The SQALE of CSIDH: sublinear Vélu quantum-resistant isogeny action with low exponents

• Published in: Journal of cryptographic engineering Vol. 12; no. 3; pp. 349 - 368
• Main Authors: Chávez-Saab, Jorge, Chi-Domínguez, Jesús-Javier, Jaques, Samuel, Rodríguez-Henríquez, Francisco
• Format: Journal Article
• Language: English
• Published: Berlin/Heidelberg Springer Berlin Heidelberg 01.09.2022; Springer Nature B.V
• Subjects: Circuits and Systems; Communications Engineering; Computer Communication Networks; Computer Science; Cryptology; Data Structures and Information Theory; Networks; Operating Systems; Regular Paper; Security; Isogeny-based cryptography; Post-quantum cryptography; Quantum cryptanalysis; Constant time implementations; Finite field arithmetic
• ISSN: 2190-8508; 2190-8516
• DOI: 10.1007/s13389-021-00271-w

Recent independent analyses by Bonnetain–Schrottenloher and Peikert in Eurocrypt 2020 significantly reduced the estimated quantum security of the isogeny-based commutative group action key-exchange protocol CSIDH. This paper refines the estimates of a resource-constrained quantum collimation sieve attack to give a precise quantum security to CSIDH. Furthermore, we optimize large CSIDH parameters for performance while still achieving the NIST security levels 1, 2, and 3. Finally, we provide a C-code constant-time implementation of those CSIDH large instantiations using the square-root-complexity Vélu’s formulas recently proposed by Bernstein, De Feo, Leroux and Smith.