CSIDH is a post-quantum key-exchange scheme based on the action of ideal class groups on supersingular elliptic curves over prime fields. Its short keys and ciphertexts, together with its flexibility as a building block to construct complex cryptographic primitives, has motivated significant research on the efficiency of CSIDH and its resistance against side-channel attacks. In this work, some cutting-edge results from recent contributions are reviewed in a unified treatment, focusing on the mathematical ideas lying behind them rather than on cryptographic and low-level implementation techniques. In particular, we first describe ways to speed up the class-group-action evaluation, which range from the use of different models of elliptic curves to working with different ideal class groups. We then survey some constant-time variants of CSIDH, that make the time and memory consumption during the computation of a public/shared key independent of the secret key. Finally, we examine the computation of the ideal class action when the structure of the ideal class group is known, which is the case for a specific set of CSIDH parameters.
A review of mathematical and computational aspects of CSIDH algorithms / Maino, Luciano; Mula, Marzio; Pintore, Federico. - In: JOURNAL OF ALGEBRA AND ITS APPLICATIONS. - ISSN 0219-4988. - 2024, 23:7(2024), pp. 253000201-253000236. [10.1142/s0219498825300028]
A review of mathematical and computational aspects of CSIDH algorithms
Mula, Marzio;Pintore, Federico
2024-01-01
Abstract
CSIDH is a post-quantum key-exchange scheme based on the action of ideal class groups on supersingular elliptic curves over prime fields. Its short keys and ciphertexts, together with its flexibility as a building block to construct complex cryptographic primitives, has motivated significant research on the efficiency of CSIDH and its resistance against side-channel attacks. In this work, some cutting-edge results from recent contributions are reviewed in a unified treatment, focusing on the mathematical ideas lying behind them rather than on cryptographic and low-level implementation techniques. In particular, we first describe ways to speed up the class-group-action evaluation, which range from the use of different models of elliptic curves to working with different ideal class groups. We then survey some constant-time variants of CSIDH, that make the time and memory consumption during the computation of a public/shared key independent of the secret key. Finally, we examine the computation of the ideal class action when the structure of the ideal class group is known, which is the case for a specific set of CSIDH parameters.| File | Dimensione | Formato | |
|---|---|---|---|
|
a-review-of-mathematical-and-computational-aspects-of-csidh-algorithms.pdf
accesso aperto
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
535.15 kB
Formato
Adobe PDF
|
535.15 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
