Skip to main content
SpringerLink
Log in

Effective Pairings in Isogeny-Based Cryptography

  • Conference paper
  • First Online:
Progress in Cryptology – LATINCRYPT 2023 (LATINCRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14168))

Abstract

Pairings are useful tools in isogeny-based cryptography and have been used in SIDH/SIKE and other protocols. As a general technique, pairings can be used to move problems about points on curves to elements in finite fields. However, until now, their applicability was limited to curves over fields with primes of a specific shape and pairings seemed too costly for the type of primes that are nowadays often used in isogeny-based cryptography. We remove this roadblock by optimizing pairings for highly-composite degrees such as those encountered in CSIDH and SQISign. This makes the general technique viable again: We apply our low-cost pairing to problems of general interest, such as supersingularity verification and finding full-torsion points, and show that we can outperform current methods, in some cases up to four times faster than the state-of-the-art. Furthermore, we analyze how pairings can be used to improve deterministic and dummy-free CSIDH. Finally, we provide a constant-time implementation (in Rust) that shows the practicality of these algorithms.

This work was done in large while the author was on an internship at the Cryptographic Research Centre of the Technology Innovation Institute, Abu Dhabi, UAE. In particular, the author thanks Francisco Rodríguez-Henríquez and Michael Scott for their warm support and excellent advice on the performance of these pairings. A full version of this paper is available at https://eprint.iacr.org/2023/858.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    pronounced “ell-kie”.

  2. 2.

    These techniques are inspired by finite field exponentiation and scalar multiplication, and have been analyzed previously for pairing-based cryptography [23, 24].

  3. 3.

    We treat finding full-torsion points in Sect. 4.3.

  4. 4.

    To compute using Lucas exponentiation we use a constant-time laddering approach. Interesting future work would be to use (differential) addition chains to reduce costs.

References

  1. Banegas, G., et al.: CTIDH: faster constant-time CSIDH. In: TCHES 2021, pp. 351–387 (2021)

    Google Scholar 

  2. Banegas, G., Gilchrist, V., Smith, B.: Efficient supersingularity testing over \(\mathbb{F} _p\) and CSIDH key validation. Math. Cryptol. 2(1), 21–35 (2022)

    Google Scholar 

  3. Banegas, G., et al.: Disorientation faults in CSIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 310–342. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_11

    Chapter  Google Scholar 

  4. Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_23

    Chapter  Google Scholar 

  5. Barreto, P., Lynn, B., Scott, M.: Efficient implementation of pairing-based cryptosystems. J. Cryptol. 17(4), 321–334 (2004)

    Article  MathSciNet  Google Scholar 

  6. Campos, F., et al.: On the Practicality of Post-Quantum TLS Using Large-Parameter CSIDH. ePrint 2023/793

    Google Scholar 

  7. Campos, F., Kannwischer, M.J., Meyer, M., Onuki, H., Stöttinger, M.: Trouble at the CSIDH: protecting CSIDH with dummy-operations against fault injection attacks. In: FDTC 2020, pp. 57–65. IEEE (2020)

    Google Scholar 

  8. Campos, F., Meyer, M., Reijnders, K., Stöttinger, M.: Patient zero and patient six. SAC (2022)

    Google Scholar 

  9. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  10. Cervantes-Vázquez, D., Chenu, M., Chi-Domínguez, J.-J., De Feo, L., Rodríguez-Henríquez, F., Smith, B.: Stronger and faster side-channel protections for CSIDH. In: Schwabe, P., Thériault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 173–193. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30530-7_9

    Chapter  Google Scholar 

  11. Chávez-Saab, J., Chi-Domínguez, J.-J., Jaques, S., Rodríguez-Henríquez, F.: The SQALE of CSIDH. J. Cryptogr. Eng. 12(3), 349–368 (2022)

    Article  Google Scholar 

  12. Chi-Domínguez, J.-J., Rodríguez-Henríquez, F.: Optimal strategies for CSIDH. Adv. Math. Commun. 16(2), 383–411 (2022)

    Article  MathSciNet  Google Scholar 

  13. Costello, C.: Pairings for beginners (2015). https://www.craigcostello.com.au/

  14. Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient compression of SIDH public keys. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 679–706. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_24

    Chapter  Google Scholar 

  15. Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_21

    Chapter  Google Scholar 

  16. Costello, C., Smith, B.: Montgomery curves and their arithmetic: the case of large characteristic fields. J. Cryptogr. Eng. 8, 227–240 (2018)

    Article  Google Scholar 

  17. De Feo, L., Kohel, D., Leroux, A., Petit, C., Wesolowski, B.: SQISign: compact post-quantum signatures from quaternions and isogenies. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 64–93. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_3

    Chapter  Google Scholar 

  18. Doliskani, J.: On division polynomial pit and supersingularity. Appl. Algebra Eng. Commun. Comput. 29(5), 393–407 (2018)

