Cryptology ePrint Archive: Report 2020/1165

Practical Isogeny-Based Key-exchange with Optimal Tightness

Bor de Kock and Kristian Gjøsteen and Mattia Veroni

Abstract: We exploit the Diffie-Hellman-like structure of CSIDH to build a quantum-resistant authenticated key-exchange algorithm. Our security proof has optimal tightness, which means that the protocol is efficient even when instantiated with theoretically-sound security parameters. Compared to previous isogeny-based authenticated key-exchange protocols, our scheme is extremely simple, its security relies only on the underlying CSIDH-problem and it has optimal communication complexity for CSIDH-based protocols. Our security proof relies heavily on the rerandomizability of CSIDH-like problems and carries on in the ROM.

Category / Keywords: cryptographic protocols / Post-quantum, isogenies, key-exchange, provable-security, tightness, rerandomization.

Date: received 24 Sep 2020

Contact author: mattia veroni at ntnu no

Available format(s): PDF | BibTeX Citation

Note: This paper, with minor modifications, will appear at SAC2020.

Version: 20200925:184752 (All versions of this report)

Short URL: ia.cr/2020/1165