Efficient supersingularity testing over $\mathbb{F}_p$ and CSIDH key validation

Gustavo Banegas; Valerie Gilchrist; Benjamin Smith

Paper 2022/880

Efficient supersingularity testing over $\mathbb{F}_p$ and CSIDH key validation

Gustavo Banegas, Inria and Laboratoire d’Informatique de l’Ecole polytechnique, Institut Polytechnique de Paris, Palaiseau, France

Valerie Gilchrist, University of Waterloo, Canada, Inria and Laboratoire d’Informatique de l’Ecole polytechnique, Institut Polytechnique de Paris, Palaiseau, France

Benjamin Smith, Inria and Laboratoire d’Informatique de l’Ecole polytechnique, Institut Polytechnique de Paris, Palaiseau, France

Abstract

Many public-key cryptographic protocols, notably non-interactive key exchange (NIKE), require incoming public keys to be validated to mitigate some adaptive attacks. In CSIDH, an isogeny-based post-quantum NIKE, a key is deemed legitimate if the given Montgomery coefficient specifies a supersingular elliptic curve over the prime field. In this work, we survey the current supersingularity tests used for CSIDH key validation, and implement and measure two new alternative algorithms. Our implementation shows that we can determine supersingularity substantially faster, and using less memory, than the state-of-the-art.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Published elsewhere. Mathcrypt 2022
Keywords: Isogenies Key validation Supersingularity Elliptic Curves
Contact author(s): gustavo @ cryptme in
vgilchrist @ uwaterloo ca
smith @ lix polytechnique fr
History: 2022-07-26: revised; 2022-07-05: received; See all versions
Short URL: https://ia.cr/2022/880
License: CC BY

BibTeX

@misc{cryptoeprint:2022/880,
      author = {Gustavo Banegas and Valerie Gilchrist and Benjamin Smith},
      title = {Efficient supersingularity testing over $\mathbb{F}_p$ and {CSIDH} key validation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/880},
      year = {2022},
      url = {https://eprint.iacr.org/2022/880}
}