Supersingular isogeny key exchange for beginners

  title={Supersingular isogeny key exchange for beginners},
  author={Craig Costello},
  journal={IACR Cryptol. ePrint Arch.},
  • Craig Costello
  • Published 12 August 2019
  • Mathematics, Computer Science
  • IACR Cryptol. ePrint Arch.
This is an informal tutorial on the supersingular isogeny Diffie-Hellman protocol aimed at non-isogenists. 

An Alternative Approach for SIDH Arithmetic

New algorithms for the arithmetic layers of supersingular isogeny Di-Hellman are presented; one of the NIST post-quantum standardization pro-cess candidates; this approach uses a polynomial representation of the elements together with mechanisms to keep the coefficients within bounds during the arithmetic operations.


For a nonsingular projective curve C of genus 3 defined over an algebraically closed field of characteristic p 6= 2, we give a necessary and sufficient condition that the Jacobian variety J(C) has a

Post Quantum Cryptography(PQC) - An overview: (Invited Paper)

  • M. KumarP. Pattnaik
  • Computer Science, Mathematics
    2020 IEEE High Performance Extreme Computing Conference (HPEC)
  • 2020
Three Post Quantum Cryptography algorithms for key establishment, Crystals- Kyber, Classic McEliece and Supersingular Isogeny based Key Encapsulation, are representatives of the three classes of hard problems underlying the security of almost all 69 candidate algorithms accepted by NIST for consideration in round 1 of evaluation.

Diffie-Hellman Instantiations in Pre- and Post- Quantum World: A Review Paper

  • Ali RayaK. Mariyappn
  • Computer Science, Mathematics
    2020 Fifth International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN)
  • 2020
The steps of establishing the shared key in each instantiation of Diffie-Hellman protocol will be shown, security analysis will be discussed for the different implementations in both pre- and post-quantum world, and a brief comparison of the three instantiations will be drawn.

Batching CSIDH Group Actions using AVX-512

This paper explores how the AVX-512 vector extensions can be utilized to optimize constant-time evaluation of the CSIDH-512 class group action with the goal of maximizing throughput and minimizing latency and introduces different approaches for batching group actions and computing them in SIMD fashion on modern Intel processors.

Task-based Parallelization Approach for Attacking the Supersingular Isogeny Path Problem

This paper proposes parallelization techniques using OpenMP tasking to accelerate the compute-intensive isogeny tree generation, an important and time-consuming building block in the two generic algorithms for attacking the SSI path problem.

Cryptoanalysis of a Post-quantum Cryptography Algorithm

A unified security analysis of some of the second round candidates in the NIST standardization project is provided, which concludes that the security estimates claimed by the candidates are correct.

SIKE Channels

This work presents new side-channel attacks on SIKE, the isogeny-based candidate in the NIST PQC competition, and describes and describes in the lab two such attacks leading to full key recovery, and analyzes their countermeasures.

Intuitive Understanding of Quantum Computation and Post-Quantum Cryptography

This article shares with you my notes with the hope that you will have an intuitive understanding of the beautiful and mind-blowing quantum algorithms and post-quantum cryptography.



Computational problems in supersingular elliptic curve isogenies

An overview of supersingular isogeny cryptography and how it fits into the broad theme of post-quantum public-key crypto is presented and the relationships between them are explained in a way that is accessible to experts in quantum algorithms.

Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

A new zero-knowledge identification scheme and detailed security proofs for the protocols, and a new, asymptotically faster, algorithm for key generation, a thorough study of its optimization, and new experimental data are presented.

On the Security of Supersingular Isogeny Cryptosystems

This work gives a very powerful active attack on the supersingular isogeny encryption scheme, and shows that the security of all schemes of this type depends on the difficulty of computing the endomorphism ring of asupersingular elliptic curve.

Improved Classical Cryptanalysis of the Computational Supersingular Isogeny Problem

A number of novel improvements are presented, both to practical instantiations of the generic vOW algorithm and to its instantiation in the context of SIKE, that culminate in an improved classical cryptanalysis of CSSI.

Quantum cryptanalysis in the RAM model: Claw-finding attacks on SIKE

These models of computation that enable direct comparisons between classical and quantum algorithms are introduced and the relevance of these models to cryptanalysis is demonstrated by revisiting, and increasing, the security estimates for the Supersingular Isogeny Diffie–Hellman (SIDH) and Superserpine Key Encapsulation (SIKE) schemes.

On the cost of computing isogenies between supersingular elliptic curves

The van Oorschot-Wiener golden collision finding algorithm has a lower cost (but higher running time) for solving CSSI, and thus should be used instead of the meet-in-the-middle attack to assess the security of SIDH against classical attacks.

Pre- and post-quantum Diffie-Hellman from groups, actions, and isogenies

Pre- and post-quantum Diffie–Hellman schemes resemble each other at the highest level, but the further down you dive, the more differences emerge—differences that are critical when the authors use Diffie-Hellman as a basic component in more complicated constructions.

Mathematics of Isogeny Based Cryptography

  • L. D. Feo
  • Computer Science, Mathematics
  • 2017
These lectures notes were written for a summer school on Mathematics for post-quantum cryptography in Thi\`es, Senegal. They try to provide a guide for Masters' students to get through the vast

Parallel Collision Search with Cryptanalytic Applications

The new technique greatly extends the reach of practical attacks, providing the most cost-effective means known to date for defeating: the small subgroup used in certain schemes based on discrete logarithms such as Schnorr, DSA, and elliptic curve cryptosystems; hash functions; and double encryption and three-key triple encryption.

The Arithmetic of Elliptic Curves

This research focuses on 9 specific elliptic curves E over Q, each with complex multiplication by the maximal order in an imaginary quadratic field, defined by the generators ω1, ω2 ∈ C of the period lattice.