Cryptology ePrint Archive: Report 2016/1044

Fast Hardware Architectures for Supersingular Isogeny Diffie-Hellman Key Exchange on FPGA

Brian Koziel, Reza Azarderakhsh, Mehran Mozaffari Kermani

Abstract: In this paper, we present a constant-time hardware implementation that achieves new speed records for the supersingular isogeny Diffie-Hellman (SIDH), even when compared to highly optimized Haswell computer architectures. We employ inversion-free projective isogeny formulas presented by Costello et al. at CRYPTO 2016 on an FPGA. Modern FPGA's can take advantage of heavily parallelized arithmetic in $\mathbb{F}_{p^{2}}$, which lies at the foundation of supersingular isogeny arithmetic. Further, by utilizing many arithmetic units, we parallelize isogeny evaluations to accelerate the computations of large-degree isogenies by approximately 57\%. On a constant-time implementation of 124-bit quantum security SIDH on a Virtex-7, we generate ephemeral public keys in 10.6 and 11.6 ms and generate the shared secret key in 9.5 and 10.8 ms for Alice and Bob, respectively. This improves upon the previous best time in the literature for 768-bit implementations by a factor of 1.48. Our 83-bit quantum security implementation improves upon the only other implementation in the literature by a speedup of 1.74 featuring fewer resources and constant-time.

Category / Keywords: Post-quantum cryptography, elliptic curve cryptography, isogeny-based cryptography, Field programmable gate array

Original Publication (with minor differences): INDOCRYPT2016

Date: received 3 Nov 2016, last revised 7 Nov 2016

Contact author: azarderakhsh at gmail com, kozielbrian@gmail com

Available format(s): PDF | BibTeX Citation

Version: 20161107:154320 (All versions of this report)

Short URL: ia.cr/2016/1044

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]