Theory of the Interface Between Immiscible Polymers

Abstract. We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring. Our work is motivated by the recent development of a subexponential-time quantum algorithm for constructing isogenies between ordinary elliptic curves. In the supersingular case, by contrast, the fastest known quantum attack remains exponential, since the noncommutativity of the endomorphism ring means that the approach used in the ordinary case does not apply. We give a precise formulation of the necessary computational assumption along with a discussion of its validity, and prove the security of our protocols under this assumption. In addition, we present implementation results showing that our protocols are multiple orders of magnitude faster than previous isogeny-based cryptosystems over ordinary curves.

show abstract

Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

Feo¹,

Jao

Plût³

2014

292

263

View full text Add to dashboard Cite

show abstract

Stronger and Faster Side-Channel Protections for CSIDH

Cervantes-Vázquez

Chenu

Chi-Domínguez

et al. 2019

View full text Add to dashboard Cite

CSIDH is a recent quantum-resistant primitive based on the difficulty of finding isogeny paths between supersingular curves. Recently, two constant-time versions of CSIDH have been proposed: first by Meyer, Campos and Reith, and then by Onuki, Aikawa, Yamazaki and Takagi. While both offer protection against timing attacks and simple power consumption analysis, they are vulnerable to more powerful attacks such as fault injections. In this work, we identify and repair two oversights in these algorithms that compromised their constant-time character. By exploiting Edwards arithmetic and optimal addition chains, we produce the fastest constant-time version of CSIDH to date. We then consider the stronger attack scenario of fault injection, which is relevant for the security of CSIDH static keys in embedded hardware. We propose and evaluate a dummy-free CSIDH algorithm. While these CSIDH variants are slower, their performance is still within a small constant factor of lessprotected variants. Finally, we discuss derandomized CSIDH algorithms.Note: A previous version of this article incorrectly claimed that a test in Algorithm 2 leaks information through the timing channel. We are grateful to Prof. Onuki for point out our mistake.

show abstract

Towards Practical Key Exchange from Ordinary Isogeny Graphs

Feo

Kieffer

Smith

2018

View full text Add to dashboard Cite

We revisit the ordinary isogeny-graph based cryptosystems of Couveignes and Rostovtsev-Stolbunov, long dismissed as impractical. We give algorithmic improvements that accelerate key exchange in this framework, and explore the problem of generating suitable system parameters for contemporary pre-and post-quantum security that take advantage of these new algorithms. We also prove the session-key security of this key exchange in the Canetti-Krawczyk model, and the IND-CPA security of the related public-key encryption scheme, under reasonable assumptions on the hardness of computing isogeny walks. Our systems admit efficient key-validation techniques that yield CCA-secure encryption, thus providing an important step towards efficient post-quantum non-interactive key exchange (NIKE).

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Luca De Feo

Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies

Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

Stronger and Faster Side-Channel Protections for CSIDH

Towards Practical Key Exchange from Ordinary Isogeny Graphs

Contact Info

Product

Resources

About