Robi Pedersen
ABSTRACT
We address the problem of speeding up isogeny computation for supersingular elliptic curves over finite fields using untrusted computational resources like third party servers or cloud service providers (CSPs). We first propose new, efficient and secure delegation schemes. This especially enables resource-constrained devices (e.g. smart cards, RFID tags, tiny sensor nodes) to effectively deploy post-quantum isogeny-based cryptographic protocols. To the best of our knowledge, these new schemes are the first attempt to generalize the classical secure delegation schemes for group exponentiations and pairing computation to an isogeny-based post-quantum setting. Then, we apply these secure delegation subroutines to improve the performance of supersingular isogeny-based zero-knowledge proofs of identity. Our experimental results show that, at the 128-bit quantum-security level, the proving party only needs about 3% of the original protocol cost, while the verifying party's effort is fully reduced to comparison operations. Lastly, we also apply our delegation schemes to decrease the computational cost of the decryption step for the NIST postquantum standardization candidate SIKE.
- Reza Azarderakhsh, Matthew Campagna, Craig Costello, LD De Feo, Basil Hess, A Jalali, D Jao, B Koziel, B LaMacchia, P Longa, et almbox. 2017. Supersingular isogeny key encapsulation. Submission to the NIST Post-Quantum Standardization project (2017).Google Scholar
- DJ Bernstein and T Lange. 2019. Explicit-formulas database. https://www.hyperelliptic.org/EFD (2019).Google Scholar
- Victor Boyko, Marcus Peinado, and Ramarathnam Venkatesan. 1998. Speeding up discrete log and factoring based schemes via precomputations. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 221--235.Google ScholarCross Ref
- Denis X. Charles, Kristin E. Lauter, and Eyal Z." Goren. 2009. Cryptographic Hash Functions from Expander Graphs. Journal of Cryptology (2009), 93--113.Google Scholar
- Xiaofeng Chen, Jin Li, Jianfeng Ma, Qiang Tang, and Wenjing Lou. 2014. New algorithms for secure outsourcing of modular exponentiations. IEEE Transactions on Parallel and Distributed Systems, Vol. 25, 9 (2014), 2386--2396.Google ScholarCross Ref
- Céline Chevalier, Fabien Laguillaumie, and Damien Vergnaud. 2016. Privately outsourcing exponentiation to a single server: cryptanalysis and optimal constructions. In European Symposium on Research in Computer Security. Springer, 261--278.Google ScholarCross Ref
- Andrew M. Childs, David Jao, and Vladimir Soukharev. 2014. Constructing elliptic curve isogenies in quantum subexponential time. J. Mathematical Cryptology, Vol. 8, 1 (2014), 1--29.Google ScholarCross Ref
- Craig Costello and Huseyin Hisil. 2017a. A Simple and Compact Algorithm for SIDH with Arbitrary Degree Isogenies. In Advances in Cryptology -- ASIACRYPT 2017. 303--329.Google Scholar
- Craig Costello and Huseyin Hisil. 2017b. A simple and compact algorithm for SIDH with arbitrary degree isogenies. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 303--329.Google ScholarCross Ref
- Craig Costello and Benjamin Smith. 2017. Montgomery curves and their arithmetic: The case of large characteristic fields. IACR Cryptology ePrint Archive, Vol. 2017 (2017), 212.Google Scholar
- Jean-marc Couveignes. 2006. Hard Homogeneous Spaces. https://eprint.iacr.org/2006/291.pdf.Google Scholar
- Giacomo De Meulenaer, Francc ois Gosset, Francc ois-Xavier Standaert, and Olivier Pereira. 2008. On the energy cost of communication and cryptography in wireless sensor networks. In 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications. IEEE, 580--585.Google ScholarDigital Library
- Peter De Rooij. 1994. Efficient exponentiation using precomputation and vector addition chains. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 389--399.Google Scholar
- Javad Doliskani, Geovandro CCF Pereira, and Paulo SLM Barreto. 2017. Faster Cryptographic Hash Function From Supersingular Isogeny Graphs. IACR Cryptology ePrint Archive, Vol. 2017 (2017), 1202.Google Scholar
- Armando Faz-Hernández, Julio López, Eduardo Ochoa-Jiménez, and Francisco Rodríguez-Henríquez. 2018. A faster software implementation of the supersingular isogeny Diffie-Hellman key exchange protocol. IEEE Trans. Comput., Vol. 67, 11 (2018), 1622--1636.Google ScholarDigital Library
- Luca De Feo, Simon Masson, Christophe Petit, and Antonio Sanso. 2019. Verifiable Delay Functions from Supersingular Isogenies and Pairings. https://eprint.iacr.org/2019/166.pdf.Google Scholar
- Steven D Galbraith, Christophe Petit, Barak Shani, and Yan Bo Ti. 2016. On the security of supersingular isogeny cryptosystems. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 63--91.Google ScholarCross Ref
- Lov K Grover. 1996. A fast quantum mechanical algorithm for database search. arXiv preprint quant-ph/9605043 (1996).Google Scholar
- Susan Hohenberger and Anna Lysyanskaya. 2005. How to securely outsource cryptographic computations. In Theory of Cryptography Conference. Springer, 264--282.Google ScholarDigital Library
