The isogeny-based cryptosystems are considered as one of post-quantum cryptosystems. Taraskin et al. proposed a password-based authenticated key exchange (PAKE) scheme from isogeny by extending Jao et al.’s supersingular isogeny Diffie-Hellman (SIDH) protocol. In their scheme, a new group action is introduced in addition to SIDH due to non-commutativity of SIDH in order to embed the password to the DH public key. Also, in the security proof, new non-standard assumptions regarding the new group action are necessary. It is not clear if these assumptions are really hard. In this paper, we propose new PAKE schemes, SIDH-EKE and CSIDH-EKE, which are secure under the standard assumptions (corresponding to the computational DH assumption). Our schemes are obtained by a combination of SIDH (or CSIDH, commutative SIDH) and EKE (encrypted key exchange). We prove security of our schemes under the same standard assumptions as original SIDH and CSIDH in the random oracle model and ideal cipher model. CSIDH-EKE achieves more compact communication overhead than Taraskin et al.’s scheme.
CITATION STYLE
Terada, S., & Yoneyama, K. (2019). Password-Based Authenticated Key Exchange from Standard Isogeny Assumptions. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11821 LNCS, pp. 41–56). Springer. https://doi.org/10.1007/978-3-030-31919-9_3
Mendeley helps you to discover research relevant for your work.