Faster Isogenies for Quantum-Safe SIKE

In the third round of the NIST PQC standardization process, the only isogeny-based candidate, SIKE, su ers from slow performance when compared to other contenders. The large-degree isogeny computation performs a series of isogenous mappings between curves, to account for about 80% of SIKE's latency. Here, we propose, implement, and evaluate a new method for computing large-degree isogenies of an odd power. Our new strategy for this computation avoids expensive recomputation of temporary isogeny results. We modi ed open-source libraries targeting x86, ARM64, and ARM32 platforms. Across each of these implementations, our new method achieves 10% and 5% speedups in SIKE's key encapsulation and decapsulation operations, respectively. Additionally, these implementations use 3% less stack space at only a 48 byte increase in code size. Given the bene t and simplicity of our approach, we recommend this method for current and emerging SIKE implementations.

[1]  Hwajeong Seo,et al.  Optimized Implementation of SIKE Round 2 on 64-bit ARM Cortex-A Processors , 2020, IEEE Transactions on Circuits and Systems I: Regular Papers.

[2]  Reza Azarderakhsh,et al.  A High-Performance and Scalable Hardware Architecture for Isogeny-Based Cryptography , 2018, IEEE Transactions on Computers.

[3]  David Jao,et al.  Constructing elliptic curve isogenies in quantum subexponential time , 2010, J. Math. Cryptol..

[4]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[5]  Yan Bo Ti,et al.  Fault Attack on Supersingular Isogeny Cryptosystems , 2017, PQCrypto.

[6]  Reza Azarderakhsh,et al.  Accelerated RISC-V for Post-Quantum SIKE , 2022, IEEE Transactions on Circuits and Systems I: Regular Papers.

[7]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[8]  Craig Costello,et al.  Improved Classical Cryptanalysis of SIKE in Practice , 2020, Public Key Cryptography.

[9]  Jean Marc Couveignes,et al.  Hard Homogeneous Spaces , 2006, IACR Cryptol. ePrint Arch..

[10]  Reza Azarderakhsh,et al.  NEON-SIDH: Effi cient Implementation of Supersingular Isogeny Diffi e-Hellman Key-Exchange Protocol on ARM , 2016, IACR Cryptol. ePrint Arch..

[11]  Tanja Lange,et al.  CSIDH: An Efficient Post-Quantum Commutative Group Action , 2018, IACR Cryptol. ePrint Arch..

[12]  Siavash Bayat-Sarmadi,et al.  Implementation of Supersingular Isogeny-Based Diffie-Hellman and Key Encapsulation Using an Efficient Scheduling , 2020, IEEE Transactions on Circuits and Systems I: Regular Papers.

[13]  Reza Azarderakhsh,et al.  An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange , 2018, CT-RSA.

[14]  David Jao,et al.  Efficient Compression of SIDH Public Keys , 2017, EUROCRYPT.

[15]  Paulo S. L. M. Barreto,et al.  Isogeny-based key compression without pairings , 2021, IACR Cryptol. ePrint Arch..

[16]  Reza Azarderakhsh,et al.  Key Compression for Isogeny-Based Cryptosystems , 2016, AsiaPKC '16.

[17]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[18]  Patrick Longa,et al.  The Cost to Break SIKE: A Comparative Hardware-Based Analysis with AES and SHA-3 , 2020, IACR Cryptol. ePrint Arch..

[19]  Reza Azarderakhsh,et al.  SIKE’d Up: Fast Hardware Architectures for Supersingular Isogeny Key Encapsulation , 2020, IEEE Transactions on Circuits and Systems I: Regular Papers.

[20]  Michael Naehrig,et al.  Dual Isogenies and Their Application to Public-key Compression for Isogeny-based Cryptography , 2019, IACR Cryptol. ePrint Arch..

[21]  Benjamin Wesolowski,et al.  Loop-Abort Faults on Supersingular Isogeny Cryptosystems , 2017, PQCrypto.

[22]  Reza Azarderakhsh,et al.  Fast Hardware Architectures for Supersingular Isogeny Diffie-Hellman Key Exchange on FPGA , 2016, IACR Cryptol. ePrint Arch..

[23]  Oleg Taraskin,et al.  Towards Isogeny-Based Password-Authenticated Key Establishment , 2020, J. Math. Cryptol..

[24]  Reza Azarderakhsh,et al.  Hardware Deployment of Hybrid PQC , 2021, IACR Cryptol. ePrint Arch..

[25]  Reza Azarderakhsh,et al.  Highly Optimized Montgomery Multiplier for SIKE Primes on FPGA , 2020, 2020 IEEE 27th Symposium on Computer Arithmetic (ARITH).

[26]  Francisco Rodríguez-Henríquez,et al.  A Faster Software Implementation of the Supersingular Isogeny Diffie-Hellman Key Exchange Protocol , 2018, IEEE Transactions on Computers.

[27]  Alexander Rostovtsev,et al.  Public-Key Cryptosystem Based on Isogenies , 2006, IACR Cryptol. ePrint Arch..

[28]  Francisco Rodríguez-Henríquez,et al.  On the cost of computing isogenies between supersingular elliptic curves , 2018, IACR Cryptol. ePrint Arch..

[29]  Steven D. Galbraith,et al.  Signature Schemes Based On Supersingular Isogeny Problems , 2016, IACR Cryptol. ePrint Arch..

[30]  Steven D. Galbraith,et al.  Identification Protocols and Signature Schemes Based on Supersingular Isogeny Problems , 2017, ASIACRYPT.

[31]  Steven D. Galbraith,et al.  On the Security of Supersingular Isogeny Cryptosystems , 2016, ASIACRYPT.

[32]  Reza Azarderakhsh,et al.  Optimized Algorithms and Architectures for Montgomery Multiplication for Post-quantum Cryptography , 2019, CANS.

[33]  Patrick Longa,et al.  A Compact and Scalable Hardware/Software Co-design of SIKE , 2020, IACR Cryptol. ePrint Arch..

[34]  Daniel J. Bernstein,et al.  conservative code-based cryptography , 2017 .

[35]  Hwajeong Seo,et al.  Supersingular Isogeny Key Encapsulation (SIKE) Round 2 on ARM Cortex-M4 , 2020, IEEE Transactions on Computers.

[36]  Samuel Jaques,et al.  Quantum cryptanalysis in the RAM model: Claw-finding attacks on SIKE , 2019, IACR Cryptol. ePrint Arch..

[37]  Reza Azarderakhsh,et al.  Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves , 2017, IEEE Transactions on Circuits and Systems I: Regular Papers.

[38]  Reza Azarderakhsh,et al.  Fast Strategies for the Implementation of SIKE Round 3 on ARM Cortex-M4 , 2021, IEEE Transactions on Circuits and Systems I: Regular Papers.

[39]  Reza Azarderakhsh,et al.  A Post-quantum Digital Signature Scheme Based on Supersingular Isogenies , 2017, Financial Cryptography.

[40]  Joppe W. Bos,et al.  CRYSTALS-Kyber Algorithm Speci cations And Supporting Documentation ( version 2 . 0 ) , 2019 .

[41]  Reza Azarderakhsh,et al.  How Not to Create an Isogeny-Based PAKE , 2020, IACR Cryptol. ePrint Arch..