- Amir Jalali, Reza Azarderakhsh, Mehran Mozaffarin Kermani, and David Jao. 2019. Towards Optimized and Constant-Time CSIDH on Embedded Devices. https://eprint.iacr.org/2019/297.pdf.Google Scholar
- David Jao and Luca De Feo. 2011. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In International Workshop on Post-Quantum Cryptography. Springer, 19--34.Google ScholarDigital Library
- Mehmet Sabir Kiraz and Osmanbey Uzunkol. 2016. Efficient and verifiable algorithms for secure outsourcing of cryptographic computations. International Journal of Information Security, Vol. 15, 5 (2016), 519--537.Google ScholarDigital Library
- Microsoft Research. 2019. PQCrypto-SIDH v3.0 Library. https://github.com/Microsoft/PQCrypto-SIDH (2019).Google Scholar
- Peter L Montgomery. 1987. Speeding the Pollard and elliptic curve methods of factorization. Mathematics of computation, Vol. 48, 177 (1987), 243--264.Google Scholar
- Stephan Moritz and Osmanbey Uzunkol. 2018. A More Efficient Secure Fully Verifiable Delegation Scheme for Simultaneous Group Exponentiations. In International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments. Springer, 74--93.Google ScholarCross Ref
- Phong Q Nguyen, Igor E Shparlinski, and Jacques Stern. 2001. Distribution of modular sums and the security of the server aided exponentiation. In Cryptography and Computational Number Theory. Springer, 331--342.Google Scholar
- NIST. 2019. NIST Reveals 26 Algorithms Advancing to the Post-Quantum Crypto 'Semifinals'. https://www.nist.gov/news-events/news/2019/01/nist-reveals-26-algorithms-advancing-post-quantum-crypto-semifinals.Google Scholar
- Christophe Petit. 2017. Faster Algorithms for Isogeny Problems Using Torsion Point Images. In Advances in Cryptology -- ASIACRYPT 2017. 330--353.Google Scholar
- Joost Renes. 2018. Computing isogenies between Montgomery curves using the action of (0, 0). In International Conference on Post-Quantum Cryptography. Springer, 229--247.Google ScholarCross Ref
- Claus-Peter Schnorr. 1989. Efficient identification and signatures for smart cards. In Conference on the Theory and Application of Cryptology. Springer, 239--252.Google ScholarDigital Library
- Claus-Peter Schnorr. 1991. Efficient signature generation by smart cards. Journal of cryptology, Vol. 4, 3 (1991), 161--174.Google ScholarDigital Library
- Peter W. Shor. 1994. Algorithms for Quantum Computation: Discrete Logarithms and Factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science. 124--134.Google ScholarDigital Library
- SIKE. 2018. Supersingular Isogeny Key Encapsulation. https://sike.org.Google Scholar
- Joseph H Silverman. 2009. The arithmetic of elliptic curves. Vol. 106. Springer Science & Business Media.Google Scholar
- Martin Lysoe Sommerseth and Haakon Hoeiland. 2015. Pohlig-Hellman Applied in Elliptic Curve Cryptography. (2015).Google Scholar
- Anton Stolbunov. 2010. Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Adv. in Math. of Comm., Vol. 4, 2 (2010), 215--235.Google ScholarCross Ref
- Osmanbey Uzunkol, Jothi Rangasamy, and Lakshmi Kuppusamy. 2018. Hide the Modulus: a secure non-interactive fully verifiable delegation scheme for modular exponentiations via CRT. In International Conference on Information Security. Springer, 250--267.Google ScholarCross Ref
- Yujue Wang, Qianhong Wu, Duncan S Wong, Bo Qin, Sherman SM Chow, Zhen Liu, and Xiao Tan. 2014. Securely outsourcing exponentiations with single untrusted program for cloud storage. In European Symposium on Research in Computer Security. Springer, 326--343.Google ScholarCross Ref
- Nolan Winkler. [n.d.]. THE DISCRETE LOG PROBLEM AND ELLIPTIC CURVE CRYPTOGRAPHY. ( [n.,d.]).Google Scholar
- Youngho Yoo, Reza Azarderakhsh, Amir Jalali, David Jao, and Vladimir Soukharev. 2017. A Post-quantum Digital Signature Scheme Based on Supersingular Isogenies. In Financial Cryptography and Data Security. Cham, 163--181.Google Scholar
Index Terms
- Secure Delegation of Isogeny Computations and Cryptographic Applications
Recommendations
Delegating Supersingular Isogenies over with Cryptographic Applications
Information Security and Cryptology – ICISC 2021AbstractAlthough isogeny-based cryptographic schemes enjoy the smallest key sizes amongst current post-quantum cryptographic candidates, they come at a high computational cost, making their deployment on the ever-growing number of resource-constrained ...
Provably secure delegation-by-certification proxy signature schemes
InfoSecu '04: Proceedings of the 3rd international conference on Information securityIn this paper, we first show that a previous proxy signature scheme by delegation with certificate is not provably secure under adaptive-chosen message attacks and adaptive-chosen warrant attacks. The scheme does not provide the strong undeniability. ...
Secure and Efficient Scheme for Delegation of Signing Rights
Information and Communications SecurityAbstractA proxy signature scheme enables a signer to transfer its signing rights to any other user, called the proxy signer, to produce a signature on its behalf. Multi-proxy signature is a proxy signature primitive which enables a user to transfer its ...
Comments