Efficient algorithm to compute odd-degree isogenies between Montgomery curves for CSIDH

Kenta Kodera, Chen Mou Cheng, Atsuko Miyaji

Research output: Contribution to journalJournal Article peer-review

Abstract

Isogeny-based cryptography, such as commutative supersingular isogeny Diffie-Hellman (CSIDH), have been shown to be promising candidates for post-quantum cryptography. However, their speeds have remained unremarkable. This study focuses on computing odd-degree isogeny between Montgomery curves, which is a dominant computation in CSIDH. Our proposed “2-ADD-Skip method” technique reduces the required number of points to be computed during isogeny computation. A novel algorithm for isogeny computation is also proposed to efficiently utilize the 2-ADD-Skip method. Our proposed algorithm with the optimized parameter reduces computational cost by approximately 12% compared with the algorithm proposed by Meyer and Reith. Further, individual experiments for each degree of isogeny show that the proposed algorithm is the fastest for 19 ≤ ≤ 373 among previous studies focusing on isogeny computation including the Õ(√) algorithm proposed by Bernstein et al. The experimental results also show that the proposed algorithm achieves the fastest on CSIDH-512. For CSIDH-1024, the proposed algorithm is faster than the algorithm by Meyer and Reith although it is slower than the algorithm by Bernstein et al.

Original languageEnglish
Pages (from-to)1245-1254
Number of pages10
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE104A
Issue number9
DOIs
StatePublished - 2021
Externally publishedYes

Bibliographical note

Publisher Copyright:
Copyright © 2021 The Institute of Electronics, Information and Communication Engineers

Keywords

  • Isogeny
  • Montgomery curves
  • Post-quantum cryptography

Fingerprint

Dive into the research topics of 'Efficient algorithm to compute odd-degree isogenies between Montgomery curves for CSIDH'. Together they form a unique fingerprint.

Cite this