Towards High-Performance Supersingular Isogeny Cryptographic Hardware Accelerator Design
Round 1
Reviewer 1 Report
The paper is well written.
Comments:
- References are not uniformly formatted.
- Talk about the attacks on SIKE, explain how CSIDH might be safe.
- Do you think in the new signature competition from NIST established in June 2023, there will be a signature-based isogenies as submission?
- There have been many works on SCAs on PQC, for example the following works on NTT, add them and have a subsection explaining SCAs related to isogenies:
A Side-Channel Attack on a Hardware Implementation of CRYSTALS-Kyber Yanning Ji, Ruize Wang, Kalle Ngo, Elena Dubrova, Linus Backlund Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware Hauke Steffen, Georg Land, Lucie Kogelheide, Tim Güneysu Multiple-Valued Plaintext-Checking Side-Channel Attacks on Post-Quantum KEMs Yutaro Tanaka, Rei Ueno, Keita Xagawa, Akira Ito, Junko Takahashi, Naofumi Homma Pushing the Limits of Generic Side-Channel Attacks on LWE-based KEMs - Parallel PC Oracle Attacks on Kyber KEM and Beyond Gokulnath Rajendran, Prasanna Ravi, Jan-Pieter D'Anvers, Shivam Bhasin, Anupam Chattopadhyay A. Sarker, M. Mozaffari Kermani, and R. Azarderakhsh, "Efficient error detection architectures for post quantum signature Falcon's sampler and KEM SABER," IEEE Transactions on Very Large Scale Integrated (VLSI) Systems, vol. 30, no. 6, pp. 794-802, Jun. 2022. Side-Channel Attacks on Lattice-Based KEMs Are Not Prevented by Higher-Order Masking Kalle Ngo, Ruize Wang, Elena Dubrova, Nils Paulsrud
Main question is how to deal with attacks after quantum computers arrive. The paper is based on new methods in implementing SI a PQC variant.
The results are appropriate. Paper definitely fills the gap between theory and implementation of PQC specially SIKE SIDH CSIDH. Implementations are appropriate and compared to the state of the art I see improvements. You can talk about curves such as FourQ and 25519 as well to support your work.Overall, your work can replace ECC after the advent of quantum computers.
Author Response
Please see the attachment.
Author Response File: 
Author Response.pdf
Reviewer 2 Report
1- the proposed architecture completes the 13 protocol with the same latency as the latest field-programmable gate array implementation and more 14 efficient area utilization. Finally, we show that the proposed architecture can be leveraged in other 15 isogeny applications and discuss possible future improvements, rewrite the section to focus about what he main problem and contribution
2- what the main idea? CSIDH is one such innovative scheme that has the smallest 34 public-key size as a post-quantum key exchange or encapsulation scheme
3-how can split it "The algorithm, which relies on the use of Richelot isogenies 54 and abelian surfaces, employs a "glue-and-split"
4-equation 1 need more describe
5-which reference for "SIDH works on elliptic curves in the same way as ECDH but replaces the 156 underlying computation by handling large degree isogenies"
6-where and why using "3.2. Quotient Pipeline"
7-not clear "s, the cost of the 1-stage quotient pipeline can be further 300 mitigated. "
8-the Booth encoder takes a multiplicand segment from the ahead 346 register and a multiplicator radix to produce the partial products of biA, diC, qiMe. A bundle 347 of partial products is dropped into the Wallace tree and passes through a 6-layer 4:2 CSA. 348 This yields the final result? how can get final result
9-why using "approximately 745 modular squares and 150 modular multiplications. By comparison"
10-in line 520 It is not feasible for all operands of different sizes to properly occupy the arithmetic unit, particularly when the radix is comparable with the size of operands. why?
11-need more result ,application, comparison
12-replace reference 13
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 2
Reviewer 2 Report
no comments
