Recently, SIDH was broken by a series of attacks. To avoid the attacks, several new countermeasures, such as M-SIDH and binSIDH, have been developed. Different from SIDH, the new SIDH-like schemes have relatively large public key sizes. Besides, the orders of the torsion groups considered in new SIDH-like schemes are the products of many prime factors. Therefore, the key compression techniques in SIDH can not be directly applied to these schemes. It remains an open problem to compress the public key in new SIDH-like schemes. This paper takes M-SIDH as an instance to explore how to compress the public key in new SIDH-like schemes efficiently. We propose compressed M-SIDH, which is reminiscent of compressed SIDH. We also show that our approach to compress the public key of M-SIDH is valid and prove that compressed M-SIDH is secure as long as M-SIDH is secure. In addition, new algorithms to accelerate the performance of public-key compression in M-SIDH are presented in this paper. We provide a proof-of-concept implementation of compressed M-SIDH in SageMath. Experimental results show that our approach fits well with compressed M-SIDH. The techniques proposed in this work also benefit public-key compression in other SIDH-like protocols, such as binSIDH and terSIDH. Besides, our method for torsion basis generation has the potential to improve the performance of SQALE and dCSIDH.

最近，SIDH因一系列攻击而被攻破。为了避免这些攻击，已经开发了几种新的对策，例如 M-SIDH 和 binSIDH。与SIDH不同，新的类SIDH方案具有相对较大的公钥大小。此外，新的类SIDH方案中考虑的挠群阶数是许多素因子的乘积。因此，SIDH中的密钥压缩技术不能直接应用于这些方案。在新的类似 SIDH 方案中压缩公钥仍然是一个悬而未决的问题。本文以M-SIDH为例，探讨如何在新的类SIDH方案中有效地压缩公钥。我们提出压缩的 M-SIDH，这让人想起压缩的 SIDH。我们还证明了我们压缩 M-SIDH 公钥的方法是有效的，并证明只要 M-SIDH 是安全的，压缩的 M-SIDH 就是安全的。此外，本文还提出了加速 M-SIDH 中公钥压缩性能的新算法。我们在 SageMath 中提供了压缩 M-SIDH 的概念验证实现。实验结果表明我们的方法非常适合压缩的 M-SIDH。这项工作中提出的技术也有利于其他类似 SIDH 的协议（例如 binSIDH 和 terSIDH）中的公钥压缩。此外，我们的扭转基生成方法有可能提高 SQALE 和 dCSIDH 的性能。