Efficient Software Implementation of the SIKE Protocol Using a New Data Representation

Thanks to relatively small public and secret keys, the Supersingular Isogeny Key Encapsulation (SIKE) protocol made it into the third evaluation round of the post-quantum standardization project of the National Institute of Standards and Technology (NIST). Even though a large body of research has been devoted to the efficient implementation of SIKE, its latency is still undesirably long for many real-world applications. Most existing implementations of the SIKE protocol use the Montgomery representation for the underlying field arithmetic since the corresponding reduction algorithm is considered the fastest method for performing multiple-precision modular reduction. In this paper, we propose a new data representation for supersingular isogeny-based Elliptic-Curve Cryptography (ECC), of which SIKE is a sub-class. This new representation enables significantly faster implementations of modular reduction than the Montgomery reduction, and also other finite-field arithmetic operations used in ECC can benefit from our data representation. We implemented all arithmetic operations in C using the proposed representation such that they have constant execution time and integrated them to the latest version of the SIKE software library. Using four different parameters sets, we benchmarked our design and the optimized generic implementation on a 2.6 GHz Intel Xeon E5-2690 processor. Our results show that, for the prime of SIKEp751, the proposed reduction algorithm is approximately 2.61 times faster than the currently best implementation of Montgomery reduction, and our representation also enables significantly better timings for other finite-field operations. Due to these improvements, we were able to achieve a speed-up by a factor of about 1.65, 2.03, 1.61, and 1.48 for SIKEp751, SIKEp610, SIKEp503, and SIKEp434, respectively, compared to state-of-the-art generic implementations.

[1]  Reza Azarderakhsh,et al.  Key Compression for Isogeny-Based Cryptosystems , 2016, AsiaPKC '16.

[2]  Zhongfeng Wang,et al.  A Novel Modular Multiplier for Isogeny-Based Post-Quantum Cryptography , 2020, 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[3]  Benjamin Wesolowski,et al.  Loop-Abort Faults on Supersingular Isogeny Cryptosystems , 2017, PQCrypto.

[4]  Reza Azarderakhsh,et al.  NEON SIKE: Supersingular Isogeny Key Encapsulation on ARMv7 , 2018, SPACE.

[5]  Eike Kiltz,et al.  A Modular Analysis of the Fujisaki-Okamoto Transformation , 2017, TCC.

[6]  Reza Azarderakhsh,et al.  Towards Optimized and Constant-Time CSIDH on Embedded Devices , 2019, COSADE.

[7]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[8]  Frederik Vercauteren,et al.  Efficient Finite field multiplication for isogeny based post quantum cryptography , 2016, IACR Cryptol. ePrint Arch..

[9]  S. Cook,et al.  ON THE MINIMUM COMPUTATION TIME OF FUNCTIONS , 1969 .

[10]  Paulo S. L. M. Barreto,et al.  Faster Key Compression for Isogeny-Based Cryptosystems , 2019, IEEE Transactions on Computers.

[11]  Joppe W. Bos,et al.  Arithmetic Considerations for Isogeny-Based Cryptography , 2019, IEEE Transactions on Computers.

[12]  Martin Fürer Faster integer multiplication , 2007, STOC '07.

[13]  Moses D. Liskov Fermat's Little Theorem , 2005, Encyclopedia of Cryptography and Security.

[14]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[15]  Reza Azarderakhsh,et al.  Efficient Implementations of A Quantum-Resistant Key-Exchange Protocol on Embedded systems , 2014 .

[16]  Zhe Liu,et al.  SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange , 2018, IACR Cryptol. ePrint Arch..

[17]  Steven D. Galbraith,et al.  On the Security of Supersingular Isogeny Cryptosystems , 2016, ASIACRYPT.

[18]  Sylvain Guilley,et al.  Side-Channel Analysis and Countermeasure Design on ARM-Based Quantum-Resistant SIKE , 2020, IEEE Transactions on Computers.

[19]  Jean-Jacques Quisquater,et al.  Recent Results on Modular Multiplications for Smart Cards , 1998, CARDIS.

[20]  Jun Lin,et al.  Ultra-Fast Modular Multiplication Implementation for Isogeny-Based Post-Quantum Cryptography , 2019, 2019 IEEE International Workshop on Signal Processing Systems (SiPS).

[21]  Yinan Kong,et al.  Optimizing the Improved Barrett Modular Multipliers for Public-Key Cryptography , 2010, 2010 International Conference on Computational Intelligence and Software Engineering.

[22]  Yan Bo Ti,et al.  Fault Attack on Supersingular Isogeny Cryptosystems , 2017, PQCrypto.

[23]  Burton S. Kaliski,et al.  A Cryptographic Library for the Motorola DSP56000 , 1991, EUROCRYPT.

[24]  Francisco Rodríguez-Henríquez,et al.  A Faster Software Implementation of the Supersingular Isogeny Diffie-Hellman Key Exchange Protocol , 2018, IEEE Transactions on Computers.

[25]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[26]  Reza Azarderakhsh,et al.  Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves , 2017, IEEE Transactions on Circuits and Systems I: Regular Papers.

[27]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[28]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[29]  Craig Costello,et al.  Efficient Algorithms for Supersingular Isogeny Diffie-Hellman , 2016, CRYPTO.

[30]  Paul Barrett,et al.  Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor , 1986, CRYPTO.

[31]  Jian Ni,et al.  Optimized Modular Multiplication for Supersingular Isogeny Diffie-Hellman , 2019, IEEE Transactions on Computers.

[32]  Reza Azarderakhsh,et al.  SIKE'd Up: Fast and Secure Hardware Architectures for Supersingular Isogeny Key Encapsulation , 2019, IACR Cryptol. ePrint Arch..

[33]  Reza Azarderakhsh,et al.  A High-Performance and Scalable Hardware Architecture for Isogeny-Based Cryptography , 2018, IEEE Transactions on Computers.