Paper 2020/391
Optimized CSIDH Implementation Using a 2-torsion Point
Donghoe Heo, Suhri Kim, Kisoon Yoon, Young-Ho Park, and Seokhie Hong
Abstract
The implementation of isogeny-based cryptography mainly use Montgomery curves as they offer fast elliptic curve arithmetic and isogeny compuation. However, although Montgomery curves have efficient 3- and 4-isogenies, it becomes inefficient when recovering the coefficient of the image curve for large degree isogenies. This is the main bottleneck of using a Montgomery curve for CSIDH as it requires odd-degree isogenies up to at least 587. In this paper, we present a new optimization method for faster CSIDH protocols entirely on Montgomery curves. To this end, we present a new parameter for CSIDH in which the rational 2-torsion points are defined over $\mathbb{F}_p$. By using the proposed parameters the CSIDH moves around the surface. The curve coefficient of the image curve can be recovered by a 2-torsion point. We also proved that the CSIDH using the proposed parameter guarantees a free and transitive group action. Additionally, we present the implementation result using our method. We demonstrated that our method is 6.1% faster than the original CSIDH. Our works show that quite higher performance of CSIDH is achieved using only Montgomery curves.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- Post-quantum cryptographyIsogenyMontgomery curves2-torsion pointsCSIDH.
- Contact author(s)
- dong5641 @ korea ac kr
- History
- 2020-04-28: revised
- 2020-04-09: received
- See all versions
- Short URL
- https://ia.cr/2020/391
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/391,
author = {Donghoe Heo and Suhri Kim and Kisoon Yoon and Young-Ho Park and Seokhie Hong},
title = {Optimized {CSIDH} Implementation Using a 2-torsion Point},
howpublished = {Cryptology {ePrint} Archive, Paper 2020/391},
year = {2020},
url = {https://eprint.iacr.org/2020/391}
}
