A review of mathematical and computational aspects of CSIDH algorithms

CSIDH is a post-quantum key-exchange scheme based on the action of ideal class groups on supersingular elliptic curves over prime fields. Its short keys and ciphertexts, together with its flexibility as a building block to construct complex cryptographic primitives, has motivated significant research on the efficiency of CSIDH and its resistance against side-channel attacks. In this work, some cutting-edge results from recent contributions are reviewed in a unified treatment, focusing on the mathematical ideas lying behind them rather than on cryptographic and low-level implementation techniques. In particular, we first describe ways to speed up the class-group-action evaluation, which range from the use of different models of elliptic curves to working with different ideal class groups. We then survey some constant-time variants of CSIDH, that make the time and memory consumption during the computation of a public/shared key independent of the secret key. Finally, we examine the computation of the ideal class action when the structure of the ideal class group is known, which is the case for a specific set of CSIDH parameters.