## Cryptology ePrint Archive: Report 2018/882

Pre- and post-quantum Diffie--Hellman from groups, actions, and isogenies

Benjamin Smith

Abstract: Diffie--Hellman key exchange is at the foundations of public-key cryptography, but conventional group-based Diffie--Hellman is vulnerable to Shor's quantum algorithm. A range of post-quantum Diffie--Hellman'' protocols have been proposed to mitigate this threat, including the Couveignes, Rostovtsev--Stolbunov, SIDH, and CSIDH schemes, all based on the combinatorial and number-theoretic structures formed by isogenies of elliptic curves. Pre- and post-quantum Diffie--Hellman schemes resemble each other at the highest level, but the further down we dive, the more differences emerge---differences that are critical when we use Diffie--Hellman as a basic component in more complicated constructions. In this survey we compare and contrast pre- and post-quantum Diffie--Hellman algorithms, highlighting some important subtleties.

Category / Keywords: public-key cryptography / key exchange; elliptic-curve cryptography; isogenies; post-quantum cryptosystems

Original Publication (with minor differences): Proceedings of WAIFI 2018