Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH
Abstract The supersingular isogeny Diffie–Hellman key exchange protocol (SIDH) was introduced by Jao and De Feo in 2011. SIDH operates on supersingular elliptic curves defined over Fp2, where p is a large prime number of the form p=4eA3eB−1 and eA and eB are positive integers such that 4eA≈3eB. A va...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2021-09-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12027 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832558672277929984 |
|---|---|
| author | Daniel Cervantes‐Vázquez Eduardo Ochoa‐Jiménez Francisco Rodríguez‐Henríquez |
| author_facet | Daniel Cervantes‐Vázquez Eduardo Ochoa‐Jiménez Francisco Rodríguez‐Henríquez |
| author_sort | Daniel Cervantes‐Vázquez |
| collection | DOAJ |
| description | Abstract The supersingular isogeny Diffie–Hellman key exchange protocol (SIDH) was introduced by Jao and De Feo in 2011. SIDH operates on supersingular elliptic curves defined over Fp2, where p is a large prime number of the form p=4eA3eB−1 and eA and eB are positive integers such that 4eA≈3eB. A variant of the SIDH protocol, dubbed extended SIDH (eSIDH), is presented. The eSIDH makes use of primes of the form p=4eAℓBeBℓCeCf−1. Here ℓB and ℓC are two small prime numbers; f is a cofactor; and eA, eB, and eC are positive integers such that 4eA≈ℓBeBℓCeC. It is shown that for many relevant instantiations of the SIDH protocol, this new family of primes enjoys faster field arithmetic than the one associated with traditional SIDH primes. Furthermore, its richer opportunities for parallelism yield a noticeable speed‐up factor when implemented on multicore platforms. A supersingular isogeny key encapsulation (SIKE) instantiation using the prime eSIDH‐p765 yields an acceleration factor of 1.06, 1.15 and 1.14 over a SIKE instantiation with the prime SIKE‐p757 when implemented on k = {1, 2, 3}‐core processors. To the authors’ knowledge, this work reports the first multicore implementation of SIDH and SIKE. |
| format | Article |
| id | doaj-art-99244b68c8be43e48baace3435280a7b |
| institution | Kabale University |
| issn | 1751-8709 1751-8717 |
| language | English |
| publishDate | 2021-09-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-99244b68c8be43e48baace3435280a7b2025-02-03T01:31:55ZengWileyIET Information Security1751-87091751-87172021-09-0115536437410.1049/ise2.12027Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDHDaniel Cervantes‐Vázquez0Eduardo Ochoa‐Jiménez1Francisco Rodríguez‐Henríquez2Center for Research and Advanced Studies of the Center for Research and Advanced Studies of National Polytechnic Institute Computer Science Department Av. Instituto Politecnico Nacional 2508 Mexico City MexicoCenter for Research and Advanced Studies of the Center for Research and Advanced Studies of National Polytechnic Institute Computer Science Department Av. Instituto Politecnico Nacional 2508 Mexico City MexicoCenter for Research and Advanced Studies of the Center for Research and Advanced Studies of National Polytechnic Institute Computer Science Department Av. Instituto Politecnico Nacional 2508 Mexico City MexicoAbstract The supersingular isogeny Diffie–Hellman key exchange protocol (SIDH) was introduced by Jao and De Feo in 2011. SIDH operates on supersingular elliptic curves defined over Fp2, where p is a large prime number of the form p=4eA3eB−1 and eA and eB are positive integers such that 4eA≈3eB. A variant of the SIDH protocol, dubbed extended SIDH (eSIDH), is presented. The eSIDH makes use of primes of the form p=4eAℓBeBℓCeCf−1. Here ℓB and ℓC are two small prime numbers; f is a cofactor; and eA, eB, and eC are positive integers such that 4eA≈ℓBeBℓCeC. It is shown that for many relevant instantiations of the SIDH protocol, this new family of primes enjoys faster field arithmetic than the one associated with traditional SIDH primes. Furthermore, its richer opportunities for parallelism yield a noticeable speed‐up factor when implemented on multicore platforms. A supersingular isogeny key encapsulation (SIKE) instantiation using the prime eSIDH‐p765 yields an acceleration factor of 1.06, 1.15 and 1.14 over a SIKE instantiation with the prime SIKE‐p757 when implemented on k = {1, 2, 3}‐core processors. To the authors’ knowledge, this work reports the first multicore implementation of SIDH and SIKE.https://doi.org/10.1049/ise2.12027cryptographic protocolspublic key cryptography |
| spellingShingle | Daniel Cervantes‐Vázquez Eduardo Ochoa‐Jiménez Francisco Rodríguez‐Henríquez Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH IET Information Security cryptographic protocols public key cryptography |
| title | Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH |
| title_full | Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH |
| title_fullStr | Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH |
| title_full_unstemmed | Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH |
| title_short | Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH |
| title_sort | extended supersingular isogeny diffie hellman key exchange protocol revenge of the sidh |
| topic | cryptographic protocols public key cryptography |
| url | https://doi.org/10.1049/ise2.12027 |
| work_keys_str_mv | AT danielcervantesvazquez extendedsupersingularisogenydiffiehellmankeyexchangeprotocolrevengeofthesidh AT eduardoochoajimenez extendedsupersingularisogenydiffiehellmankeyexchangeprotocolrevengeofthesidh AT franciscorodriguezhenriquez extendedsupersingularisogenydiffiehellmankeyexchangeprotocolrevengeofthesidh |