IET Information Security (Sep 2021)

Extended supersingular isogeny Diffie–Hellman key exchange protocol: Revenge of the SIDH

  • Daniel Cervantes‐Vázquez,
  • Eduardo Ochoa‐Jiménez,
  • Francisco Rodríguez‐Henríquez

DOI
https://doi.org/10.1049/ise2.12027
Journal volume & issue
Vol. 15, no. 5
pp. 364 – 374

Abstract

Read online

Abstract The supersingular isogeny Diffie–Hellman key exchange protocol (SIDH) was introduced by Jao and De Feo in 2011. SIDH operates on supersingular elliptic curves defined over Fp2, where p is a large prime number of the form p=4eA3eB−1 and eA and eB are positive integers such that 4eA≈3eB. A variant of the SIDH protocol, dubbed extended SIDH (eSIDH), is presented. The eSIDH makes use of primes of the form p=4eAℓBeBℓCeCf−1. Here ℓB and ℓC are two small prime numbers; f is a cofactor; and eA, eB, and eC are positive integers such that 4eA≈ℓBeBℓCeC. It is shown that for many relevant instantiations of the SIDH protocol, this new family of primes enjoys faster field arithmetic than the one associated with traditional SIDH primes. Furthermore, its richer opportunities for parallelism yield a noticeable speed‐up factor when implemented on multicore platforms. A supersingular isogeny key encapsulation (SIKE) instantiation using the prime eSIDH‐p765 yields an acceleration factor of 1.06, 1.15 and 1.14 over a SIKE instantiation with the prime SIKE‐p757 when implemented on k = {1, 2, 3}‐core processors. To the authors’ knowledge, this work reports the first multicore implementation of SIDH and SIKE.

Keywords