2022
DOI: 10.3934/amc.2020116
|View full text |Cite
|
Sign up to set email alerts
|

Optimal strategies for CSIDH

Abstract: Since its proposal in Asiacrypt 2018, the commutative isogenybased key exchange protocol (CSIDH) has spurred considerable attention to improving its performance and re-evaluating its classical and quantum security guarantees. In this paper we discuss how the optimal strategies employed by the Supersingular Isogeny Diffie-Hellman (SIDH) key agreement protocol can be naturally extended to CSIDH. Furthermore, we report a software library that achieves moderate but noticeable performance speedups when compared aga… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
25
0

Year Published

2022
2022
2023
2023

Publication Types

Select...
5
1

Relationship

2
4

Authors

Journals

citations
Cited by 16 publications
(25 citation statements)
references
References 15 publications
0
25
0
Order By: Relevance
“…We report the first constant-time C-coded implementation of the CSIDH group action evaluation that uses the new fast isogeny algorithm of [6], as reported in [2]. The C-code implementation allows an easy application for any prime field, which requires the shortest differential addition chains (SDACs), the list of small odd primes (SOPs), and the optimal strategies presented in [15]; in particular, our C-code implementation is a direct application of the algorithm and Python-code presented in [2], and thus all the data framework required (for each different prime field) can be obtained from its corresponding Python-code version.…”
Section: Resultsmentioning
confidence: 99%
See 4 more Smart Citations
“…We report the first constant-time C-coded implementation of the CSIDH group action evaluation that uses the new fast isogeny algorithm of [6], as reported in [2]. The C-code implementation allows an easy application for any prime field, which requires the shortest differential addition chains (SDACs), the list of small odd primes (SOPs), and the optimal strategies presented in [15]; in particular, our C-code implementation is a direct application of the algorithm and Python-code presented in [2], and thus all the data framework required (for each different prime field) can be obtained from its corresponding Python-code version.…”
Section: Resultsmentioning
confidence: 99%
“…3 shows experimental results for all instantiations of CSIDH using exponent bounds ranging from m = 1 to m = 4. Each exponent bound is parameterized to reach the same security, meaning fewer i for larger m. In all cases we started from the global bound and then optimized for the bounds per individual small prime and evaluation strategies as in [15]. Note that some configurations of the 1024-and 1792bit primes do not have enough i 's to support the m = 1 and m = 2 bounds.…”
Section: Resultsmentioning
confidence: 99%
See 3 more Smart Citations