Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH
Abstract The supersingular isogeny Diffie–Hellman key exchange protocol (SIDH) was introduced by Jao and De Feo in 2011. SIDH operates on supersingular elliptic curves defined over Fp2, where p is a large prime number of the form p=4eA3eB−1 and eA and eB are positive integers such that 4eA≈3eB. A va...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2021-09-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12027 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Abstract The supersingular isogeny Diffie–Hellman key exchange protocol (SIDH) was introduced by Jao and De Feo in 2011. SIDH operates on supersingular elliptic curves defined over Fp2, where p is a large prime number of the form p=4eA3eB−1 and eA and eB are positive integers such that 4eA≈3eB. A variant of the SIDH protocol, dubbed extended SIDH (eSIDH), is presented. The eSIDH makes use of primes of the form p=4eAℓBeBℓCeCf−1. Here ℓB and ℓC are two small prime numbers; f is a cofactor; and eA, eB, and eC are positive integers such that 4eA≈ℓBeBℓCeC. It is shown that for many relevant instantiations of the SIDH protocol, this new family of primes enjoys faster field arithmetic than the one associated with traditional SIDH primes. Furthermore, its richer opportunities for parallelism yield a noticeable speed‐up factor when implemented on multicore platforms. A supersingular isogeny key encapsulation (SIKE) instantiation using the prime eSIDH‐p765 yields an acceleration factor of 1.06, 1.15 and 1.14 over a SIKE instantiation with the prime SIKE‐p757 when implemented on k = {1, 2, 3}‐core processors. To the authors’ knowledge, this work reports the first multicore implementation of SIDH and SIKE. |
|---|---|
| ISSN: | 1751-8709 1751-8717 |