We further show that the proposed algorithm can be used to both compute isogenies of curves and evaluate isogenies at points, unifying the two main types of functions needed for isogeny-based public-key cryptography. Together, these results open the door for practical SIDH on a much wider class of curves, and allow for simplified SIDH implementations that only need to call one general-purpose function inside the fundamental computation of the large degree secret isogenies.
As an additional contribution, we also give new explicit formulas for 3- and 4-isogenies, and show that these give immediate speedups when substituted into pre-existing SIDH libraries.
Category / Keywords: Post-quantum cryptography, isogeny-based cryptography, SIDH, Montgomery curves. Original Publication (in the same form): IACR-ASIACRYPT-2017 Date: received 1 Jun 2017, last revised 11 Sep 2017 Contact author: craigco at microsoft com Available format(s): PDF | BibTeX Citation Version: 20170911:205136 (All versions of this report) Short URL: ia.cr/2017/504 Discussion forum: Show discussion | Start new discussion