## Cryptology ePrint Archive: Report 2021/506

Delegating Supersingular Isogenies over $\mathbb{F}_{p^2}$ with Cryptographic Applications

Robi Pedersen and Osmanbey Uzunkol

Abstract: Although isogeny-based cryptographic schemes enjoy the lowest key sizes amongst current post-quantum cryptographic candidates, they unfortunately come at a high computational cost, which makes their deployment on the ever-growing number of resource-constrained devices difficult. Speeding up the expensive post-quantum cryptographic operations by delegating these computations from a weaker client to untrusted powerful external servers is a promising approach. Following this, we present in this work mechanisms allowing computationally restricted devices to securely and verifiably delegate isogeny computations to potentially untrusted third parties. In particular, we propose two algorithms that can be seamlessly integrated into existing isogeny-based protocols and which lead to a much lower cost for the delegator than the full, local computation. For example, compared to the local computation cost, we reduce the public-key computation step of SIDH/SIKE by a factor 5 and the zero-knowledge proof of identity from Jao and De Feo by a factor 16 for the prover, while it becomes almost free for the verifier, respectively, at the NIST security level 1.

Category / Keywords: public-key cryptography / Isogeny-based cryptography, Post-quantum cryptography, secure computation outsourcing, lightweight cryptography

Date: received 19 Apr 2021, last revised 6 May 2021

Contact author: robi pedersen at protonmail com, osmanbey uzunkol@gmail com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2021/506

[ Cryptology ePrint archive ]