Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.1.19

On the Use of Odd-Degree Isogenies for Implementing SIDH-Based Cryptography  

Kim, Suhri (Korea University)
Yoon, Kisoon (NSHC)
Park, Young-Ho (Sejong Cyber University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.1, 2021 , pp. 19-30 More about this Journal
Abstract
In this paper, when SIDH is instantiated using only 3- and 5-isogeny, we demonstrate which curve is more efficient among the Montgomery, Edwards, and Huff curves. To this end, we present the computational cost of the building blocks of SIDH on Montgomery, Edwards, and Huff curves. We also present the prime we used and parameter settings for implementation. The result of our work shows that the performance of SIDH on Montgomery and Huff curves is almost the same and they are 0.8% faster than Edwards curves. With the possibility of using isogeny of degree other than 3 and 4, the performance of 5-isogeny became even more essential. In this regard, this paper can provide guidelines on the selection of the form of elliptic curves for implementation.
Keywords
Post-quantum cryptography; isogeny-based cryptography; SIDH;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Azarderakhsh et al. "Supersingular isogeny key encapsulation", submission to the NIST post-quantum standardization project, 2017
2 R. Azarderakhsh et al. "Practical supersingular isogeny group key aggrement," IACR Cryptology ePrint Archive, 2019:330, 2019
3 J. Couveignes, "Hard homogeneous spaces," IACR Cryptology ePrint Archive, 2006:291, 2006
4 C. Costello and H. Hisil, "A simple and compact algorithm for SIDH with arbitrary degree isogenies," Advances in Cryptology, ASIACRYPT'17, LNCS 10625, pp. 303-329, 2017
5 R. Drylo et al. "Efficient Montgomerylike formulas for general Huff's and Huff's elliptic curves and their applications to the isogeny-based cryptography," IACR Cryptology ePrint Archive, 2020:526, 2020
6 R. Farashahi et al. "Differential addition on twisted Edwards curves," ACISP'17, LNCS 10343, pp. 366-378, 2017
7 Y. Huang et al, "Optimized arithmetic operations for isogeny-based cryptography on Huff curves," ACISP'20, LNCS 12248, pp. 23-40, 2020
8 M. Joye et al,"Huff's model for elliptic curves," International Algorithmic Number Theory Symposium, ANTS'10, pp. 234-250, 2010
9 D. Jao, L. De Feo "Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies," PQCrypto'11, LNCS 7071, pp. 19-34, 2011
10 S. Kim et al. "Optimized method for computing odd-degree isogenies on Edwards curves," Advances in Cryptology, ASIACRYPT'19, LNCS 11922, pp. 273-292, 2019
11 D. Moody and D. Shumow, "Analogues of Velu's formula for isogenies on alternate models of elliptic curves," Mathematics of Computations, vol. 85, no. 300, pp. 1929-1951, 2016
12 S. Kim et al. "New hybrid method for isogeny-based cryptosystems using Edwards curves," IEEE transactions on Information Theory, vol. 66, no. 3, pp. 1934-1943, 2020   DOI
13 M. Meyer et al. "On hybrid SIDH schemes using Edwards and Montgomery curve arithmetic," IACR Cryptology ePrint Archive, 2017:1213, 2017
14 P. Montgomery, 'Speeding the pollard and elliptic curve methods of factorization," Mathematics of computation, vol. 48, no. 177, pp. 243-264, 1971   DOI
15 Craig Costello "B-SIDH supersingular isogeny Diffie-Hellman using twisted torsion," Advances in Cryptology, ASIACRYPT'20, LNCS 12492, pp. 440-463,2020
16 P. W. Shor, "Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer," SIAM review, vol. 41 no. 2, pp. 303-332, 1999.   DOI