Skip to main content
SpringerLink
Log in

Efficient Algorithm for Computing Odd-Degree Isogenies on Montgomery Curves

  • Conference paper
  • First Online:
Information Security Applications (WISA 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12583))

Included in the following conference series:

Abstract

Isogeny-based cryptography, such as commutative supersingular isogeny Diffie-Hellman (CSIDH), has been shown to be promising candidates for post-quantum cryptography. However, their speeds have remained unremarkable. For example, computing odd-degree isogenies between Montgomery curves is a dominant computation in CSIDH. To increase the speed of this isogeny computation, this study proposes a new technique called the “2-ADD-Skip method,” which reduces the required number of points to be computed. This technique is then used to develop a novel algorithm for isogeny computation. It is found that the proposed algorithm requires fewer field arithmetic operations for the degrees of \(\ell \ge 19\) compared with the algorithm of Meyer et al., which utilizes twisted Edwards curves. Further, a prototype CSIDH-512 implementation shows that the proposed algorithm can give a 6.7% speedup over the implementation by Meyer et al. Finally, individual experiments for each degree of isogeny show that the proposed algorithm requires the lowest number of clock cycles among existing algorithms for \(19 \le \ell \le 373\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A new paper by Bernstein et al. [11] is discussed in Sect. 5.2.

References

  1. De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209–247 (2014)

    MathSciNet  MATH  Google Scholar 

  2. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  3. Jao, D., et al.: Supersingular isogeny key encapsulation. Submission to the NIST Post- Quantum Cryptography Standardization project. https://sike.org

  4. Alagic, G., et al.: Status report on the first round of the NIST post-quantum cryptography standardization process. NISTIR 8240 (2019)

    Google Scholar 

  5. Meyer, M., Reith, S.: A faster way to the CSIDH. In: Chakraborty, D., Iwata, T. (eds.) INDOCRYPT 2018. LNCS, vol. 11356, pp. 137–152. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05378-9_8

    Chapter  Google Scholar 

  6. Meyer, M., Campos, F., Reith, S.: On lions and elligators: an efficient constant-time implementation of CSIDH. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 307–325. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_17

    Chapter  Google Scholar 

  7. Hutchinson, A., LeGrow, J.T., Koziel, B., Azarderakhsh, R.: Further optimizations of CSIDH: a systematic approach to efficient strategies, permutations, and bound vectors. IACR Cryptol. ePrint Arch. 2019, 1121 (2019)

    Google Scholar 

  8. Nakagawa, K., Onuki, H., Takayasu, A., Takagi, T.: \(L_1\)-norm ball for CSIDH: optimal strategy for choosing the secret key space. IACR Cryptol. ePrint Arch. 2020, 181 (2020)

    Google Scholar 

  9. Cervantes-Vázquez, D., Chenu, M., Chi-Domínguez, J.-J., De Feo, L., Rodríguez-Henríquez, F., Smith, B.: Stronger and faster side-channel protections for CSIDH. In: Schwabe, P., Thériault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 173–193. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30530-7_9

    Chapter  Google Scholar 

  10. Bernstein, D.J., Lange, T., Martindale, C., Panny, L.: Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 409–441. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_15

    Chapter  Google Scholar 

  11. Bernstein, D.J., De Feo, L., Leroux, A., Smith, B.: Faster computation of isogenies of large prime degree. IACR Cryptol. ePrint Arch. 2020, 341 (2020)

    Google Scholar 

  12. Onuki, H., Aikawa, Y., Yamazaki, T., Takagi, T.: (Short paper) a faster constant-time algorithm of CSIDH keeping two points. In: Attrapadung, N., Yagi, T. (eds.) IWSEC 2019. LNCS, vol. 11689, pp. 23–33. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26834-3_2

    Chapter  Google Scholar 

  13. Costello, C., Hisil, H.: A simple and compact algorithm for SIDH with arbitrary degree isogenies. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 303–329. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_11

    Chapter  Google Scholar 

  14. Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)

    Article  MathSciNet  Google Scholar 

  15. Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_21

    Chapter  Google Scholar 

  16. Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389–405. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68164-9_26

    Chapter  Google Scholar 

  17. Castryck, W., Galbraith, S.D., Farashahi, R.R.: Efficient arithmetic on elliptic curves using a mixed Edwards-Montgomery representation. IACR Cryptol. ePrint Arch. 2008, 218 (2008)

    Google Scholar 

  18. Vélu, J.: Isogènies entre courbes elliptiques. C R Acad. Sci. Paris Sér. A-B 273, A238–A241 (1971)

    Google Scholar 

  19. Couveignes, J.M.: Hard homogeneous spaces. IACR Cryptol. ePrint Arch. 2006, 291 (2006)

    Google Scholar 

  20. Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. IACR Cryptol. ePrint Arch. 2006, 145 (2006)

    Google Scholar 

  21. Stolbunov, A.: Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Adv. Math. Commun. 4(2), 215–235 (2010)

    Article  MathSciNet  Google Scholar 

  22. Renes, J.: Computing isogenies between montgomery curves using the action of (0, 0). In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 229–247. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_11

    Chapter  Google Scholar 

  23. Moody, D., Shumow, D.: Analogues of Vélu’s formulas for isogenies on alternate models of elliptic curves. Math. Comput. 85(300), 1929–1951 (2016)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by JSPS KAKENHI Grant Number JP19J10400, enPiT (Education Network for Practical Information Technologies) at MEXT, and Innovation Platform for Society 5.0 at MEXT.

Author information

Authors and Affiliations

  1. Graduate School of Engineering, Osaka University, 2-1, Yamadaoka, Suita, Osaka, Japan

    Kenta Kodera & Atsuko Miyaji

  2. Graduate School of Natural Science and Technology, Kanazawa University, Kakumamachi, Kanazawa, Japan

    Chen-Mou Cheng

  3. Japan Advanced Institute of Science and Technology, Nomi, Japan

    Atsuko Miyaji

Authors
  1. Kenta Kodera
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chen-Mou Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Atsuko Miyaji
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kenta Kodera .

Editor information

Editors and Affiliations

  1. Soonchunhyang University, Asan, Korea (Republic of)

    Ilsun You

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kodera, K., Cheng, CM., Miyaji, A. (2020). Efficient Algorithm for Computing Odd-Degree Isogenies on Montgomery Curves. In: You, I. (eds) Information Security Applications. WISA 2020. Lecture Notes in Computer Science(), vol 12583. Springer, Cham. https://doi.org/10.1007/978-3-030-65299-9_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65299-9_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65298-2

  • Online ISBN: 978-3-030-65299-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation