Paper 2019/297

Towards Optimized and Constant-Time CSIDH on Embedded Devices

Amir Jalali, Reza Azarderakhsh, Mehran Mozaffari Kermani, and David Jao


We present an optimized, constant-time software library for commutative supersingular isogeny Diffie-Hellman key exchange (CSIDH) proposed by Castryck et al. which targets 64-bit ARM processors. The proposed library is implemented based on highly-optimized field arithmetic operations and computes the entire key exchange in constant-time. The proposed implementation is resistant to timing attacks. We adopt optimization techniques to evaluate the highest performance CSIDH on ARM-powered embedded devices such as cellphones, analyzing the possibility of using such a scheme in the quantum era. To the best of our knowledge, the proposed implementation is the first constant-time implementation of CSIDH and the first evaluation of this scheme on embedded devices. The benchmark result on a Google Pixel 2 smartphone equipped with 64-bit high-performance ARM Cortex-A72 core shows that it takes almost 12 seconds for each party to compute a commutative action operation in constant-time over the 511-bit finite field proposed by Castryck et al. However, using uniform but variable-time Montgomery ladder with security considerations improves these results significantly.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Constructive Side-Channel Analysis and Secure Design (COSADE) 2019
commutative supersingular isogenyconstant-timeembedded devicespost-quantum cryptography
Contact author(s)
ajalali2016 @ fau edu
2019-03-20: received
Short URL
Creative Commons Attribution


      author = {Amir Jalali and Reza Azarderakhsh and Mehran Mozaffari Kermani and David Jao},
      title = {Towards Optimized and Constant-Time CSIDH on Embedded Devices},
      howpublished = {Cryptology ePrint Archive, Paper 2019/297},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.