Supersingular Isogeny Diffie-Hellman with Legendre Form

Abstract

SIDH is a key exchange algorithm proposed by Jao and De Feo that is conjectured to be post-quantum secure. The majority of work based on an SIDH framework uses elliptic curves in Montgomery form; this includes the original work by Jao, De Feo and Plût and the sate of the art implementation of SIKE. Elliptic curves in twisted Edwards form have also been used due to their efficient elliptic curve arithmetic, and complete Edwards curves have been used for their benefit of providing added security against side channel attacks. As far as we know, elliptic curves in Legendre form have not yet been explored for isogeny-based cryptography. Legendre form has the benefit of a very simple defining equation, and the simplest possible representation of the 2-torsion subgroup. In this work, we develop a new framework for constructing $2^a$-isogenies in SIDH using elliptic curves in Legendre form, and in doing so optimize Legendre curve arithmetic and $2$-isogeny computations on Legendre curves by avoiding any square root computations. We also describe an open problem which if solved would skip the strategy traversal altogether in SIDH through the Legendre curve framework.

Available format(s)
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Post-quantum cryptography SIKE elliptic curves
Contact author(s)
jakellio @ uwaterloo ca
aaronh @ latech edu
History
2022-07-04: approved
See all versions
Short URL
https://ia.cr/2022/870

CC0

BibTeX

@misc{cryptoeprint:2022/870,
author = {Jesse Elliott and Aaron Hutchinson},
title = {Supersingular Isogeny Diffie-Hellman with Legendre Form},
howpublished = {Cryptology ePrint Archive, Paper 2022/870},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/870}},
url = {https://eprint.iacr.org/2022/870}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.