Paper 2022/870
Supersingular Isogeny Diffie-Hellman with Legendre Form
Abstract
SIDH is a key exchange algorithm proposed by Jao and De Feo that is conjectured to be post-quantum secure. The majority of work based on an SIDH framework uses elliptic curves in Montgomery form; this includes the original work by Jao, De Feo and Plût and the sate of the art implementation of SIKE. Elliptic curves in twisted Edwards form have also been used due to their efficient elliptic curve arithmetic, and complete Edwards curves have been used for their benefit of providing added security against side channel attacks. As far as we know, elliptic curves in Legendre form have not yet been explored for isogeny-based cryptography. Legendre form has the benefit of a very simple defining equation, and the simplest possible representation of the 2-torsion subgroup. In this work, we develop a new framework for constructing $2^a$-isogenies in SIDH using elliptic curves in Legendre form, and in doing so optimize Legendre curve arithmetic and $2$-isogeny computations on Legendre curves by avoiding any square root computations. We also describe an open problem which if solved would skip the strategy traversal altogether in SIDH through the Legendre curve framework.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint.
- Keywords
- Post-quantum cryptography SIKE elliptic curves
- Contact author(s)
-
jakellio @ uwaterloo ca
aaronh @ latech edu - History
- 2022-07-04: approved
- 2022-07-03: received
- See all versions
- Short URL
- https://ia.cr/2022/870
- License
-
CC0
BibTeX
@misc{cryptoeprint:2022/870,
author = {Jesse Elliott and Aaron Hutchinson},
title = {Supersingular Isogeny Diffie-Hellman with Legendre Form},
howpublished = {Cryptology ePrint Archive, Paper 2022/870},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/870}},
url = {https://eprint.iacr.org/2022/870}
}
