Skip to main content
SpringerLink
Log in

Compressed M-SIDH: an instance of compressed SIDH-like schemes with isogenies of highly composite degrees

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Recently, SIDH was broken by a series of attacks. To avoid the attacks, several new countermeasures, such as M-SIDH and binSIDH, have been developed. Different from SIDH, the new SIDH-like schemes have relatively large public key sizes. Besides, the orders of the torsion groups considered in new SIDH-like schemes are the products of many prime factors. Therefore, the key compression techniques in SIDH can not be directly applied to these schemes. It remains an open problem to compress the public key in new SIDH-like schemes. This paper takes M-SIDH as an instance to explore how to compress the public key in new SIDH-like schemes efficiently. We propose compressed M-SIDH, which is reminiscent of compressed SIDH. We also show that our approach to compress the public key of M-SIDH is valid and prove that compressed M-SIDH is secure as long as M-SIDH is secure. In addition, new algorithms to accelerate the performance of public-key compression in M-SIDH are presented in this paper. We provide a proof-of-concept implementation of compressed M-SIDH in SageMath. Experimental results show that our approach fits well with compressed M-SIDH. The techniques proposed in this work also benefit public-key compression in other SIDH-like protocols, such as binSIDH and terSIDH. Besides, our method for torsion basis generation has the potential to improve the performance of SQALE and dCSIDH.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Algorithm 1
Algorithm 2
Algorithm 3
Algorithm 4
Algorithm 5
Algorithm 6
Algorithm 7
Algorithm 8
Algorithm 9

Similar content being viewed by others

Notes

  1. Indeed, the techniques proposed in this subsection also works when the elliptic curve is defined over \(\mathbb {F}_{q^2}\), where q is a prime power.

  2. https://velusqrt.isogeny.org/.

References

  1. Adj G., Chi-Domínguez J.-J., Rodríguez-Henríquez F.: Karatsuba-based square-root Vélu’s formulas applied to two isogeny-based protocols. Journal of Cryptographic Engineering 13(4), 1–18 (2022).

    Google Scholar 

  2. Azarderakhsh R., Campagna M., Costello C., De Feo L., Hess B., Hutchinson A., Jalali A., Jao D., Karabina K., Koziel B., LaMacchia B., Longa P., Naehrig M., Pereira G., Renes J., Soukharev V., Urbanik D.: Supersingular isogeny key encapsulation (2020). http://sike.org.

  3. Azarderakhsh R., Jao D., Kalach K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, pp. 1–10 (2016).

  4. Basso A., Codogni G., Connolly D., De Feo L., Boris-Fouotsa T., Maria-Lido G., Morrison T., Panny L., Patranabis S., Wesolowski B.: Supersingular curves you can trust. In: Hazay C., Stam M. (eds.) Advances in Cryptology-EUROCRYPT 2023, pp. 405–437. Springer, Cham (2023).

    Chapter  Google Scholar 

  5. Basso A., Fouotsa T.B.: New SIDH countermeasures for a more efficient key exchange. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology–ASIACRYPT 2023. pp. 208–233. Springer, Singapore (2023).

  6. Bernstein Daniel, Feo Luca, Leroux Antonin, Smith Benjamin: Faster computation of isogenies of large prime degree. Open Book Series 4, 39–55 (2020).

    Article  MathSciNet  Google Scholar 

  7. Bernstein D.J., Hamburg M., Krasnova A., Lange T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 967–980 (2013).

  8. Campos F., Chavez-Saab J., Chi-Domínguez J.-J., Meyer, M., Reijnders K., Rodríguez-Henríquez F., Schwabe P., Wiggers T.: On the practicality of post-quantum TLS using large-parameter CSIDH. Cryptology ePrint Archive Paper 2023/793 (2023).

  9. Castryck W., Decru T.: An efficient key recovery attack on SIDH. In: Hazay C., Stam M. (eds.) Advances in Cryptology–EUROCRYPT 2023, pp. 423–447. Springer, Cham (2023).

    Chapter  Google Scholar 

  10. Castryck W., Lange T., Martindale C., Panny L., Renes J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin T., Galbraith S. (eds.) Advances in Cryptology–ASIACRYPT 2018, pp. 395–427. Springer, Cham (2018).

    Chapter  Google Scholar 

  11. Castryck W., Vercauteren F.: A polynomial-time attack on instances of M-SIDH and FESTA. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology–ASIACRYPT 2023. pp. 127–156. Springer, Singapore (2023).

