Advertisement

Supersingular Isogeny Diffie–Hellman Authenticated Key Exchange

  • Atsushi FujiokaEmail author
  • Katsuyuki Takashima
  • Shintaro Terada
  • Kazuki Yoneyama
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11396)

Abstract

We propose two authenticated key exchange protocols from supersingular isogenies. Our protocols are the first post-quantum one-round Diffie–Hellman type authenticated key exchange ones in the following points: one is secure under the quantum random oracle model and the other resists against maximum exposure where a non-trivial combination of secret keys is revealed. The security of the former and the latter is proven under isogeny versions of the decisional and gap Diffie–Hellman assumptions, respectively. We also propose a new approach for invalidating the Galbraith–Vercauteren-type attack for the gap problem.

Keywords

One-round authenticated key exchange Supersingular isogeny decisional Diffie–Hellman assumption Degree-insensitive supersingular isogeny gap Diffie–Hellman assumption CK model CK\(^{+}\) model Quantum adversary 

References

  1. 1.
    Ambainis, A., Rosmanis, A., Unruh, D.: Quantum attacks on classical proof systems: the hardness of quantum rewinding. In: FOCS 2014, pp. 474–483 (2014)Google Scholar
  2. 2.
    Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., Leonardi, C.: Key compression for isogeny-based cryptosystems. In: AsiaPKC 2016, pp. 1–10 (2016)Google Scholar
  3. 3.
    Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_3CrossRefzbMATHGoogle Scholar
  4. 4.
    Bos, J.W., Friedberger, S.: Fast arithmetic modulo \(2^{\text{x}}\)\({\text{ p }}^{\text{ y }} \pm 1\). In: ARITH 2017, pp. 148–155 (2017)Google Scholar
  5. 5.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_28CrossRefGoogle Scholar
  6. 6.
    Charles, D., Lauter, K., Goren, E.: Cryptographic hash functions from expander graphs. J. Crypt. 22(1), 93–113 (2009)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Childs, A., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Crypt. 8(1), 1–29 (2014)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Costello, C., Jao, D., Longa, P., Naehrig, M., Renes, J., Urbanik, D.: Efficient compression of SIDH public keys. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 679–706. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_24CrossRefGoogle Scholar
  9. 9.
    Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_21CrossRefGoogle Scholar
  10. 10.
    Dagdelen, Ö., Fischlin, M., Gagliardoni, T.: The fiat–shamir transformation in a quantum world. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 62–81. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42045-0_4CrossRefzbMATHGoogle Scholar
  11. 11.
    De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Crypt. 8(3), 209–247 (2014)MathSciNetzbMATHGoogle Scholar
  12. 12.
    Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism. In: ASIACCS 2013, pp. 83–94 (2013)Google Scholar
  13. 13.
    Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. Des. Codes Crypt. 76(3), 469–504 (2015). A preliminary version appeared in PKC 2012 (2012)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Galbraith, S.D.: Authenticated key exchange for SIDH. IACR Cryptology ePrint Archive 2018, 266 (2018). http://eprint.iacr.org/2018/266
  15. 15.
    Galbraith, S.D., Petit, C., Shani, B., Ti, Y.B.: On the security of supersingular isogeny cryptosystems. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 63–91. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_3CrossRefGoogle Scholar
  16. 16.
    Galbraith, S.D., Vercauteren, F.: Computational problems in supersingular elliptic curve isogenies. IACR Cryptology ePrint Archive 2017, 774 (2017). http://eprint.iacr.org/2017/774
  17. 17.
    Jao, D., et al.: Supersingular Isogeny Key Encapsulation (SIKE). Submission to NIST Post-Quantum Cryptography Standardization (2017)Google Scholar
  18. 18.
    Jeong, I.R., Katz, J., Lee, D.H.: One-round protocols for two-party authenticated key exchange. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 220–232. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24852-1_16CrossRefGoogle Scholar
  19. 19.
    Koziel, B., Azarderakhsh, R., Kermani, M.M., Jao, D.: Post-quantum cryptography on FPGA based on isogenies on elliptic curves. IEEE Trans. Circuits Syst. 64–I(1), 86–99 (2017)CrossRefGoogle Scholar
  20. 20.
    Koziel, B., Jalali, A., Azarderakhsh, R., Jao, D., Mozaffari-Kermani, M.: NEON-SIDH: efficient implementation of supersingular isogeny Diffie-Hellman key exchange protocol on ARM. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 88–103. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-48965-0_6CrossRefGoogle Scholar
  21. 21.
    Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_33CrossRefGoogle Scholar
  22. 22.
    LeGrow, J., Jao, D., Azarderakhsh, R.: Modeling quantum-safe authenticated key establishment, and an isogeny-based protocol. IACR Cryptology ePrint Archive 2018, 282 (2018). http://eprint.iacr.org/2018/282
  23. 23.
    Longa, P.: A note on post-quantum authenticated key exchange from supersingular isogenies. IACR Cryptology ePrint Archive 2018, 267 (2018). http://eprint.iacr.org/2018/267
  24. 24.
    National Institute of Standards and Technology: Post-Quantum crypto standardization: Call for Proposals Announcement, December 2016. http://csrc.nist.gov/groups/ST/post-quantum-crypto/cfp-announce-dec2016.html
  25. 25.
    Petit, C.: Faster algorithms for isogeny problems using torsion point images. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 330–353. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70697-9_12CrossRefGoogle Scholar
  26. 26.
    Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. IACR Cryptology ePrint Archive 2006, 145 (2006). http://eprint.iacr.org/2006/145
  27. 27.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Sutherland, A.: Identifying supersingular elliptic curves. LMS J. Comput. Math. 15, 317–325 (2012)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Thormarker, E.: Post-quantum cryptography: supersingular isogeny Diffie-Hellman key exchange. Master’s thesis, Stockholm University (2017)Google Scholar
  30. 30.
    Urbanik, D., Jao, D.: SoK: the problem landscape of SIDH. In: APKC 2018, pp. 53–60 (2018)Google Scholar
  31. 31.
    Xu, X., Xue, H., Wang, K., Tian, S., Liang, B., Yu, W.: Strongly secure authenticated key exchange from supersingular isogeny. IACR Cryptology ePrint Archive 2018, 760 (2018). http://eprint.iacr.org/2018/760
  32. 32.
    Zhandry, M.: How to construct quantum random functions. In: FOCS 2012, pp. 679–687 (2012)Google Scholar
  33. 33.
    Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758–775. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_44CrossRefzbMATHGoogle Scholar
  34. 34.
    Zhandry, M.: How to record quantum queries, and applications to quantum indifferentiability. IACR Cryptology ePrint Archive 2018, 276 (2018). http://eprint.iacr.org/2018/276

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Atsushi Fujioka
    • 1
    Email author
  • Katsuyuki Takashima
    • 2
  • Shintaro Terada
    • 3
  • Kazuki Yoneyama
    • 3
  1. 1.Kanagawa UniversityKanagawaJapan
  2. 2.Mitsubishi ElectricKanagawaJapan
  3. 3.Ibaraki UniversityIbarakiJapan

Personalised recommendations