Skip to main content
SpringerLink
Log in

Faster Isogenies for Post-quantum Cryptography: SIKE

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2022 (CT-RSA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13161))

Included in the following conference series:

Abstract

In the third round of the NIST PQC standardization process, the only isogeny-based candidate, SIKE, suffers from slow performance when compared to other contenders. The large-degree isogeny computation performs a series of isogenous mappings between curves, to account for about 80% of SIKE’s latency. Here, we propose, implement, and evaluate a new method for computing large-degree isogenies of an odd power. Our new strategy for this computation avoids expensive recomputation of temporary isogeny results. We modified open-source libraries targeting x86, ARM64, and ARM32 platforms. Across each of these implementations, our new method achieves 10% and 5% speedups in SIKE’s key encapsulation and decapsulation operations, respectively. Additionally, these implementations use 3% less stack space at only a 48 byte increase in code size. Given the benefit and simplicity of our approach, we recommend this method for current and emerging SIKE implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Commit @effa607 of https://github.com/microsoft/PQCrypto-SIDH.

  2. 2.

    Commit @844e7ca of https://github.com/mupq/pqm4.

References

  1. Adj, G., Cervantes-Vázquez, D., Chi-Domínguez, J.J., Menezes, A., Rodríguez-Henríquez, F.: On the cost of computing isogenies between supersingular elliptic curves. In: Cid, C., Jacobson, M., Jr. (eds.) SAC 2018. LNCS, vol. 11349, pp. 322–343. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-10970-7_15

  2. Alagic, G., et al.: Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process. NIST IR 8309 (2020)

    Google Scholar 

  3. Anastasova, M., Azarderakhsh, R., Kermani, M.M.: Fast strategies for the implementation of SIKE round 3 on ARM Cortex-M4. IEEE Trans. Circuits Syst I Regular Papers 68, 1–13 (2021)

    Article  MathSciNet  Google Scholar 

  4. Roberto Avanzi, et al.: Crystals-kyber: Algorithm specifications and supporting documentation (version 2.0). Submission to the NIST Post-Quantum Standardization project (2019)

    Google Scholar 

  5. Azarderakhsh, R., et al.: Supersingular Isogeny Key Encapsulation. Submission to the NIST Post-Quantum Standardization project (2020)

    Google Scholar 

  6. Azarderakhsh ,R., et al.: Supersingular Isogeny Key Encapsulation. Submission to the NIST Post-Quantum Standardization Project (2017)

    Google Scholar 

  7. Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, pp. 1–10 (2016)

    Google Scholar 

  8. Azarderakhsh, R., Jao, D., Koziel, B., LeGrow, J.T., Soukharev, V., Taraskin, O.: How not to create an isogeny-based PAKE. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020, Part I. LNCS, vol. 12146, pp. 169–186. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57808-4_9

    Chapter  Google Scholar 

  9. Azarderakhsh, R., El Khatib, R., Koziel, B., Langenberg, B.: Hardware deployment of hybrid PQC. Cryptology ePrint Archive, Report 2021/541 (2021). https://ia.cr/2021/541

  10. Bernstein, D.J., et al.: Classic McEliece: conservative code-based cryptography. Submission to the NIST Post-Quantum Standardization project (2019)

    Google Scholar 

  11. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part III. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  12. Charles, D.X., Lauter, K.E., Goren, E.Z.: Cryptographic hash functions from expander graphs. J. Cryptol. 22(1), 93–113 (2009). https://doi.org/10.1007/s00145-007-9002-x

    Article  MathSciNet  MATH  Google Scholar 

  13. Childs, A.M., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Cryptol. 8(1), 1–29 (2014)

    Article  MathSciNet  Google Scholar 

  14. Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient compression of SIDH public keys. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part I. LNCS, vol. 10210, pp. 679–706. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_24

    Chapter  Google Scholar 

  15. Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_21

    Chapter  Google Scholar 

  16. Costello, C., Longa, P., Naehrig, M., Renes, J., Virdia, F.: Improved classical cryptanalysis of SIKE in practice. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020, Part II. LNCS, vol. 12111, pp. 505–534. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_18

