Kassem Kalach scite author profile

We present a method for key compression in quantum-resistant isogeny-based cryptosystems, which reduces storage and transmission costs of per-party public information by a factor of two, with no effect on the security level of the scheme. We achieve this reduction by compressing both the representation of an elliptic curve, and torsion points on said curve. Compression of the elliptic curve is achieved by associating each j-invariant to a canonical choice of elliptic curve, and the torsion points will be represented as linear combinations with respect to a canonical choice of basis for this subgroup. This method of compressing public information can be applied to numerous isogeny-based protocols, such as key exchange, zero-knowledge identification, and public-key encryption. The details of utilizing compression for each of these cryptosystems is explained. We provide implementation results showing the computational cost of key compression and decompression at various security levels. Our results show that isogeny-based cryptosystems achieve the smallest possible key sizes among all existing families of post-quantum cryptosystems at practical security levels.iv

show abstract

Merkle Puzzles in a Quantum World

Brassard

Hoyer

Kalach

et al. 2011

View full text Add to dashboard Cite

Abstract. In 1974, Ralph Merkle proposed the first unclassified scheme for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N , an eavesdropper cannot break into their communication without spending a time proportional to N 2 , which is quadratically more than the legitimate effort. We showed in an earlier paper that Merkle's schemes are completely insecure against a quantum adversary, but that their security can be partially restored if the legitimate parties are also allowed to use quantum computation: the eavesdropper needed to spend a time proportional to N 3/2 to break our earlier quantum scheme. Furthermore, all previous classical schemes could be broken completely by the onslaught of a quantum eavesdropper and we conjectured that this is unavoidable.We give two novel key agreement schemes in the spirit of Merkle's. The first one can be broken by a quantum adversary that makes an effort proportional to N 5/3 to implement a quantum random walk in a Johnson graph reminiscent of Andris Ambainis' quantum algorithm for the element distinctness problem. This attack is optimal up to logarithmic factors. Our second scheme is purely classical, yet it cannot be broken by a quantum eavesdropper who is only willing to expend effort proportional to that of the legitimate parties.

show abstract

Hardware Complexity of Modular Multiplication and Exponentiation

David

Kalach

Tittley

2007

IEEE Trans. Comput.

View full text Add to dashboard Cite

Key Establishment à la Merkle in a Quantum World

Brassard

Hoyer

Kalach³

et al. 2019

J Cryptol

View full text Add to dashboard Cite

In 1974, Ralph Merkle proposed the first unclassified scheme for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N , an eavesdropper cannot break into their communication without spending a time proportional to N 2 , which is quadratically more than the legitimate effort. Two of us showed in 2008 that Merkle's schemes are completely insecure against a quantum adversary, but that their security can be partially restored if the legitimate parties are also allowed to use quantum computation: the eavesdropper needed to spend a time proportional to N 3/2 to break our earlier quantum scheme. Furthermore, all previous classical schemes could be broken completely by the onslaught of a quantum eavesdropper and we conjectured that this is unavoidable.We give now two novel key establishment schemes in the spirit of Merkle's. The first one can be broken by a quantum adversary who makes an effort proportional to N 5/3 , which is the optimal attack against this scheme. Our second scheme is purely classical, yet it cannot be broken by a quantum eavesdropper who is only willing to expend an effort proportional to that of the legitimate parties.We then introduce two families of more elaborate protocols. The first family consists in quantum protocols whose security is arbitrarily close to quadratic in the query complexity model. The second is a family of classical protocols whose security against a quantum adversary is arbitrarily close to N 3/2 in the same model.

show abstract

ePassport: Securing International Contacts with Contactless Chips

Avoine

Kalach

Quisquater

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Kassem Kalach

Key Compression for Isogeny-Based Cryptosystems

Merkle Puzzles in a Quantum World

Hardware Complexity of Modular Multiplication and Exponentiation

Key Establishment à la Merkle in a Quantum World

ePassport: Securing International Contacts with Contactless Chips

Contact Info

Product

Resources

About