Abstract
Recent independent analyses by Bonnetain–Schrottenloher and Peikert in Eurocrypt 2020 significantly reduced the estimated quantum security of the isogeny-based commutative group action key-exchange protocol CSIDH. This paper refines the estimates of a resource-constrained quantum collimation sieve attack to give a precise quantum security to CSIDH. Furthermore, we optimize large CSIDH parameters for performance while still achieving the NIST security levels 1, 2, and 3. Finally, we provide a C-code constant-time implementation of those CSIDH large instantiations using the square-root-complexity Vélu’s formulas recently proposed by Bernstein, De Feo, Leroux and Smith.
Original language | English |
---|---|
Journal | JOURNAL OF CRYPTOGRAPHIC ENGINEERING |
Volume | 12 |
Issue number | 3 |
Early online date | 31 Aug 2021 |
DOIs | |
Publication status | Published - 2022 |
Publication type | A1 Journal article-refereed |
Keywords
- Isogeny-based cryptography
- Post-quantum cryptography
- Quantum cryptanalysis
- [Constant time implementations]
- [Finite field arithmetic]
Publication forum classification
- Publication forum level 1
ASJC Scopus subject areas
- Software
- Computer Networks and Communications