    Chapter  Google Scholar 

  17. Couveignes, J.-M.: Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006/291 (2006)

    Google Scholar 

  18. De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209–247 (2014)

    MathSciNet  MATH  Google Scholar 

  19. El Khatib, R., Azarderakhsh, R., Mozaffari-Kermani, M.: Optimized algorithms and architectures for montgomery multiplication for post-quantum cryptography. In: Mu, Y., Deng, R.H., Huang, X. (eds.) CANS 2019. LNCS, vol. 11829, pp. 83–98. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31578-8_5

    Chapter  MATH  Google Scholar 

  20. Elkhatib, R., Azarderakhsh, R., Mozaffari-Kermani, M.: Highly optimized montgomery multiplier for SIKE primes on FPGA. In: 2020 IEEE 27th Symposium on Computer Arithmetic (ARITH), pp. 64–71, (2020)

    Google Scholar 

  21. Elkhatib, R., Azarderakhsh, R., Mozaffari-Kermani, M.: Accelerated RISC-V for post-quantum SIKE. Cryptology ePrint Archive, Report 2021/597 (2021). https://ia.cr/2021/597

  22. Farzam, M.-H., Bayat-Sarmadi, S., Mosanaei-Boorani, H.: Implementation of supersingular isogeny-based Diffie-Hellman and key encapsulation using an efficient scheduling. IEEE Trans. Circuits Syst. 67(12), 4895–4903 (2020)

    Article  MathSciNet  Google Scholar 

  23. Faz-Hernández, A., López, J., Ochoa-Jiménez, E., Rodríguez-Henríquez, F.: A faster software implementation of the supersingular isogeny Diffie-Hellman key exchange protocol. IEEE Trans. Comput. 67(11), 1622–1636 (2017)

    Article  MathSciNet  Google Scholar 

  24. Galbraith, S.D., Petit, C., Shani, B., Ti, Y.B.: On the security of supersingular isogeny cryptosystems. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 63–91. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_3

    Chapter  Google Scholar 

  25. Galbraith, S.D., Petit, C., Silva, J.: Identification protocols and signature schemes based on supersingular isogeny problems. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 3–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_1

    Chapter  Google Scholar 

  26. Gélin, A., Wesolowski, B.: Loop-abort faults on supersingular isogeny cryptosystems. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 93–106. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_6

    Chapter  Google Scholar 

  27. Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2

    Chapter  MATH  Google Scholar 

  28. Jaques, S., Schanck, J.M.: Quantum cryptanalysis in the RAM model: claw-finding attacks on SIKE. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part I. LNCS, vol. 11692, pp. 32–61. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_2

    Chapter  MATH  Google Scholar 

  29. Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: Post-quantum crypto library for the ARM Cortex-M4. https://github.com/mupq/pqm4

  30. Koziel, B., Ackie, A., El Khatib, R., Azarderakhsh, R., Kermani, M.M.: SIKE’d up: fast hardware architectures for supersingular isogeny key encapsulation. IEEE Trans. Circuits Syst. I Regul. Pap. 61, 1–13 (2020)

    MathSciNet  MATH  Google Scholar 

  31. Koziel, B., Azarderakhsh, R., Jao, D.: An exposure model for supersingular isogeny Diffie-Hellman key exchange. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 452–469. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76953-0_24

    Chapter  Google Scholar 

  32. Koziel, B., Azarderakhsh, R., Jao, D.: Side-channel attacks on quantum-resistant supersingular isogeny Diffie-Hellman. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 64–81. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9_4

    Chapter  Google Scholar 

  33. Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M.: Fast hardware architectures for supersingular isogeny Diffie-Hellman key exchange on FPGA. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 191–206. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49890-4_11

    Chapter  Google Scholar 

  34. Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M.: A high-performance and scalable hardware architecture for isogeny-based cryptography. IEEE Trans. Comput. 67(11), 1594–1609 (2018)

    Article  MathSciNet  Google Scholar 

  35. Koziel, B., Azarderakhsh, R., Mozaffari-Kermani, M., Jao, D.: Post-quantum cryptography on FPGA based on isogenies on elliptic curves. IEEE Trans. Circuits Syst. I Regul. Pap. 64(1), 86–99 (2017)

