Performance and Efficiency Evaluation of M-SIDH
As the recent Castryck-Decru attack recovers the private key of SIDH in polynomial time, various methods have been proposed to prevent the attack. Among these, M-SIDH, proposed by Fouotsa et al., counters the Castryck-Decru attack by masking the torsion-point information transmitted during the key e...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10786215/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | As the recent Castryck-Decru attack recovers the private key of SIDH in polynomial time, various methods have been proposed to prevent the attack. Among these, M-SIDH, proposed by Fouotsa et al., counters the Castryck-Decru attack by masking the torsion-point information transmitted during the key exchange process. In this paper, we implement M-SIDH and examine its performance. To the best of our knowledge, this is the first C language implementation of M-SIDH. In this regard, we propose a method for selecting parameters for M-SIDH and introduce a 2048-bit and a 4096-bit prime for the implementation, targeting the 48-bit and 94-bit classical security levels, respectively. We also optimize the square-root Velu formula in the context of SIDH. The original square-root Velu formula has been used in CSIDH-based systems, where an evaluation of a single point only needs to be performed. In this paper, we suggest an optimal method to use the square-root Velu formula in the SIDH environment, which requires multiple isogeny evaluations. Our implementation results show that MSIDH-2048 and MSIDH-4096 take 16.20s and 190.45s, respectively. |
|---|---|
| ISSN: | 2169-3536 |