Paper 2019/1121

Further Optimizations of CSIDH: A Systematic Approach to Efficient Strategies, Permutations, and Bound Vectors

Aaron Hutchinson, Jason LeGrow, Brian Koziel, and Reza Azarderakhsh


CSIDH is a recent post-quantum key establishment protocol based on constructing isogenies between supersingular elliptic curves. Several recent works give constant-time implementations of CSIDH along with some optimizations of the ideal class group action evaluation algorithm, including the SIMBA technique of Meyer et al. and the "two-point method" of Onuki et al. A recent work of Cervantes-Vazquez et al. details a number of improvements to the works of Meyer et al. and Onuki et al. Several of these optimizations---in particular, the choice of ordering of the primes, the choice of SIMBA partition and strategies, and the choice of bound vector which defines the secret keyspace---have been made in an ad hoc fashion, and so while they yield performance improvements it has not been clear whether these choices could be improved upon, or how to do so. In this work we present a framework for improving these optimizations using (respectively) linear programming, dynamic programming, and convex programming techniques. Our framework is applicable to any CSIDH security level, to all currently-proposed paradigms for computing the class group action, and to any choice of model for the underlying curves. Using our framework we find improved parameter sets for the two major methods of computing the group action: in the case of the implementation of Meyer et al. we obtain a 12.77% speedup without applying the further optimizations proposed by Cervantes-Vazquez et al., while for that of Cervantes-Vazquez et al. under the two-point method we obtain a speedup of 5.06%, giving the fastest constant-time implementation of CSIDH to date.

Note: The cycle counts in Table 2 have been corrected. Previously, tests were accidentally ran with Turbo Boost enabled. They have been reran and the cycle counts and speedups updated. New speedup values are within 0.3% of the originally reported values.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Minor revision. 18th International Conference on Applied Cryptography and Network Security
Post-quantum cryptographyisogeny-based cryptographykey establishmentCSIDH
Contact author(s)
jlegrow @ uwaterloo ca
a5hutchinson @ uwaterloo ca
bkoziel2017 @ fau edu
razarderakhsh @ fau edu
2020-08-04: last of 3 revisions
2019-10-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aaron Hutchinson and Jason LeGrow and Brian Koziel and Reza Azarderakhsh},
      title = {Further Optimizations of CSIDH: A Systematic Approach to Efficient Strategies, Permutations, and Bound Vectors},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1121},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.