Post-Quantum Isogeny-Based Cryptography Gets Practical (Q12c)
This presentation will describe recent progress on supersingular isogeny-based cryptography and our efforts to make it practical for real-world use. Abstract: Supersingular isogeny Diffie-Hellman (SIDH) has rapidly become one of the most popular key exchange mechanisms that is conjectured to provide security against large-scale quantum computer attacks. Equipped with the most compact keys among post-quantum candidates, SIDH (and isogeny-based schemes in general) inherits the rich arithmetic that made elliptic curve cryptography so popular in the last few decades. Just recently, these features have been increasingly attracting the interest of the research community, which is devoting effort to address SIDH’s most relevant challenges in terms of security and performance. In this presentation, we present recent progress tackling these two aspects. Specifically, we will describe: an IND-CCA key encapsulation scheme, called supersingular isogeny key encapsulation or SIKE, that solves the problem of key reuse in SIDH; an effcient selection of parameters matching NIST-recommended security levels; and algorithmic optimizations that, arguably, push supersingular isogeny-based crypto into the practical realm.