Paper 2023/793

Optimizations and Practicality of High-Security CSIDH

Fabio Campos, RheinMain University of Applied Sciences, Radboud University Nijmegen
Jorge Chavez-Saab, CINVESTAV-IPN, Technology Innovation Institute
Jesús-Javier Chi-Domínguez, Technology Innovation Institute
Michael Meyer, University of Regensburg
Krijn Reijnders, Radboud University Nijmegen
Francisco Rodríguez-Henríquez, CINVESTAV-IPN, Technology Innovation Institute
Peter Schwabe, Max Planck Institute for Security and Privacy, Radboud University Nijmegen
Thom Wiggers, PQShield

In this work, we assess the real-world practicality of CSIDH, an isogeny-based non-interactive key exchange. We provide the first thorough assessment of the practicality of CSIDH in higher parameter sizes for conservative estimates of quantum security, and with protection against physical attacks. This requires a three-fold analysis of CSIDH. First, we describe two approaches to efficient high-security CSIDH implementations, based on SQALE and CTIDH. Second, we optimize such high-security implementations, on a high level by improving several subroutines, and on a low level by improving the finite field arithmetic. Third, we benchmark the performance of high-security CSIDH. As a stand-alone primitive, our implementations outperform previous results by a factor up to 2.53×. As a real-world use case considering network protocols, we use CSIDH in TLS variants that allow early authentication through a NIKE. Although our instantiations of CSIDH have smaller communication requirements than post-quantum KEM and signature schemes, even our highly-optimized implementations result in too-large handshake latency (tens of seconds), showing that CSIDH is only practical in niche cases.

Note: Revised edition

Available format(s)
Public-key cryptography
Publication info
post-quantum cryptographyisogeniesCSIDHTLS
Contact author(s)
campos @ sopmac de
jorge saab @ tii ae
jesus dominguez @ tii ae
michael @ random-oracles org
krijn @ cs ru nl
francisco rodriguez @ tii ae
peter @ cryptojedi org
thom @ thomwiggers nl
2023-10-24: revised
2023-05-30: received
See all versions
Short URL
No rights reserved


      author = {Fabio Campos and Jorge Chavez-Saab and Jesús-Javier Chi-Domínguez and Michael Meyer and Krijn Reijnders and Francisco Rodríguez-Henríquez and Peter Schwabe and Thom Wiggers},
      title = {Optimizations and Practicality of High-Security CSIDH},
      howpublished = {Cryptology ePrint Archive, Paper 2023/793},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.