Next Article in Journal
Implementation of a New Strongly-Asymmetric Algorithm and Its Optimization
Previous Article in Journal
Tamper and Clone-Resistant Authentication Scheme for Medical Image Systems
Previous Article in Special Issue
An Improved Identity-Based Multivariate Signature Scheme Based on Rainbow
Open AccessArticle

Optimized CSIDH Implementation Using a 2-Torsion Point

1
Graduate School of Information Security, Institute of Cyber Security and Privacy (ICSP), Korea University, Seoul 02841, Korea
2
NSHC Inc., Seoul 08502, Korea
3
Department of Information Security, Graduate School of Information Security, Sejong Cyber University, Seoul 05000, Korea
*
Author to whom correspondence should be addressed.
Cryptography 2020, 4(3), 20; https://doi.org/10.3390/cryptography4030020
Received: 29 June 2020 / Revised: 27 July 2020 / Accepted: 28 July 2020 / Published: 29 July 2020
The implementation of isogeny-based cryptography mainly use Montgomery curves, as they offer fast elliptic curve arithmetic and isogeny computation. However, although Montgomery curves have efficient 3- and 4-isogeny formula, it becomes inefficient when recovering the coefficient of the image curve for large degree isogenies. Because the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) requires odd-degree isogenies up to at least 587, this inefficiency is the main bottleneck of using a Montgomery curve for CSIDH. In this paper, we present a new optimization method for faster CSIDH protocols entirely on Montgomery curves. To this end, we present a new parameter for CSIDH, in which the three rational two-torsion points exist. By using the proposed parameters, the CSIDH moves around the surface. The curve coefficient of the image curve can be recovered by a two-torsion point. We also proved that the CSIDH while using the proposed parameter guarantees a free and transitive group action. Additionally, we present the implementation result using our method. We demonstrated that our method is 6.4% faster than the original CSIDH. Our works show that quite higher performance of CSIDH is achieved while only using Montgomery curves. View Full-Text
Keywords: post-quantum cryptography; isogeny; Montgomery curves; two-torsion points; Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) post-quantum cryptography; isogeny; Montgomery curves; two-torsion points; Commutative Supersingular Isogeny Diffie-Hellman (CSIDH)
MDPI and ACS Style

Heo, D.; Kim, S.; Yoon, K.; Park, Y.-H.; Hong, S. Optimized CSIDH Implementation Using a 2-Torsion Point. Cryptography 2020, 4, 20.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop