Faster Isogeny-Based Compressed Key Agreement
Supersingular isogeny-based cryptography is one of the more recent families of post-quantum proposals. An interesting feature is the comparatively low bandwidth occupation in key agreement protocols, which stems from the possibility of key compression. However, compression and decompression introduce a significant overhead to the overall processing cost despite recent progress. In this paper we address the main processing bottlenecks involved in key compression and decompression, and suggest substantial improvements for each of them. Some of our techniques may have an independent interest for other, more conventional areas of elliptic curve cryptography as well.
J. Doliskani and G. Pereira were supported by NSERC, CryptoWorks21, and Public Works and Government Services Canada. M. Simplicio was supported by Brazilian National Council for Scientific and Technological Development (CNPq) under grant 301198/2017-9. M. Simplicio, P. Barreto and G. Zanon were partially supported by the joint São Paulo Research Foundation (FAPESP) / Intel Research grant 2015/50520-6 “Efficient Post-Quantum Cryptography for Building Advanced Security Applications.” M. Simplicio and P. Barreto are also partially supported by the São Paulo Research Foundation (FAPESP) under grant 13/25977-7.
- 1.Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, pp. 1–10. ACM (2016)Google Scholar
- 3.Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 967–980. ACM (2013)Google Scholar
- 4.Bernstein, D.J., Lange, T.: Analysis and optimization of elliptic-curve single-scalar multiplication. In: Finite Fields and Applications: Proceedings of Fq8, Number 461 in Contemporary Mathematics, pp. 1–18. American Mathematical Society, Providence (2008)Google Scholar
- 7.Faz-Hernández, A., López, J., Ochoa-Jiménez, E., Rodríguez-Henríquez, F.: A faster software implementation of the supersingular isogeny Diffie-Hellman key exchange protocol. Cryptology ePrint Archive, Report 2017/1015 (2017)Google Scholar
- 10.MS SIDH team: SIDH v2.0 (2017). https://github.com/Microsoft/PQCrypto-SIDH
- 11.Subramanya Rao, S.R.: Three dimensional montgomery ladder, differential point tripling on montgomery curves and point quintupling on weierstrass’ and edwards curves. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 84–106. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31517-1_5CrossRefGoogle Scholar
- 15.Spiegel, M.R., Liu, J.: Mathematical Handbook of Formulas and Tables. Schaum’s Outline Series, 2nd edn. McGraw-Hill, New York (1999)Google Scholar
- 16.Zanon, G.H.M., Simplicio Jr., M.A., Pereira, G.C.C.F., Doliskani, J., Barreto, P.S.L.M.: Faster isogeny-based compressed key agreement. Technical report, Cryptology ePrint Archive, Report 2017/1143 (2017)Google Scholar