  12. Chávez-Saab J., Chi-Domínguez J.-J., Jaques S., Rodríguez-Henríquez F.: The SQALE of CSIDH: sublinear Vélu quantum-resistant isogeny action with low exponents. J. Cryptogr. Eng. 12(3), 349–368 (2022).

    Article  Google Scholar 

  13. Chi-Domínguez J.-J., Rodríguez-Henríquez F.: Optimal strategies for CSIDH. Adv. Math. Commun. 16(2), 383–411 (2022).

    Article  MathSciNet  Google Scholar 

  14. Costello C.: B-SIDH: Supersingular isogeny Diffie-Hellman using twisted torsion. In: Moriai S., Wang H. (eds.) Advances in Cryptology—ASIACRYPT 2020, pp. 440–463 (2020). Springer, Cham (2020).

  15. Craig C., Jao D., Longa P., Naehrig M., Renes J., Urbanik D.: Efficient compression of SIDH public keys. In: Coron J.-S., Nielsen J.B. (eds.) Advances in Cryptology–EUROCRYPT 2017, pp. 679–706. Springer, Cham (2017).

    Google Scholar 

  16. Crandall R.E., Pomerance C.: Prime Numbers: A Computational Perspective, 2nd edn Springer, New York (2005).

    Google Scholar 

  17. De Feo L., de Saint Guilhem C.D., Fouotsa T.B., Kutas P., Leroux A., Petit C., Silva J., Wesolowski B.: Séta: Supersingular encryption from torsion attacks. In: Tibouchi M., Wang H. (eds.) Advances in Cryptology–ASIACRYPT 2021, pp. 249–278. Springer, Cham (2021).

    Chapter  Google Scholar 

  18. De Feo L., Dobson S., Galbraith S.D., Zobernig L.: SIDH proof of knowledge. In: Agrawal S., Lin D. (eds.) Advances in Cryptology–ASIACRYPT 2022, pp. 310–339. Springer, Cham (2022).

    Chapter  Google Scholar 

  19. Fouotsa T.B.: SIDH with masked torsion point images. Cryptology ePrint Archive, Paper 2022/1054 (2022). https://eprint.iacr.org/2022/1054.

  20. Fouotsa T.B., Moriya T., Petit C.: M-SIDH and MD-SIDH: countering SIDH attacks by masking information. In: Hazay C., Stam M. (eds.) Advances in Cryptology–EUROCRYPT 2023, pp. 282–309. Springer, Cham (2023).

    Chapter  Google Scholar 

  21. Frey G., Rück H.-G.: A remark concerning M-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62(206), 865–874 (1994).

    ADS  MathSciNet  Google Scholar 

  22. Galbraith, S.: Pairings. London Mathematical Society Lecture Note Series, pp. 183–214. Cambridge University Press, New York (2005).

  23. Hutchinson A., Karabina K., Pereira G.: Memory optimization techniques for computing discrete logarithms in compressed SIKE. In: Cheon J.H., Tillich J.-P. (eds.) Post-Quantum Cryptography, pp. 296–315. Springer, Cham (2021).

    Chapter  Google Scholar 

  24. Hutchinson A., LeGrow J., Koziel B., Azarderakhsh R.: Further optimizations of CSIDH: a systematic approach to efficient strategies, permutations, and bound vectors. In: Conti M., Zhou J., Casalicchio E., Spognardi A. (eds.) Applied Cryptography and Network Security, pp. 481–501. Springer, Cham (2020).

    Chapter  Google Scholar 

  25. Jao D., De Feo L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang B.-Y. (ed.) Post-Quantum Cryptography, pp. 19–34. Springer, Berlin (2011).

    Chapter  Google Scholar 

  26. Lin K., Lin J., Wang W., Zhao C.-A.: Faster public-key compression of SIDH with less memory. IEEE Trans. Comput. 72(9), 2668–2676 (2023).

    Article  Google Scholar 

  27. Lin K., Wang W., Wang L., Zhao C.-A.: An alternative approach for computing discrete logarithms in compressed SIDH. Cryptology ePrint Archive, Paper 2021/1528 (2021).

  28. Lin K., Wang W., Xu Z., Zhao C.-A.: A faster software implementation of SQISign. Cryptology ePrint Archive. Paper 2023/753, (2023).

  29. Maino L., Martindale C., Panny L., Pope G., Wesolowski B.: A direct key recovery attack on SIDH. In: Hazay C., Stam M. (eds.) Advances in Cryptology–EUROCRYPT 2023, pp. 448–471. Springer, Cham (2023).

