Cryptology ePrint Archive: Report 2018/1198

On Lions and Elligators: An efficient constant-time implementation of CSIDH

Michael Meyer and Fabio Campos and Steffen Reith

Abstract: The recently proposed CSIDH primitive is a promising candidate for post quantum static-static key exchanges with very small keys. However, until now there is only a variable-time proof-of-concept implementation by Castryck, Lange, Martindale, Panny, and Renes, recently optimized by Meyer and Reith, that can leak various information about the private key. Therefore, we present a constant-time implementation that samples key elements only from intervals of nonnegative numbers and uses dummy isogenies, which prevents certain kinds of side-channel attacks. We apply several optimizations, e.g. SIMBA and Elligator, in order to get a more efficient implementation.

Category / Keywords: CSIDH , Post-Quantum Cryptography, constant-time, Supersingular Elliptic Curve Isogenies

Date: received 11 Dec 2018, last revised 12 Dec 2018

Contact author: michael meyer at hs-rm de

Available format(s): PDF | BibTeX Citation

Version: 20181218:193707 (All versions of this report)

Short URL: ia.cr/2018/1198


[ Cryptology ePrint archive ]