Conference Agenda

Overview and details of the sessions of this conference. Please select a date or location to show only sessions at that day or location. Please select a single session for detailed view (with abstracts and downloads if available).

 
Session Overview
Session
MS145, part 2: Isogenies in Cryptography
Time:
Thursday, 11/Jul/2019:
10:00am - 12:00pm

Location: Unitobler, F-123
52 seats, 100m^2

Presentations
10:00am - 12:00pm

Isogenies in Cryptography

Chair(s): Tanja Lange (Eindhoven University of Technology, Netherlands, The), Chloe Martindale (Eindhoven University of Technology, Netherlands, The), Lorenz Panny (Eindhoven University of Technology, Netherlands, The)

The isogeny graph of elliptic curves over finite fields has long been a subject of study in algebraic geometry and number theory. During the past 10 years several authors have shown multiple applications in cryptology. One interesting feature is that systems built on isogenies seem to resist attacks by quantum computers, making them the most recent family of cryptosystems studied in post-quantum cryptography.

This mini-symposium brings together presentations on cryptosystems built on top of isogenies, their use in applications, and different approaches to the cryptanalysis, including quantum cryptanalysis.

 

(25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise)

 

Constant-time isogeny implementations

David Jao
University of Waterloo

We discuss recent progress in implementing isogeny-based cryptosystems in constant time to resist side-channel attacks. We propose an implementation of supersingular isogeny Diffie-Hellman (SIDH) for complete Edwards curves. While the use of Edwards curves does not actually provide a faster implementation of SIDH, it does provide some security benefits against side-channel attacks. In addition, we present an optimized, constant-time software library for the Commutative supersingular isogeny Diffie-Hellman key exchange (CSIDH) scheme proposed by Castryck et al., targeting 64-bit ARM processors, and designed to offer resistance against SPA and DPA side-channel attacks.

SIDH results are joint work of Reza Azarderakhsh, Elena Bakos Lang, David Jao, and Brian Koziel.

CSIDH results are joint work of Amir Jalali, Reza Azarderakhsh, Mehran Mozaffari Kermani, and David Jao.

 

Isogeny-based cryptography: a cryptanalysis perspective

Christophe Petit
Birmingham University

In this talk I will survey known results on the security of isogeny-based protocols.
 

Fast isogeny-based signatures

Frederik Vercauteren
KU Leuven

Although several isogeny based signature schemes have been proposed, none of them can be considered really practical. In this talk I will describe a signature scheme based on CSIDH that has moderate public key sizes and is very efficient, in particular, signing a message only requires a couple of hundreds of milliseconds.

 

Orienting supersingular isogeny graphs

David Kohel
University of Marseilles

Supersingular isogeny graphs have been used in the Charles–Goren–Lauter cryptographic hash function and the supersingular isogeny Diffie–Hellman (SIDH) protocol of De Feo and Jao. A recently proposed alternative to SIDH is the commutative supersingular isogeny Diffie–Hellman (CSIDH) protocol, which in which the isogeny graph is first restricted to Fp-rational curves E and Fp-rational isogenies then oriented by the quadratic subring Z[π] ⊂ End(E) generated by the Frobenius endomorphism π : E → E. We introduce a general notion of orienting supersingular elliptic curves and their isogenies, and use this as the basis to construct a general oriented supersingular isogeny Diffie-Hellman (OSIDH) protocol.