Faster Isogeny-Based Compressed Key Agreement

  • Gustavo H. M. Zanon
  • Marcos A. SimplicioJr
  • Geovandro C. C. F. PereiraEmail author
  • Javad Doliskani
  • Paulo S. L. M. Barreto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10786)


Supersingular isogeny-based cryptography is one of the more recent families of post-quantum proposals. An interesting feature is the comparatively low bandwidth occupation in key agreement protocols, which stems from the possibility of key compression. However, compression and decompression introduce a significant overhead to the overall processing cost despite recent progress. In this paper we address the main processing bottlenecks involved in key compression and decompression, and suggest substantial improvements for each of them. Some of our techniques may have an independent interest for other, more conventional areas of elliptic curve cryptography as well.



J. Doliskani and G. Pereira were supported by NSERC, CryptoWorks21, and Public Works and Government Services Canada. M. Simplicio was supported by Brazilian National Council for Scientific and Technological Development (CNPq) under grant 301198/2017-9. M. Simplicio, P. Barreto and G. Zanon were partially supported by the joint São Paulo Research Foundation (FAPESP) / Intel Research grant 2015/50520-6 “Efficient Post-Quantum Cryptography for Building Advanced Security Applications.” M. Simplicio and P. Barreto are also partially supported by the São Paulo Research Foundation (FAPESP) under grant 13/25977-7.

Supplementary material


  1. 1.
    Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, pp. 1–10. ACM (2016)Google Scholar
  2. 2.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002). Scholar
  3. 3.
    Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 967–980. ACM (2013)Google Scholar
  4. 4.
    Bernstein, D.J., Lange, T.: Analysis and optimization of elliptic-curve single-scalar multiplication. In: Finite Fields and Applications: Proceedings of Fq8, Number 461 in Contemporary Mathematics, pp. 1–18. American Mathematical Society, Providence (2008)Google Scholar
  5. 5.
    Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient compression of SIDH public keys. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 679–706. Springer, Cham (2017). Scholar
  6. 6.
    De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209–247 (2014)MathSciNetzbMATHGoogle Scholar
  7. 7.
    Faz-Hernández, A., López, J., Ochoa-Jiménez, E., Rodríguez-Henríquez, F.: A faster software implementation of the supersingular isogeny Diffie-Hellman key exchange protocol. Cryptology ePrint Archive, Report 2017/1015 (2017)Google Scholar
  8. 8.
    Husemöller, D.: Elliptic Curves: Graduate Texts in Mathematics, vol. 111, 2nd edn. Springer, New York (2004). Scholar
  9. 9.
    Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). Scholar
  10. 10.
    MS SIDH team: SIDH v2.0 (2017).
  11. 11.
    Subramanya Rao, S.R.: Three dimensional montgomery ladder, differential point tripling on montgomery curves and point quintupling on weierstrass’ and edwards curves. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 84–106. Springer, Cham (2016). Scholar
  12. 12.
    Schaefer, E., Stoll, M.: How to do a \(p\)-descent on an elliptic curve. Trans. Am. Math. Soc. 356(3), 1209–1231 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Shoup, V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, Cambridge (2005)CrossRefzbMATHGoogle Scholar
  14. 14.
    Silverman, J.H.: The Arithmetic of Elliptic Curves: Graduate Texts in Mathematics, vol. 106, 2nd edn. Springer, New York (2009). Scholar
  15. 15.
    Spiegel, M.R., Liu, J.: Mathematical Handbook of Formulas and Tables. Schaum’s Outline Series, 2nd edn. McGraw-Hill, New York (1999)Google Scholar
  16. 16.
    Zanon, G.H.M., Simplicio Jr., M.A., Pereira, G.C.C.F., Doliskani, J., Barreto, P.S.L.M.: Faster isogeny-based compressed key agreement. Technical report, Cryptology ePrint Archive, Report 2017/1143 (2017)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Escola PolitécnicaUniversity of São PauloSão PauloBrazil
  2. 2.Institute for Quantum ComputingUniversity of WaterlooWaterlooCanada
  3. 3.University of Washington TacomaTacomaUSA

Personalised recommendations