Paper 2011/506

Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

Luca De Feo, David Jao, and Jérôme Plût


We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the parties to construct a shared commutative square despite the noncommutativity of the endomorphism ring. Our work is motivated by the recent development of a subexponential-time quantum algorithm for constructing isogenies between ordinary elliptic curves. In the supersingular case, by contrast, the fastest known quantum attack remains exponential, since the noncommutativity of the endomorphism ring means that the approach used in the ordinary case does not apply. We give a precise formulation of the necessary computational assumptions along with a discussion of their validity, and prove the security of our protocols under these assumptions. In addition, we present implementation results showing that our protocols are multiple orders of magnitude faster than previous isogeny-based cryptosystems over ordinary curves. This paper is an extended version of~\cite{pqcrypto}. We add a new zero-knowledge identification scheme, and detailed security proofs for the protocols. We also present a new, asymptotically faster, algorithm for key generation, a thorough study of its optimization, and new experimental data.

Note: Extended version.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. PQCrypto 2011
elliptic curvesisogeniesquantum-resistant cryptosystems
Contact author(s)
djao @ math uwaterloo ca
2012-07-04: revised
2011-09-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Luca De Feo and David Jao and Jérôme Plût},
      title = {Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies},
      howpublished = {Cryptology ePrint Archive, Paper 2011/506},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.