Paper 2023/660

FESTA: Fast Encryption from Supersingular Torsion Attacks

Andrea Basso, University of Bristol
Luciano Maino, University of Bristol
Giacomo Pope, University of Bristol, NCC Group

We introduce FESTA, an efficient isogeny-based public-key encryption (PKE) protocol based on a constructive application of the SIDH attacks. At its core, FESTA is based on a novel trapdoor function, which uses an improved version of the techniques proposed in the SIDH attacks to develop a trapdoor mechanism. Using standard transformations, we construct an efficient PKE that is IND-CCA secure in the QROM. Additionally, using a different transformation, we obtain the first isogeny-based PKE that is IND-CCA secure in the standard model. Lastly, we propose a method to efficiently find parameters for FESTA, and we develop a proof-of-concept implementation of the protocol. We expect FESTA to offer practical performance that is competitive with existing isogeny-based constructions.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2023
IsogeniesPublic-key EncryptionTrapdoor function
Contact author(s)
andrea basso @ bristol ac uk
luciano maino @ bristol ac uk
giacomo pope @ nccgroup com
2023-09-21: revised
2023-05-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Andrea Basso and Luciano Maino and Giacomo Pope},
      title = {FESTA: Fast Encryption from Supersingular Torsion Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2023/660},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.