Paper 2019/297

Towards Optimized and Constant-Time CSIDH on Embedded Devices

Amir Jalali, Reza Azarderakhsh, Mehran Mozaffari Kermani, and David Jao

Abstract

We present an optimized, constant-time software library for commutative supersingular isogeny Diffie-Hellman key exchange (CSIDH) proposed by Castryck et al. which targets 64-bit ARM processors. The proposed library is implemented based on highly-optimized field arithmetic operations and computes the entire key exchange in constant-time. The proposed implementation is resistant to timing attacks. We adopt optimization techniques to evaluate the highest performance CSIDH on ARM-powered embedded devices such as cellphones, analyzing the possibility of using such a scheme in the quantum era. To the best of our knowledge, the proposed implementation is the first constant-time implementation of CSIDH and the first evaluation of this scheme on embedded devices. The benchmark result on a Google Pixel 2 smartphone equipped with 64-bit high-performance ARM Cortex-A72 core shows that it takes almost 12 seconds for each party to compute a commutative action operation in constant-time over the 511-bit finite field proposed by Castryck et al. However, using uniform but variable-time Montgomery ladder with security considerations improves these results significantly.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Constructive Side-Channel Analysis and Secure Design (COSADE) 2019
Keywords
commutative supersingular isogenyconstant-timeembedded devicespost-quantum cryptography
Contact author(s)
ajalali2016 @ fau edu
History
2019-03-20: received
Short URL
https://ia.cr/2019/297
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/297,
      author = {Amir Jalali and Reza Azarderakhsh and Mehran Mozaffari Kermani and David Jao},
      title = {Towards Optimized and Constant-Time {CSIDH} on Embedded Devices},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/297},
      year = {2019},
      url = {https://eprint.iacr.org/2019/297}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.