Cryptology ePrint Archive: Report 2019/297

Towards Optimized and Constant-Time CSIDH on Embedded Devices

Amir Jalali and Reza Azarderakhsh and Mehran Mozaffari Kermani and David Jao

Abstract: We present an optimized, constant-time software library for commutative supersingular isogeny Diffie-Hellman key exchange (CSIDH) proposed by Castryck et al. which targets 64-bit ARM processors. The proposed library is implemented based on highly-optimized field arithmetic operations and computes the entire key exchange in constant-time. The proposed implementation is resistant to timing attacks. We adopt optimization techniques to evaluate the highest performance CSIDH on ARM-powered embedded devices such as cellphones, analyzing the possibility of using such a scheme in the quantum era. To the best of our knowledge, the proposed implementation is the first constant-time implementation of CSIDH and the first evaluation of this scheme on embedded devices. The benchmark result on a Google Pixel 2 smartphone equipped with 64-bit high-performance ARM Cortex-A72 core shows that it takes almost 12 seconds for each party to compute a commutative action operation in constant-time over the 511-bit finite field proposed by Castryck et al. However, using uniform but variable-time Montgomery ladder with security considerations improves these results significantly.

Category / Keywords: public-key cryptography / commutative supersingular isogeny, constant-time, embedded devices, post-quantum cryptography

Original Publication (in the same form): Constructive Side-Channel Analysis and Secure Design (COSADE) 2019

Date: received 14 Mar 2019

Contact author: ajalali2016 at fau edu

Available format(s): PDF | BibTeX Citation

Version: 20190320:102534 (All versions of this report)

Short URL: ia.cr/2019/297


[ Cryptology ePrint archive ]