3 Hits in 0.82 sec

CTIDH: faster constant-time CSIDH

Gustavo Banegas, Daniel J. Bernstein, Fabio Campos, Tung Chou, Tanja Lange, Michael Meyer, Benjamin Smith, Jana Sotáková
2021 Transactions on Cryptographic Hardware and Embedded Systems  
This paper introduces a new key space for CSIDH and a new algorithm for constant-time evaluation of the CSIDH group action.  ...  For example, for CSIDH-512 with a 256-bit key space, the best previous constant-time results used 789000 multiplications and more than 200 million Skylake cycles; this paper uses 438006 multiplications  ...  The high-ctidh speeds are much faster, and have the added feature of constant-time verification using valgrind.  ... 
doi:10.46586/tches.v2021.i4.351-387 fatcat:nr4ue2uyqndzjl6luqbwb7tuse

On new Vélu's formulae and their applications to CSIDH and B-SIDH constant-time implementations [article]

Gora Adj, Jesús-Javier Chi-Domínguez, Francisco Rodríguez-Henríquez
2020 IACR Cryptology ePrint Archive  
Compared to a traditional Vélu constanttime implementation of CSIDH, our experimental results report a saving of 5.357%, 13.68% and 25.938% base field operations for CSIDH-512, CSIDH-1024, and CSIDH-1792  ...  We also report an optimized Python3-code implementation of several instantiations of two isogeny-based key-exchange protocols, namely, CSIDH and B-SIDH.  ...  This allows us to present the first application of √ élu to constant-time implementations of the CSIDH-512, CSIDH-1024, and CSIDH-1792 instantiations.  ... 
dblp:journals/iacr/AdjCR20 fatcat:saqfe5uiwbhzbns6h6oatpx4qm

Post-Quantum Signal Key Agreement with SIDH [article]

Samuel Dobson, Steven D. Galbraith
2021 IACR Cryptology ePrint Archive  
It also benefits from the efficiency of SIDH as a key-exchange protocol, compared to other post-quantum key exchange protocols such as CSIDH.  ...  Based on NIST security level 1, we compare the fast, constant time CTIDH [BBC + 21] implementation of CSIDH-512 with the SIKEp434 parameter set. According to Banegas et al.  ...  For example, SIDH is much faster than CSIDH, used in Brendel et al.  ... 
dblp:journals/iacr/DobsonG21 fatcat:7sbjwanzqbeqnmwfeg5zgrjtva