    Article  MathSciNet  Google Scholar 

  19. Galbraith, S.D.: Pairings (2005)

    Google Scholar 

  20. Galbraith, S.D., Lin, X.: Computing pairings using \(x\)-coordinates only. Des. Codes Crypt. 50(3), 305–324 (2009)

    Article  MathSciNet  Google Scholar 

  21. Hutchinson, A., LeGrow, J., Koziel, B., Azarderakhsh, R.: Further optimizations of CSIDH: a systematic approach to efficient strategies, permutations, and bound vectors. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020. LNCS, vol. 12146, pp. 481–501. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57808-4_24

    Chapter  Google Scholar 

  22. Joye, M., Quisquater, J.-J.: On the importance of securing your bins: The garbage-man-in-the-middle attack. In: CCS 1997, pp. 135–141 (1997)

    Google Scholar 

  23. Kiyomura, Y., Takagi, T.: Efficient algorithm for Tate pairing of composite order. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 97(10), 2055–2063 (2014)

    Article  Google Scholar 

  24. Kobayashi, T., Aoki, K., Imai, H.: Efficient algorithms for Tate pairing. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 89(1), 134–143 (2006)

    Article  Google Scholar 

  25. LeGrow, J.T., Hutchinson, A.: (Short Paper) analysis of a strong fault attack on static/ephemeral CSIDH. In: Nakanishi, T., Nojima, R. (eds.) IWSEC 2021. LNCS, vol. 12835, pp. 216–226. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85987-9_12

    Chapter  Google Scholar 

  26. Lin, K., Wang, W., Xu, Z., Zhao, C.: A faster software implementation of sqisign. Cryptology ePrint Archive, Paper 2023/753 (2023)

    Google Scholar 

  27. Lubicz, D., Robert, D.: A generalisation of miller’s algorithm and applications to pairing computations on abelian varieties. J. Symb. Comput. 67, 68–92 (2015)

    Article  MathSciNet  Google Scholar 

  28. Lubicz, D., Robert, D.: Efficient pairing computation with theta functions. In: Hanrot, G., Morain, F., Thomé, E. (eds.) ANTS 2010. LNCS, vol. 6197, pp. 251–269. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14518-6_21

    Chapter  Google Scholar 

  29. McEliece, R.: Finite Fields for Computer Scientists and Engineers, vol. 23. Springer, New York (2012). https://doi.org/10.1007/978-1-4613-1983-2

    Book  Google Scholar 

  30. Meyer, M., Campos, F., Reith, S.: On lions and elligators: an efficient constant-time implementation of CSIDH. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 307–325. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_17

    Chapter  Google Scholar 

  31. Meyer, M., Reith, S.: A faster way to the CSIDH. In: Chakraborty, D., Iwata, T. (eds.) INDOCRYPT 2018. LNCS, vol. 11356, pp. 137–152. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05378-9_8

    Chapter  Google Scholar 

  32. Miller, V.: The weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004)

    Article  MathSciNet  Google Scholar 

  33. Onuki, H., Aikawa, Y., Yamazaki, T., Takagi, T.: A faster constant-time algorithm of CSIDH keeping two points. In: IWSEC 2019 (2019)

    Google Scholar 

  34. Reitwiesner, G.: Binary arithmetic. In: Advances in Computers, vol. 1, pp. 231–308. Elsevier (1960)

    Google Scholar 

  35. Scott, M.: Pairing implementation revisited. ePrint 2019/077 (2019)

    Google Scholar 

  36. Scott, M.: Understanding the Tate pairing (2004). http://www.computing.dcu.ie/~mike/tate.html

  37. Scott, M., Barreto, P.S.L.M.: Compressed pairings. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 140–156. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_9

    Chapter  Google Scholar 

  38. Silverman, J.H.: A Survey of Local and Global Pairings on Elliptic Curves and Abelian Varieties. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 377–396. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17455-1_24

    Chapter  Google Scholar 

  39. Stange, K.E.: The Tate pairing via elliptic nets. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 329–348. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73489-5_19

    Chapter  Google Scholar 

  40. Sutherland, A.: Identifying supersingular elliptic curves. LMS J. Comput. Math. 15, 317–325 (2012)

    Article  MathSciNet  Google Scholar 

  41. Vélu, J.: Isogénies entre courbes elliptiques. Comptes Rendus de l’Académie des Sciences de Paris, Séries A 273, 238–241 (1971)

    MathSciNet  Google Scholar 

  42. Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56(1), 455–461 (2009)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Radboud University, Nijmegen, The Netherlands

    Krijn Reijnders

Authors
  1. Krijn Reijnders
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Krijn Reijnders .

Editor information

Editors and Affiliations

  1. Technology Innovation Institute, Abu Dhabi, United Arab Emirates

    Abdelrahaman Aly

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Mehdi Tibouchi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Reijnders, K. (2023). Effective Pairings in Isogeny-Based Cryptography. In: Aly, A., Tibouchi, M. (eds) Progress in Cryptology – LATINCRYPT 2023. LATINCRYPT 2023. Lecture Notes in Computer Science, vol 14168. Springer, Cham. https://doi.org/10.1007/978-3-031-44469-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-44469-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-44468-5

  • Online ISBN: 978-3-031-44469-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation