The SQALE of CSIDH: sublinear Vélu quantum-resistant isogeny action with low exponents

Jorge Chávez-Saab, Jesús Javier Chi-Domínguez, Samuel Jaques, Francisco Rodríguez-Henríquez

Research output: Contribution to journalArticleScientificpeer-review

10 Downloads (Pure)


Recent independent analyses by Bonnetain–Schrottenloher and Peikert in Eurocrypt 2020 significantly reduced the estimated quantum security of the isogeny-based commutative group action key-exchange protocol CSIDH. This paper refines the estimates of a resource-constrained quantum collimation sieve attack to give a precise quantum security to CSIDH. Furthermore, we optimize large CSIDH parameters for performance while still achieving the NIST security levels 1, 2, and 3. Finally, we provide a C-code constant-time implementation of those CSIDH large instantiations using the square-root-complexity Vélu’s formulas recently proposed by Bernstein, De Feo, Leroux and Smith.

Original languageEnglish
Issue number3
Early online date31 Aug 2021
Publication statusPublished - 2022
Publication typeA1 Journal article-refereed


  • Isogeny-based cryptography
  • Post-quantum cryptography
  • Quantum cryptanalysis
  • [Constant time implementations]
  • [Finite field arithmetic]

Publication forum classification

  • Publication forum level 1

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'The SQALE of CSIDH: sublinear Vélu quantum-resistant isogeny action with low exponents'. Together they form a unique fingerprint.

Cite this