Paper 2017/1202

Faster Cryptographic Hash Function From Supersingular Isogeny Graphs

Javad Doliskani, Geovandro C. C. F. Pereira, and Paulo S. L. M. Barreto


We propose a variant of the CGL hash, Charles et al. 2009, that is significantly faster than the original algorithm, and prove that it is preimage and collision resistant. For $n = \log p$ where $p$ is the characteristic of the finite field, the performance ratio between CGL and the new proposal is $(5.7n + 110) / (13.5\log n + 46.4)$. This gives an exponential speed up as the size of $p$ increases. Assuming the best quantum preimage attack on the hash has complexity $O(p^{\frac{1}{4}})$, we attain a concrete speed-up for a 256-bit quantum preimage security level by a factor 33.5. For a 384-bit quantum preimage security level, the speed-up is by a factor 47.8.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Cryptographic hash functionsSupersingular elliptic curvesIsogeny graphsExpander graphs
Contact author(s)
geovandro pereira @ uwaterloo ca
2019-04-09: last of 2 revisions
2017-12-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Javad Doliskani and Geovandro C.  C.  F.  Pereira and Paulo S.  L.  M.  Barreto},
      title = {Faster Cryptographic Hash Function From Supersingular Isogeny Graphs},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1202},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.