Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

An Implementation of Supersingular Isogeny Diffie-Hellman and Its Application to Mobile Security Product

초특이 아이소제니 Diffie-Hellman의 구현 및 모바일 보안 제품에서의 응용

  • Received : 2017.11.30
  • Accepted : 2018.01.05
  • Published : 2018.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

There has been increasing interest from NIST and other companies in studying post-quantum cryptography in order to resist against quantum computers. Multivariate polynomial based, code based, lattice based, hash based digital signature, and isogeny based cryptosystems are one of the main categories in post quantum cryptography. Among these categories, isogeny based cryptosystem is known to have shortest key length. In this paper, we implemented Supersingular Isogeny Diffie-Hellman (SIDH) protocol efficiently on low-end mobile device. Considering the device's specification, we select supersingular curve on 523 bit prime field, and generate efficient isogeny computation tree. Our implementation of SIDH module is targeted for 32bit environment.

미래의 양자 컴퓨팅 환경에 대응한 양자내성 암호 알고리즘의 연구 개발이 NIST를 비롯한 국내외 연구기관 및 기업들의 참여 하에 활발히 이루어지고 있다. 양자내성 암호 알고리즘으로는 다변수다항식-기반, 부호-기반, 격자-기반, 해시-기반, 그리고 아이소제니-기반 암호 알고리즘들이 연구되고 있다. 그 중에서 아이소제니-기반(isogeny-based) 암호 알고리즘은 가장 최근에 등장했으며 타원곡선 연산을 사용하고, 양자내성 암호 알고리즘들 중 가장 짧은 키 길이를 가지고 있어 주목받고 있다. 본 논문에서는 초특이 아이소제니 Diffie-Hellman (SIDH) 프로토콜을 저사양 모바일 환경에 적합하도록 파라미터를 선택하고 효율적으로 구현하였다. 파라미터로는 현재의 보안강도와 저사양 모바일 환경을 고려하여 523비트 소수 유한체 상에서 정의되는 초특이 타원곡선을 선택하였으며 그에 최적화된 아이소제니 계산 전략 트리를 생성하였다. 적용 SIDH 모듈은 32비트 환경에서 동작하도록 구현하였다.

Keywords

References

  1. R. Azarderakhsh, D. Jao, K. Kalach, and C. Leonardi, "Key compression for isogeny-based cryptosystems," Proceedings of the 3rd ACM International Workshop, pp.1-10, 2016
  2. J. Biasse, D. Jao, and A. Sankar, "A quantum algorithm for computing isogenies between supersingular elliptic curves," INDOCRYPT 2014, pp. 428-442, 2014
  3. R. Broker, "Constructing supersingular elliptic curves," J. Comb. Number Theory, pp. 269-273, 2009
  4. A. Childs, D. Jao, and V. Soukharev, "Constructing elliptic curves isogenies in quantum subexponential time," Journal of Mathematical Cryptology, vol. 8, no. 1, pp. 1-29, 2014 https://doi.org/10.1515/jmc-2012-0016
  5. C. Costello, D. Jao, P. Longa, M. Naehrig, J. Renes, and D. Urbanik, "Efficient compression of SIDH public keys," EUROCRYPT 2017, pp. 679-706, 2017
  6. C. Costello, P. Longa, and M. Naehrig, "Efficient algorithms for supersingular isogeny Diffie-Hellman," CRYPTO 2016, pp. 572-601, 2016
  7. L. De Feo, D. Jao, and J. Plut, "Towards quantum-resistant cryptosystems from supersingular elliptic curves isogenies," PQCrypto 2011, pp. 19-34, 2011
  8. C. Delfs and S. D. Galbraith, "Computing isogenies between supersingular elliptic curves over Fp," Des. Codes Cryptography, vol. 78, no.2, pp. 425-440, 2016 https://doi.org/10.1007/s10623-014-0010-1
  9. S. Galbraith, "Constructing isogenies between elliptic curves over finite fields," LMS Journal of Computation and Mathematics, vol. 2, pp. 118-138, 1999 https://doi.org/10.1112/S1461157000000097
  10. S. D. Galbraith, C. Petit, and B. Shani, Y. Bo Ti, "On the security of supersingular isogeny cryptosystems," ASIACRYPT 2016, pp. 63-91, 2016
  11. S. Galbraith, C. Petit, and J. Silva, "Signature schemes based on supersingular isogeny problems," eprint, 2016
  12. A. Gelin, and B. Wesolowski, "Loopabort faults on supersingular isogeny cryptosystems," PQCrypto 2017, pp. 93-106, 2017
  13. A. Stolbunov, "Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves," Adv. Math. Commun., vol. 4, no. 2, pp. 215-235, 2010 https://doi.org/10.3934/amc.2010.4.215
  14. T. Seiichiro, "Claw finding algorithms using quantum walk," Theoretical Computer Science, vol. 410, no. 50, pp. 5285-5297, 2009 https://doi.org/10.1016/j.tcs.2009.08.030
  15. P. Shor, "Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer," SIAM J. Comput., vol. 26, no. 5, pp. 1484-1509, 1997 https://doi.org/10.1137/S0097539795293172
  16. A. Stolbunov, "Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves," Adv. in Math. of Comm, vol. 4, no. 2, pp. 251-235, 2010
  17. J. Velu, "Isogenies entre courbes elliptiques," C.R. Acad. Sc. Paris, Serie A., vol. 273, pp. 238-241, 1971
  18. Yan Bo Ti, "Fault attack on supersingular isogeny cryptosystems," PQCrypto 2017, pp. 107-122, 2017
  19. Y. Yoo, R. Azarderakhsh, A. Jalali, D. Jao, and V. Soukharev, "A post-quantum digital signature scheme based on supersingular isogenies," International Conference on Financial Cryptography and Data Security, pp. 163-181, 2017