagi, T., et al. (eds.) Pairing 2007, pp. 177–196. Springer, Heidelberg (2007)Google Scholar
  29. 29.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (2009).  https://doi.org/10.1007/978-0-387-09494-6CrossRefzbMATHGoogle Scholar
  30. 30.
    Zanon, G.H.M., Simplicio, M.A., Pereira, G.C.C.F., Doliskani, J., Barreto, P.S.L.M.: Faster key compression for isogeny-based cryptosystems. IEEE Trans. Comput. 68(5), 688–701 (2019)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Microsoft ResearchRedmondUSA
  2. 2.Digital Security GroupRadboud UniversityNijmegenThe Netherlands

Personalised recommendations