Paper 2020/1520
The SQALE of CSIDH: Sublinear Vélu Quantum-resistant isogeny Action with Low Exponents
Jorge Chávez-Saab, Jesús-Javier Chi-Domínguez, Samuel Jaques, and Francisco Rodríguez-Henríquez
Abstract
Recent independent analyses by Bonnetain-Schrottenloher and Peikert in Eurocrypt 2020 significantly reduced the estimated quantum security of the isogeny-based commutative group action key-exchange protocol CSIDH. This paper refines the estimates of a resource-constrained quantum collimation sieve attack to give a precise quantum security to CSIDH. Furthermore, we optimize large CSIDH parameters for performance while still achieving the NIST security levels 1, 2, and 3. Finally, we provide a C-code constant-time implementation of those CSIDH large instantiations using the square-root-complexity Vélu’s formulas recently proposed by Bernstein, De Feo, Leroux and Smith.
Note: Small updates throughout the manuscript
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Minor revision. Journal of Cryptographic Engineering (JCEN)
- Keywords
- CSIDHisogeny-based cryptographyKuperberg attackquantum collimation sieve attack
- Contact author(s)
-
jorgechavezsaab @ gmail com
jesus dominguez @ tii ae
sam @ samueljaques com
francisco @ cs cinvestav mx - History
- 2022-01-18: last of 3 revisions
- 2020-12-04: received
- See all versions
- Short URL
- https://ia.cr/2020/1520
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1520,
author = {Jorge Chávez-Saab and Jesús-Javier Chi-Domínguez and Samuel Jaques and Francisco Rodríguez-Henríquez},
title = {The {SQALE} of {CSIDH}: Sublinear Vélu Quantum-resistant isogeny Action with Low Exponents},
howpublished = {Cryptology {ePrint} Archive, Paper 2020/1520},
year = {2020},
url = {https://eprint.iacr.org/2020/1520}
}