    Article  Google Scholar 

  36. Koziel, B., Jalali, A., Azarderakhsh, R., Jao, D., Mozaffari-Kermani, M.: NEON-SIDH: efficient implementation of supersingular isogeny Diffie-Hellman key exchange protocol on ARM. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 88–103. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48965-0_6

    Chapter  Google Scholar 

  37. Longa, P., Wang, W., Szefer, J.: The cost to break SIKE: a comparative hardware-based analysis with AES and SHA-3. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 402–431. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_14

    Chapter  Google Scholar 

  38. Massolino, P.M., Longa, P., Renes, J., Batina, L.: A compact and scalable hardware/software co-design of SIKE. IACR Trans. Crypt. Hardw. Embed. Syst. 2020, 245–271 (2020)

    Article  Google Scholar 

  39. Naehrig, M., Renes, J.: Dual isogenies and their application to public-key compression for isogeny-based cryptography. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part II. LNCS, vol. 11922, pp. 243–272. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_9

    Chapter  Google Scholar 

  40. Pereira, G.C.C.F., Barreto, P.S.L.M.: Isogeny-based key compression without pairings. In: Garay, J.A. (ed.) PKC 2021, Part I. LNCS, vol. 12710, pp. 131–154. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_6

    Chapter  Google Scholar 

  41. Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. Cryptology ePrint Archive, Report 2006/145 (2006)

    Google Scholar 

  42. Seo, H., Anastasova, M., Jalali, A., Azarderakhsh, R.: Supersingular isogeny key encapsulation (SIKE) round 2 on ARM Cortex-M4. IEEE Trans. Comput. 70, 1705–1718 (2020). https://www.computer.org/csdl/journal/tc/2021/10/09190059/1mYZi2oUoWk

  43. Seo, H., Sana, P., Jalal, A., Azarderakhsh, R.: Optimized implementation of SIKE round 2 on 64-bit ARM Cortex-A processors. IEEE Trans. Circuits Syst. I Regul. Pap. 67–I(8), 2659–2671 (2020)

    Article  Google Scholar 

  44. Shor, PW.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science (FOCS 1994), pp. 124–134 (1994)

    Google Scholar 

  45. Taraskin, O., Soukharev, V., Jao, D., LeGrow, J.T.: Towards isogeny-based password-authenticated key establishment. J. Math. Cryptol. 15(1), 18–30 (2021)

    Article  MathSciNet  Google Scholar 

  46. The National Institute of Standards and Technology (NIST). Post-quantum cryptography standardization, 2017–2018. https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization

  47. Ti, Y.B.: Fault attack on supersingular isogeny cryptosystems. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 107–122. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_7

    Chapter  Google Scholar 

  48. Vélu, J.: Isogénies entre courbes elliptiques. Comptes Rendus de l’Académie des Sciences Paris Séries A-B 273, A238–A241 (1971)

    MATH  Google Scholar 

  49. Yoo, Y., Azarderakhsh, R., Jalali, A., Jao, D., Soukharev, V.: A post-quantum digital signature scheme based on supersingular isogenies. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 163–181. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_9

    Chapter  Google Scholar 

Download references

Acknowledgment

The authors would like to thank the reviewers for their comments.

Author information

Authors and Affiliations

  1. PQSecure Technologies, LLC, Boca Raton, FL, USA

    Rami Elkhatib, Brian Koziel & Reza Azarderakhsh

Authors
  1. Rami Elkhatib
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brian Koziel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Reza Azarderakhsh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Brian Koziel .

Editor information

Editors and Affiliations

  1. University of Auckland, Auckland, New Zealand

    Steven D. Galbraith

Ethics declarations

Some of these techniques may be covered by US and/or international patents.

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Elkhatib, R., Koziel, B., Azarderakhsh, R. (2022). Faster Isogenies for Post-quantum Cryptography: SIKE. In: Galbraith, S.D. (eds) Topics in Cryptology – CT-RSA 2022. CT-RSA 2022. Lecture Notes in Computer Science(), vol 13161. Springer, Cham. https://doi.org/10.1007/978-3-030-95312-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95312-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95311-9

  • Online ISBN: 978-3-030-95312-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation