Paper 2020/1178

An Efficient Authenticated Key Exchange from Random Self-Reducibility on CSIDH

Tomoki Kawashima, Katsuyuki Takashima, Yusuke Aikawa, and Tsuyoshi Takagi


SIDH and CSIDH are key exchange protocols based on isogenies and conjectured to be quantum-resistant. Since the protocols are similar to the classical Diffie–Hellman, they are vulnerable to the man-in-the-middle attack. A key exchange which is resistant to such an attack is called an authenticated key exchange (AKE), and many isogeny-based AKEs have been proposed. However, the parameter sizes of the existing schemes should be large since they all have relatively large security losses in security proofs. This is partially because the random self-reducibility of isogeny-based decisional problems has not been proved yet. In this paper, we show that the computational problem and the gap problem of CSIDH are random self-reducible. A gap problem is a computational problem given access to the corresponding decision oracle. Moreover, we propose a CSIDH-based AKE with small security loss, following the construction of Cohn-Gordon et al. in CRYPTO 2019, as an application of the random self-reducibility of the gap problem of CSIDH. Our AKE is proved to be the fastest CSIDH-based AKE when we aim at 110-bit security level.

Available format(s)
Publication info
Preprint. MINOR revision.
Contact author(s)
tomoki_kawashima @ mist i u-tokyo ac jp
2020-11-20: last of 2 revisions
2020-09-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tomoki Kawashima and Katsuyuki Takashima and Yusuke Aikawa and Tsuyoshi Takagi},
      title = {An Efficient Authenticated Key Exchange from Random Self-Reducibility on {CSIDH}},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1178},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.