Abstract
We present a method for key compression in quantumresistant isogeny-based cryptosystems, which allows a reduction in and transmission costs of per-party public information by a factor of two, with no effect on security. We achieve this reduction by associating a canonical choice of elliptic curve to each j-invariant, and representing elements on the curve as linear combinations with respect to a canonical choice of basis. This method of compressing public information can be applied to numerous isogeny-based protocols, such as key exchange, zero-knowledge identification, and public-key encryption. We performed personal computer and ARM implementations of the key exchange with compression and decompression in C and provided timing results, showing the computational cost of key compression and decompression at various security levels. Our results show that isogeny-based cryptosystems achieve by far the smallest possible key sizes among all existing families of post-quantum cryptosystems at practical security levels; e.g. 3073-bit public keys at the quantum 128-bit security level, comparable to (non-quantum) RSA key sizes.
Author supplied keywords
Cite
CITATION STYLE
Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., & Leonardi, C. (2016). Key compression for isogeny-based cryptosystems. In AsiaPKC 2016 - Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, Co-located with Asia CCS 2016 (pp. 1–10). Association for Computing Machinery, Inc. https://doi.org/10.1145/2898420.2898421
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
