Cryptology ePrint Archive: Report 2018/1198

On Lions and Elligators: An efficient constant-time implementation of CSIDH

Michael Meyer and Fabio Campos and Steffen Reith

Abstract: The recently proposed CSIDH primitive is a promising candidate for post quantum static-static key exchanges with very small keys. However, until now there is only a variable-time proof-of-concept implementation by Castryck, Lange, Martindale, Panny, and Renes, recently optimized by Meyer and Reith, which can leak various information about the private key. Therefore, we present an efficient constant-time implementation that samples key elements only from intervals of nonnegative numbers and uses dummy isogenies, which prevents certain kinds of side-channel attacks. We apply several optimizations, e.g. Elligator and the newly introduced SIMBA, in order to get a more efficient implementation.

Category / Keywords: CSIDH , Post-Quantum Cryptography, constant-time, Supersingular Elliptic Curve Isogenies

Date: received 11 Dec 2018, last revised 12 Feb 2019

Contact author: michael meyer at hs-rm de

Available format(s): PDF | BibTeX Citation

Version: 20190212:155117 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]