Cryptology ePrint Archive: Report 2021/633

CTIDH: faster constant-time CSIDH

Gustavo Banegas and Daniel J. Bernstein and Fabio Campos and Tung Chou and Tanja Lange and Michael Meyer and Benjamin Smith and Jana Sotáková

Abstract: This paper introduces a new key space for CSIDH and a new algorithm for constant-time evaluation of the CSIDH group action. The key space is not useful with previous algorithms, and the algorithm is not useful with previous key spaces, but combining the new key space with the new algorithm produces speed records for constant-time CSIDH. For example, for CSIDH-512 with a 256-bit key space, the best previous constant-time results used 789000 multiplications and more than 200 million Skylake cycles; this paper uses 438006 multiplications and 125.53 million cycles.

Category / Keywords: implementation / post-quantum cryptography, non-interactive key exchange, small keys, isogeny-based cryptography, CSIDH, constant-time algorithms

Date: received 13 May 2021, last revised 26 May 2021

Contact author: gustavo at cryptme in, authorcontact-ctidh-djb at box cr yp to, campos at sopmac de, blueprint at crypto tw, tanja at hyperelliptic org, michael at random-oracles org, j s sotakova at uva nl

Available format(s): PDF | BibTeX Citation

Version: 20210526:062448 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]