# Supersingular isogeny key exchange for beginners

@article{Costello2019SupersingularIK, title={Supersingular isogeny key exchange for beginners}, author={Craig Costello}, journal={IACR Cryptol. ePrint Arch.}, year={2019}, volume={2019}, pages={1321} }

This is an informal tutorial on the supersingular isogeny Diffie-Hellman protocol aimed at non-isogenists.

## 14 Citations

### An Alternative Approach for SIDH Arithmetic

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

New algorithms for the arithmetic layers of supersingular isogeny Di-Hellman are presented; one of the NIST post-quantum standardization pro-cess candidates; this approach uses a polynomial representation of the elements together with mechanisms to keep the coeﬃcients within bounds during the arithmetic operations.

### ON DECOMPOSED RICHELOT ISOGENIES OF CURVES OF GENUS 3

- Mathematics
- 2021

For a nonsingular projective curve C of genus 3 defined over an algebraically closed field of characteristic p 6= 2, we give a necessary and sufficient condition that the Jacobian variety J(C) has a…

### Post Quantum Cryptography(PQC) - An overview: (Invited Paper)

- Computer Science, Mathematics2020 IEEE High Performance Extreme Computing Conference (HPEC)
- 2020

Three Post Quantum Cryptography algorithms for key establishment, Crystals- Kyber, Classic McEliece and Supersingular Isogeny based Key Encapsulation, are representatives of the three classes of hard problems underlying the security of almost all 69 candidate algorithms accepted by NIST for consideration in round 1 of evaluation.

### Diffie-Hellman Instantiations in Pre- and Post- Quantum World: A Review Paper

- Computer Science, Mathematics2020 Fifth International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN)
- 2020

The steps of establishing the shared key in each instantiation of Diffie-Hellman protocol will be shown, security analysis will be discussed for the different implementations in both pre- and post-quantum world, and a brief comparison of the three instantiations will be drawn.

### Decomposed Richelot isogenies of Jacobian varieties of curves of genus 3

- MathematicsJournal of Algebra
- 2021

### Batching CSIDH Group Actions using AVX-512

- Computer Science, MathematicsIACR Trans. Cryptogr. Hardw. Embed. Syst.
- 2021

This paper explores how the AVX-512 vector extensions can be utilized to optimize constant-time evaluation of the CSIDH-512 class group action with the goal of maximizing throughput and minimizing latency and introduces different approaches for batching group actions and computing them in SIMD fashion on modern Intel processors.

### Task-based Parallelization Approach for Attacking the Supersingular Isogeny Path Problem

- Computer Science2023 Australasian Computer Science Week
- 2023

This paper proposes parallelization techniques using OpenMP tasking to accelerate the compute-intensive isogeny tree generation, an important and time-consuming building block in the two generic algorithms for attacking the SSI path problem.

### Cryptoanalysis of a Post-quantum Cryptography Algorithm

- Computer Science, Mathematics
- 2020

A unified security analysis of some of the second round candidates in the NIST standardization project is provided, which concludes that the security estimates claimed by the candidates are correct.

### SIKE Channels

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2022

This work presents new side-channel attacks on SIKE, the isogeny-based candidate in the NIST PQC competition, and describes and describes in the lab two such attacks leading to full key recovery, and analyzes their countermeasures.

### Intuitive Understanding of Quantum Computation and Post-Quantum Cryptography

- Computer Science, MathematicsArXiv
- 2020

This article shares with you my notes with the hope that you will have an intuitive understanding of the beautiful and mind-blowing quantum algorithms and post-quantum cryptography.

## References

SHOWING 1-10 OF 19 REFERENCES

### Computational problems in supersingular elliptic curve isogenies

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

An overview of supersingular isogeny cryptography and how it fits into the broad theme of post-quantum public-key crypto is presented and the relationships between them are explained in a way that is accessible to experts in quantum algorithms.

### Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

- Computer Science, MathematicsJ. Math. Cryptol.
- 2011

A new zero-knowledge identification scheme and detailed security proofs for the protocols, and a new, asymptotically faster, algorithm for key generation, a thorough study of its optimization, and new experimental data are presented.

### On the Security of Supersingular Isogeny Cryptosystems

- Computer Science, MathematicsASIACRYPT
- 2016

This work gives a very powerful active attack on the supersingular isogeny encryption scheme, and shows that the security of all schemes of this type depends on the difficulty of computing the endomorphism ring of asupersingular elliptic curve.

### Improved Classical Cryptanalysis of the Computational Supersingular Isogeny Problem

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

A number of novel improvements are presented, both to practical instantiations of the generic vOW algorithm and to its instantiation in the context of SIKE, that culminate in an improved classical cryptanalysis of CSSI.

### Quantum cryptanalysis in the RAM model: Claw-finding attacks on SIKE

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

These models of computation that enable direct comparisons between classical and quantum algorithms are introduced and the relevance of these models to cryptanalysis is demonstrated by revisiting, and increasing, the security estimates for the Supersingular Isogeny Diffie–Hellman (SIDH) and Superserpine Key Encapsulation (SIKE) schemes.

### On the cost of computing isogenies between supersingular elliptic curves

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

The van Oorschot-Wiener golden collision finding algorithm has a lower cost (but higher running time) for solving CSSI, and thus should be used instead of the meet-in-the-middle attack to assess the security of SIDH against classical attacks.

### Pre- and post-quantum Diffie-Hellman from groups, actions, and isogenies

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

Pre- and post-quantum Diffie–Hellman schemes resemble each other at the highest level, but the further down you dive, the more differences emerge—differences that are critical when the authors use Diffie-Hellman as a basic component in more complicated constructions.

### Mathematics of Isogeny Based Cryptography

- Computer Science, MathematicsArXiv
- 2017

These lectures notes were written for a summer school on Mathematics for post-quantum cryptography in Thi\`es, Senegal. They try to provide a guide for Masters' students to get through the vast…

### Parallel Collision Search with Cryptanalytic Applications

- Computer Science, MathematicsJournal of Cryptology
- 2013

The new technique greatly extends the reach of practical attacks, providing the most cost-effective means known to date for defeating: the small subgroup used in certain schemes based on discrete logarithms such as Schnorr, DSA, and elliptic curve cryptosystems; hash functions; and double encryption and three-key triple encryption.

### The Arithmetic of Elliptic Curves

- Computer ScienceElliptic Curves
- 2020

This research focuses on 9 specific elliptic curves E over Q, each with complex multiplication by the maximal order in an imaginary quadratic field, defined by the generators ω1, ω2 ∈ C of the period lattice.