Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.3.497

On the Use of Twisted Montgomery Curves for CSIDH-Based Cryptography  

Kim, Suhri (Sungshin Women's University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.3, 2021 , pp. 497-508 More about this Journal
Abstract
In this paper, we focus on optimizing the performance of CSURF, which uses the tweaked Montgomery curves. The projective version of elliptic curve arithmetic is slower on tweaked Montgomery curves than on Montgomery curves, so that CSURF is slower than the hybrid version of CSIDH. However, as the square-root Velu formula uses less number of ellitpic curve arithmetic than the standard Velu formula, there is room for optimization We optimize the square-root Velu formula and 2-isogeny formula on tweaked Montgomery curves. Our CSURFis 14% faster than the standard CSURF, and 10.8% slower than the CSIDH using the square-root Velu formula. The constant-time CSURF is 6.8% slower than constant-time CSIDH. Compared to the previous implementations, this is a remarkable result.
Keywords
Post-quantum cryptography; isogeny-based cryptography; CSIDH; twisted Montgomery curves;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Kim et al. "New hybrid method for isogeny-based cryptosystems using Edwards curves," IEEE transactions on Information Theory, vol. 66, no. 3, pp. 1934-1943, 2020   DOI
2 M. Meyer et al. "On lions and elligators: An efficient constant-time implementations of CSIDH", PQCrypto, LNCS 11505, pp. 307-325, 2019
3 M. Meyer and S. Reith "A faster way to the CSIDH," INDOCRYPT, LNCS 11356, pp. 137-152, 2018
4 M. Meyer et al. "On hybrid SIDH schemes using Edwards and Montgomery curve arithmetic," IACR Cryptology ePrint Archive, 2017:1213, 2017
5 D. Moody and D. Shumow, "Analogues of Velu's formula for isogenies on alternate models of elliptic curves," Mathematics of Computations, vol. 85, no. 300, pp. 1929-1951, 2016
6 D. Heo et al. "On the performance analysis for CSIDH-based cryptosystems," Applied Sciences, vol. 10, no. 19, 2020
7 H. Onuki et al. "A constant-time algorithm of CSIDH keeping two points," IEICE Transactions on Fundamentals of Electronics, Communications, and Computer Sciences, vol. E103.A, no. 10, pp. 1174-1182, 2020   DOI
8 A. Stolbunov, "Constructing public-key cryptographic schemes based on class group action on a set of isogenous ellitpic curves," Advances in Mathematics of Communication, vol. 4, no. 2, pp. 215-235, 2010   DOI
9 T. Kawashima, "An efficient authenticated key exchange from random self-reducibility on CSIDH," IACR Cryptology ePrint Archive, 2020:1178, 2020
10 W. Castryck and T. Decru "CSIDH on the surface," PQCrypto, LNCS 12100, pp.111-129, April, 2020
11 W. Castryck et al. "CSIDH: An efficient post-quantum commutaitve group action," ASIACRYPT, LNCS 11274, Dec. 2018
12 D. Cervantes-Vazquez et al. "Stronger and faster side-channel protections for CSIDH," LATINCRYPT, LNCS 11774, Sept. 2019
13 J.M. Couveignes, "Hard homogenous spaces," IACR Cryptology ePrint Archive, 2006:291, 2006
14 A. Childs et al. "Constructing elliptic curve isogenies in quantum sub-exponential time," Journal of Mathematical Cryptology, vol. 8, no. 1, pp. 1-29, 2014   DOI
15 C. Costello, "B-SIDH supersingular isogeny Diffie-Hellman using twisted torsion," ASIACRYPT, LNCS 12492, pp. 440-463, Dec. 2020
16 C. Costello and H. Hisil, "A simple and compact algorithm for SIDH with arbitrary degree isogenies," ASIACRYPT, LNCS 10625, pp. 303-329, Dec. 2017
17 De Feo. et al. "Towards practical key exchange from ordinary isogeny graphs," ASIACRYPT, LNCS 11274, Dec. 2018
18 W. Beullens et al. "CSI-FiSh: efficient isogeny based signatures through class group computations," ASIACRYPT, LNCS 11921, pp. 227-247, Dec. 2019
19 J.J. Chi-Domiguez et al. "On new Velu's formulae and their applications to CSIDH and BSIDH constant-time implementations," IACR Cryptology ePrint Archive, 2020:1109, 2020
20 D. Bernstein et al. "Faster computation of isogenies of large prime degree," IACR Cryptology ePrint Archive, 2020:341, 2020
21 D. Heo et al. "Optimized CSIDH implementation using a 2-torsion point," Cryptography, vol. 4, no. 3, 2020
22 A. Jalali, "Towards optimized and constant-time CSIDH on embedded devices," International Workshop on Constructive Side-Channel Analysis and Secure Design, pp. 215-231, 2019
23 D. Jao, L. De Feo "Towards quantum-resistant cryptosystems from super-singular elliptic curve isogenies," PQCrypto, LNCS 7071, pp. 19-34, Aug. 2011