EdSIDH: Supersingular Isogeny Diffie-Hellman Key Exchange on Edwards Curves

Problems relating to the computation of isogenies between elliptic curves defined over finite fields have been studied for a long time. Isogenies on supersingular elliptic curves are a candidate for quantum-safe key exchange protocols because the best known classical and quantum algorithms for solving well-formed instances of the isogeny problem are exponential. We propose an implementation of supersingular isogeny Diffie-Hellman (SIDH) key exchange for complete Edwards curves. Our work is motivated by the use of Edwards curves to speed up many cryptographic protocols and improve security. Our work does not actually provide a faster implementation of SIDH, but the use of complete Edwards curves and their complete addition formulae provides security benefits against side-channel attacks. We provide run time complexity analysis and operation counts for the proposed key exchange based on Edwards curves along with comparisons to the Montgomery form.

[1]  Reza Azarderakhsh,et al.  An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange , 2018, CT-RSA.

[2]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[3]  Vladimir Valyukh Performance and Comparison of ostquantum Cryptographic Algorithms , 2017 .

[4]  Maike Massierer,et al.  Ramanujan graphs in cryptography , 2018, IACR Cryptol. ePrint Arch..

[5]  David Jao,et al.  Efficient Compression of SIDH Public Keys , 2017, EUROCRYPT.

[6]  Seokhie Hong,et al.  Efficient Isogeny Computations on Twisted Edwards Curves , 2018, Secur. Commun. Networks.

[7]  Reza Azarderakhsh,et al.  A High-Performance and Scalable Hardware Architecture for Isogeny-Based Cryptography , 2018, IEEE Transactions on Computers.

[8]  Reza Azarderakhsh,et al.  Efficient Implementations of A Quantum-Resistant Key-Exchange Protocol on Embedded systems , 2014 .

[9]  Reza Azarderakhsh,et al.  Side-Channel Attacks on Quantum-Resistant Supersingular Isogeny Diffie-Hellman , 2017, SAC.

[10]  Craig Costello,et al.  A Simple and Compact Algorithm for SIDH with Arbitrary Degree Isogenies , 2017, ASIACRYPT.

[11]  Reza Azarderakhsh,et al.  A Post-quantum Digital Signature Scheme Based on Supersingular Isogenies , 2017, Financial Cryptography.

[12]  Tanja Lange,et al.  ECM using Edwards curves , 2012, Math. Comput..

[13]  Reza Azarderakhsh,et al.  Supersingular Isogeny Diffie-Hellman Key Exchange on 64-Bit ARM , 2019, IEEE Transactions on Dependable and Secure Computing.

[14]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[15]  Reza Azarderakhsh,et al.  On Fast Calculation of Addition Chains for Isogeny-Based Cryptography , 2016, Inscrypt.

[16]  Daniel Shumow,et al.  Analogues of Vélu's formulas for isogenies on alternate models of elliptic curves , 2015, Math. Comput..

[17]  Reza Azarderakhsh,et al.  Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves , 2017, IEEE Transactions on Circuits and Systems I: Regular Papers.

[18]  Craig Costello,et al.  Efficient Algorithms for Supersingular Isogeny Diffie-Hellman , 2016, CRYPTO.

[19]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[20]  H. Edwards A normal form for elliptic curves , 2007 .

[21]  Francisco Rodríguez-Henríquez,et al.  A Faster Software Implementation of the Supersingular Isogeny Diffie-Hellman Key Exchange Protocol , 2018, IEEE Transactions on Computers.

[22]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[23]  Reza Azarderakhsh,et al.  NEON-SIDH: Effi cient Implementation of Supersingular Isogeny Diffi e-Hellman Key-Exchange Protocol on ARM , 2016, IACR Cryptol. ePrint Arch..

[24]  Tanja Lange,et al.  A complete set of addition laws for incomplete Edwards curves , 2011, IACR Cryptol. ePrint Arch..

[25]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[26]  Reza Azarderakhsh,et al.  Post-Quantum Static-Static Key Agreement Using Multiple Protocol Instances , 2017, SAC.

[27]  Steffen Reith,et al.  On hybrid SIDH schemes using Edwards and Montgomery curve arithmetic , 2017, IACR Cryptol. ePrint Arch..

[28]  Daniel Smith-Tone,et al.  Report on Post-Quantum Cryptography , 2016 .

[29]  Reza Azarderakhsh,et al.  Fast Hardware Architectures for Supersingular Isogeny Diffie-Hellman Key Exchange on FPGA , 2016, IACR Cryptol. ePrint Arch..

[30]  Reza Azarderakhsh,et al.  Key Compression for Isogeny-Based Cryptosystems , 2016, AsiaPKC '16.