Key compression for isogeny-based cryptosystems

78Citations
Citations of this article
38Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We present a method for key compression in quantumresistant isogeny-based cryptosystems, which allows a reduction in and transmission costs of per-party public information by a factor of two, with no effect on security. We achieve this reduction by associating a canonical choice of elliptic curve to each j-invariant, and representing elements on the curve as linear combinations with respect to a canonical choice of basis. This method of compressing public information can be applied to numerous isogeny-based protocols, such as key exchange, zero-knowledge identification, and public-key encryption. We performed personal computer and ARM implementations of the key exchange with compression and decompression in C and provided timing results, showing the computational cost of key compression and decompression at various security levels. Our results show that isogeny-based cryptosystems achieve by far the smallest possible key sizes among all existing families of post-quantum cryptosystems at practical security levels; e.g. 3073-bit public keys at the quantum 128-bit security level, comparable to (non-quantum) RSA key sizes.

Cite

CITATION STYLE

APA

Azarderakhsh, R., Jao, D., Kalach, K., Koziel, B., & Leonardi, C. (2016). Key compression for isogeny-based cryptosystems. In AsiaPKC 2016 - Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, Co-located with Asia CCS 2016 (pp. 1–10). Association for Computing Machinery, Inc. https://doi.org/10.1145/2898420.2898421

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free