Paper 2019/1404

CSIDH on the surface

Wouter Castryck and Thomas Decru

Abstract

For primes , we show that setting up CSIDH on the surface, i.e., using supersingular elliptic curves with endomorphism ring , amounts to just a few sign switches in the underlying arithmetic. If then the availability of very efficient horizontal 2-isogenies allows for a noticeable speed-up, e.g., our resulting CSURF-512 protocol runs about 5.68% faster than CSIDH-512. This improvement is completely orthogonal to all previous speed-ups, constant-time measures and construction of cryptographic primitives that have appeared in the literature so far. At the same time, moving to the surface gets rid of the redundant factor of the acting ideal-class group, which is present in the case of CSIDH and offers no extra security.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
isogeny-based cryptographyhard homogeneous spacesCSIDHMontgomery curves
Contact author(s)
thomas decru @ kuleuven be
History
2020-01-31: revised
2019-12-05: received
See all versions
Short URL
https://ia.cr/2019/1404
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/1404,
      author = {Wouter Castryck and Thomas Decru},
      title = {{CSIDH} on the surface},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1404},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1404}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.