    Chapter  Google Scholar 

  30. Miller V.S.: The Weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004).

    Article  MathSciNet  Google Scholar 

  31. Moriya T.: Masked-degree SIDH. Cryptology ePrint Archive. Paper 2022/1019 (2022). https://eprint.iacr.org/2022/1019.

  32. Naehrig M., Renes J.: Dual isogenies and their application to public-key compression for isogeny-based cryptography. In: Galbraith S.D., Moriai S. (eds.) Advances in Cryptology–ASIACRYPT 2019, pp. 243–272. Springer, Cham (2019).

    Chapter  Google Scholar 

  33. Pereira G.C.C.F., Barreto P.S.L.M.: Isogeny-based key compression without pairings. In: Garay J.A. (ed.) Public-Key Cryptography–PKC 2021, pp. 131–154. Springer, Cham (2021).

    Chapter  Google Scholar 

  34. Pereira G.C.C.F., Doliskani J., Jao D.: \(x\)-only point addition formula and faster compressed SIKE. J. Cryptogr. Eng. 11, 57–69 (2021).

    Article  Google Scholar 

  35. Pizer A.K.: Ramanujan graphs and Hecke operators. Bull. Am. Math. Soc. 23(1), 127–137 (1990).

    Article  MathSciNet  Google Scholar 

  36. Pohlig S., Hellman M.: An improved algorithm for computing logarithms over GF(\(p\)) and its cryptographic significance (CORRESP.). IEEE Trans. Inf. Theor. 24(1), 106–110 (1978).

  37. Reijnders K.: Effective pairings in isogeny-based cryptography. In: Aly A., Tibouchi M. (eds.) Progress in Cryptology–LATINCRYPT 2023, pp. 109–128. Springer, Cham (2023).

    Chapter  Google Scholar 

  38. Robert D.: Breaking SIDH in polynomial time. In: Hazay C., Stam M. (eds.) Advances in Cryptology–EUROCRYPT 2023, pp. 472–503. Springer, Cham (2023).

    Chapter  Google Scholar 

  39. Scott M., Barreto P.S.L.M.: Compressed pairings. In: Franklin M. (ed.) Advances in Cryptology–CRYPTO (2004), pp. 140–156. Springer, Berlin (2004).

    Chapter  Google Scholar 

  40. Sutherland A.: Order computations in generic groups. PhD thesis, Massachusetts Institute of Technology (2007).

  41. Tate J.: \(WC\)-groups over \(p\)-adic fields. Exposé no. 156. In: Années 1956/57–1957/58, exposés 137-168. Séminaire Bourbaki, vol. 4, pp. 265–277 (1956–1958).

  42. The National Institute of Standards and Technology (NIST): Post-quantum cryptography standardization (2022). https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization.

  43. The Sage Developers: SageMath, the Sage Mathematics Software System (version 9.5) (2022). https://sagemath.org.

  44. Vélu J.: Isogénies entre courbes elliptiques. Comptes Rendus Hebdomadaires des Séances de l’Académie des Sciences, Série A 273, 238–241 (1971).

    Google Scholar 

  45. Zanon G.H.M., Simplicio M.A., Pereira G.C.C.F., Doliskani J., Barreto P.S.L.M.: Faster key compression for isogeny-based cryptosystems. IEEE Trans. Comput. 68(5), 688–701 (2019).

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

We thank all the reviewers for their constructive comments. This work is supported by Guangdong Major Project of Basic and Applied Basic Research (No. 2019B030302008) and the National Natural Science Foundation of China (No. 61972428).

Author information

Authors and Affiliations

  1. School of Mathematics, Sun Yat-sen University, Guangzhou, 510275, Guangdong, China

    Kaizhan Lin, Jianming Lin, Shiping Cai, Weize Wang & Chang-An Zhao

  2. Guangdong Key Laboratory of Information Security, Guangzhou, 510006, Guangdong, China

    Chang-An Zhao

Authors
  1. Kaizhan Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianming Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shiping Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Weize Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chang-An Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chang-An Zhao.

Additional information

Communicated by A. Enge.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lin, K., Lin, J., Cai, S. et al. Compressed M-SIDH: an instance of compressed SIDH-like schemes with isogenies of highly composite degrees. Des. Codes Cryptogr. (2024). https://doi.org/10.1007/s10623-024-01368-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10623-024-01368-z

Keywords

Mathematics Subject Classification

Search

Navigation