Paper 2020/1457

The Cost to Break SIKE: A Comparative Hardware-Based Analysis with AES and SHA-3

Patrick Longa, Wen Wang, and Jakub Szefer


This work presents a detailed study of the classical security of the post-quantum supersingular isogeny key encapsulation (SIKE) protocol using a realistic budget-based cost model that considers the actual computing and memory costs that are needed for cryptanalysis. In this effort, we design especially-tailored hardware accelerators for the time-critical multiplication and isogeny computations that we use to model an ASIC-powered instance of the van Oorschot-Wiener (vOW) parallel collision search algorithm. We then extend the analysis to AES and SHA-3 in the context of the NIST post-quantum cryptography standardization process to carry out a parameter analysis based on our cost model. This analysis, together with the state-of-the-art quantum security analysis of SIKE, indicates that the current SIKE parameters offer higher practical security than currently believed, closing an open issue on the suitability of the parameters to match NIST's security levels. In addition, we explore the possibility of using significantly smaller primes to enable more efficient and compact implementations with reduced bandwidth. Our improved cost model and analysis can be applied to other cryptographic settings and primitives, and can have implications for other post-quantum candidates in the NIST process.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in CRYPTO 2021
Post-quantum cryptographycost modelcryptanalysisSIKESIDHAESSHA-3efficient implementation
Contact author(s)
plonga @ microsoft com
2021-10-29: last of 2 revisions
2020-11-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Patrick Longa and Wen Wang and Jakub Szefer},
      title = {The Cost to Break SIKE: A Comparative Hardware-Based Analysis with AES and SHA-3},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1457},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.