Paper 2019/1404

CSIDH on the surface

Wouter Castryck and Thomas Decru

Abstract

For primes \(p \equiv 3 \bmod 4\), we show that setting up CSIDH on the surface, i.e., using supersingular elliptic curves with endomorphism ring \(Z[(1 + \sqrt{-p})/2]\), amounts to just a few sign switches in the underlying arithmetic. If \(p \equiv 7 \bmod 8\) then the availability of very efficient horizontal 2-isogenies allows for a noticeable speed-up, e.g., our resulting CSURF-512 protocol runs about 5.68% faster than CSIDH-512. This improvement is completely orthogonal to all previous speed-ups, constant-time measures and construction of cryptographic primitives that have appeared in the literature so far. At the same time, moving to the surface gets rid of the redundant factor \(Z_3\) of the acting ideal-class group, which is present in the case of CSIDH and offers no extra security.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
isogeny-based cryptographyhard homogeneous spacesCSIDHMontgomery curves
Contact author(s)
thomas decru @ kuleuven be
History
2020-01-31: revised
2019-12-05: received
See all versions
Short URL
https://ia.cr/2019/1404
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/1404,
      author = {Wouter Castryck and Thomas Decru},
      title = {{CSIDH} on the surface},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1404},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1404}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.