Cryptology ePrint Archive: Report 2018/376

Arithmetic Considerations for Isogeny Based Cryptography

Joppe W. Bos and Simon Friedberger

Abstract: In this paper we investigate various arithmetic techniques which can be used to potentially enhance the performance in the supersingular isogeny Diffie-Hellman (SIDH) key-exchange protocol which is one of the more recent contenders in the post-quantum public-key arena. Firstly, we give a systematic overview of techniques to compute efficient arithmetic modulo $2^xp^y\pm 1$. Our overview shows that in the SIDH setting, where arithmetic over a quadratic extension field is required, the approaches based on Montgomery reduction for such primes of a special shape are to be preferred. Moreover, the outcome of our investigation reveals that there exist moduli which allow even faster implementations.

Secondly, we investigate if it is beneficial to use other curve models to speed-up the elliptic curve scalar multiplication. The use of twisted Edwards curves allows one to search for efficient addition-subtraction chains for fixed scalars while this is not possible with the differential addition law when using Montgomery curves. Our preliminary results show that despite the fact that we found such efficient chains, using twisted Edwards curves does not result in faster scalar multiplication arithmetic in the setting of SIDH.

Category / Keywords:

Date: received 25 Apr 2018, last revised 1 May 2018

Contact author: joppe bos at nxp com

Available format(s): PDF | BibTeX Citation

Note: This is an extended version of

Version: 20180501:073753 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]