Paper 2018/1198

On Lions and Elligators: An efficient constant-time implementation of CSIDH

Michael Meyer, Fabio Campos, and Steffen Reith

Abstract

The recently proposed CSIDH primitive is a promising candidate for post quantum static-static key exchanges with very small keys. However, until now there is only a variable-time proof-of-concept implementation by Castryck, Lange, Martindale, Panny, and Renes, recently optimized by Meyer and Reith, which can leak various information about the private key. Therefore, we present an efficient constant-time implementation that samples key elements only from intervals of nonnegative numbers and uses dummy isogenies, which prevents certain kinds of side-channel attacks. We apply several optimizations, e.g. Elligator and the newly introduced SIMBA, in order to get a more efficient implementation.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
CSIDHPost-Quantum Cryptographyconstant-timeSupersingular Elliptic Curve Isogenies
Contact author(s)
michael meyer @ hs-rm de
History
2019-02-12: revised
2018-12-18: received
See all versions
Short URL
https://ia.cr/2018/1198
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2018/1198,
      author = {Michael Meyer and Fabio Campos and Steffen Reith},
      title = {On Lions and Elligators: An efficient constant-time implementation of CSIDH},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1198},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1198}},
      url = {https://eprint.iacr.org/2018/1198}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.