Paper 2020/1012

Compact, Efficient and UC-Secure Isogeny-Based Oblivious Transfer

Yi-Fu Lai, University of Auckland
Steven D. Galbraith, University of Auckland
Cyprien Delpech de Saint Guilhem, KU Leuven

Oblivious transfer (OT) is an essential cryptographic tool that can serve as a building block for almost all secure multiparty functionalities. The strongest security notion against malicious adversaries is universal composability (UC-secure). An important goal is to have post-quantum OT protocols. One area of interest for post-quantum cryptography is isogeny-based crypto. Isogeny-based cryptography has some similarities to Diffie-Hellman, but lacks some algebraic properties that are needed for discrete-log-based OT protocols. Hence it is not always possible to directly adapt existing protocols to the isogeny setting. We propose the first practical isogeny-based UC-secure oblivious transfer protocol in the presence of malicious adversaries. Our scheme uses the CSIDH framework and does not have an analogue in the Diffie-Hellman setting. The scheme consists of a constant number of isogeny computations. The underlying computational assumption is a problem that we call the computational reciprocal CSIDH problem, and that we prove polynomial-time equivalent to the computational CSIDH problem.

Note: This is the full version of a paper accepted to EUROCRYPT 2021

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in EUROCRYPT 2021
oblivious transfer isogeny-based cryptography
Contact author(s)
27182818284fu lai @ gmail com
s galbraith @ auckland ac nz
cyprien delpechdesaintguilhem @ kuleuven be
2022-11-11: last of 5 revisions
2020-08-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yi-Fu Lai and Steven D.  Galbraith and Cyprien Delpech de Saint Guilhem},
      title = {Compact, Efficient and UC-Secure Isogeny-Based Oblivious Transfer},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1012},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.