Faster Public-Key Compression of SIDH With Less Memory

In recent years, the isogeny-based protocol, namely supersingular isogeny Diffie-Hellman (SIDH) has become highly attractive for its small public key size. In addition, public-key compression makes supersingular isogeny key encapsulation scheme (SIKE) more competitive in the NIST post-quantum cryptography standardization effort. However, compared to other post-quantum protocols, the computational cost of SIDH is relatively high, and so is public-key compression. On the other hand, the storage for pairing computation and discrete logarithms to speed up the current implementation of the key compression is somewhat large. In this paper, we mainly improve the performance of public-key compression of SIDH, especially the efficiency and the storage of pairing computation involved. Our experimental results show that the memory requirement for pairing computation is reduced by a factor of about 1.31, and meanwhile, the instantiation of key generation of SIDH is 3.99% ∼ 5.95% faster than the current state-of-the-art. Besides, in the case of Bob, we present another method to further reduce the storage cost, while the acceleration is not as obvious as the former.

[1]  Craig Costello,et al.  Efficient Algorithms for Supersingular Isogeny Diffie-Hellman , 2016, CRYPTO.

[2]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[3]  Dongdai Lin,et al.  Analysis of Optimum Pairing Products at High Security Levels , 2012, INDOCRYPT.

[4]  Craig Costello,et al.  Improved Classical Cryptanalysis of SIKE in Practice , 2020, Public Key Cryptography.

[5]  Paulo S. L. M. Barreto,et al.  Faster Key Compression for Isogeny-Based Cryptosystems , 2019, IEEE Transactions on Computers.

[6]  Koray Karabina,et al.  Memory Optimization Techniques for Computing Discrete Logarithms in Compressed SIKE , 2021, IACR Cryptol. ePrint Arch..

[7]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[8]  Kristin E. Lauter,et al.  Fast Elliptic Curve Arithmetic and Improved Weil Pairing Evaluation , 2003, CT-RSA.

[9]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[10]  Tanja Lange,et al.  Faster Pairing Computations on Curves with High-Degree Twists , 2010, Public Key Cryptography.

[11]  Andreas Enge,et al.  Bilinear pairings on elliptic curves , 2013, 1301.5520.

[12]  Changan Zhao,et al.  Computing the Ate Pairing on Elliptic Curves with Embedding Degree k = 9 , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[14]  Reza Azarderakhsh,et al.  Key Compression for Isogeny-Based Cryptosystems , 2016, AsiaPKC '16.

[15]  Steven D. Galbraith,et al.  An adaptive attack on 2-SIDH , 2020, Int. J. Comput. Math. Comput. Syst. Theory.

[16]  Samuel Jaques,et al.  Quantum cryptanalysis in the RAM model: Claw-finding attacks on SIKE , 2019, IACR Cryptol. ePrint Arch..

[17]  David Jao,et al.  Efficient Compression of SIDH Public Keys , 2017, EUROCRYPT.

[18]  Paulo S. L. M. Barreto,et al.  Isogeny-based key compression without pairings , 2021, IACR Cryptol. ePrint Arch..

[19]  Michael Naehrig,et al.  Dual Isogenies and Their Application to Public-key Compression for Isogeny-based Cryptography , 2019, IACR Cryptol. ePrint Arch..

[20]  Geovandro C. C. F. Pereira,et al.  x -only point addition formula and faster compressed SIKE , 2020 .

[21]  Francisco Rodríguez-Henríquez,et al.  A Faster Software Implementation of the Supersingular Isogeny Diffie-Hellman Key Exchange Protocol , 2018, IEEE Transactions on Computers.

[22]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[23]  Steven D. Galbraith,et al.  On the Security of Supersingular Isogeny Cryptosystems , 2016, ASIACRYPT.