A ✘✘✘✘ Magical parallel variant of SIDH ❳❳❳❳ ✘ ❳ Daniel Cervantes-V´ azquez Eduardo Ochoa-Jim´ enez Francisco Rodr´ ıguez-Henr´ quez September 10, 2018 A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 1 / 6
Story plot We present here a ✘✘✘ magical parallel variant of the Supersingular Isogeny ❳❳❳ ✘ ❳ Diffie-Hellman (SIDH) protocol, which is also applicable to the Supersingular Isogeny Key Encapsulation (SIKE) protocol. A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 2 / 6
Story plot We present here a ✘✘✘ magical parallel variant of the Supersingular Isogeny ❳❳❳ ✘ ❳ Diffie-Hellman (SIDH) protocol, which is also applicable to the Supersingular Isogeny Key Encapsulation (SIKE) protocol. This variant is illustrated by Hermione, Ron and Harry, who have learned from their charm class how to cast the “Curvaverto” spell. A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 2 / 6
Story plot We present here a ✘✘✘ magical parallel variant of the Supersingular Isogeny ❳❳❳ ✘ ❳ Diffie-Hellman (SIDH) protocol, which is also applicable to the Supersingular Isogeny Key Encapsulation (SIKE) protocol. This variant is illustrated by Hermione, Ron and Harry, who have learned from their charm class how to cast the “Curvaverto” spell. Given a magical stone called Kernel (a bunch of points belonging to an Elliptic Curve), then the Curvaverto spell transforms an Elliptic Curve and two magical stones into another Curve. A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 2 / 6
Story plot We present here a ✘✘✘ magical parallel variant of the Supersingular Isogeny ❳❳❳ ✘ ❳ Diffie-Hellman (SIDH) protocol, which is also applicable to the Supersingular Isogeny Key Encapsulation (SIKE) protocol. This variant is illustrated by Hermione, Ron and Harry, who have learned from their charm class how to cast the “Curvaverto” spell. Given a magical stone called Kernel (a bunch of points belonging to an Elliptic Curve), then the Curvaverto spell transforms an Elliptic Curve and two magical stones into another Curve. Bye! Don’t ruin it! A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 2 / 6
Parameters 5 e 5 f − 1 2 e 2 3 e 3 p := Such that 3 e 3 5 e 5 ≈ 2 e 2 and 3 e 3 ≈ 5 e 5
Parameters Choose P 3 and Q 3 such that � P 3 , Q 3 � = E [3 e 3 ] Choose P 2 and Q 2 Choose P 5 and Q 5 such that � P 2 , Q 2 � = E [2 e 2 ] such that � P 5 , Q 5 � = E [5 e 5 ] 5 e 5 f − 1 2 e 2 3 e 3 p := Such that 3 e 3 5 e 5 ≈ 2 e 2 and 3 e 3 ≈ 5 e 5 Define S := P 3 + P 5 and T := Q 3 + Q 5 to be the public parameters of Ron and Harry A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 3 / 6
eSIDH K 2 := P 2 + [ n 2 ] Q 2 Get φ H and E H E H E 0 A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 4 / 6
eSIDH Parallel K 3 := P 3 + [ n 3 ] Q 3 K 5 := P 5 + [ n 5 ] Q 5 Get φ R and E R . Send φ R ( K 5 ) to Harry. E H E 0 E R A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 4 / 6
eSIDH Use φ R ( K 5 ) to get E RH and φ RH E H E 0 E R E RH A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 4 / 6
eSIDH ( E RH , φ RH ( P 2 ) , φ RH ( Q 2 )) E H E 0 E R E RH A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 4 / 6
eSIDH ( E H , φ H ( S ) , φ H ( T )) E H E RH E 0 E R E RH E H A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 4 / 6
eSIDH K ′ 2 := φ RH ( P 2 ) + [ n 2 ] φ RH ( Q 2 ) Get E RHH E H E RH E 0 E RHH E R E RH E H A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 4 / 6
eSIDH Parallel 3 := [5 e 5 ]( φ H ( S ) + [ n 3 ] φ H ( T )) 5 := [3 e 3 ]( φ H ( S ) + [ n 5 ] φ H ( T )) K ′ K ′ Get φ ′ R and E ′ R . Send φ ′ R ( K ′ 5 ) to Harry. E H E RH E 0 E RHH E R E RH E H E HR A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 4 / 6
eSIDH Use φ ′ R ( K ′ 5 ) to get E HRH E H E RH E RHH ∼ E 0 = E HRH E R E RH E H E HR A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 4 / 6
Primes and Times Our proposals [SIKE17] proposals P 509 = 2 250 3 79 5 55 2 6 − 1 P 503 = 2 250 3 159 − 1 P 765 = 2 372 3 119 5 81 2 16 − 1 P 751 = 2 372 3 239 − 1 P 1013 = 2 486 3 157 5 108 2 26 − 1 P 964 = 2 486 3 301 − 1 Table: Our proposals for eSIDH primes in comparison with the current state-of the art SIKE17 Ours SIKE17 Ours Ours p 503 p 509 p 751 p 765 p 1013 Protocol phase Non Parallel Non Parallel Non Parallel AF AF Alice 8.24 7.48 1.10 23.68 22.21 1.06 49.24 KeyGen Bob 9.26 8.26 1.12 26.67 24.53 1.08 55.18 Alice 6.71 6.08 1.10 19.44 18.20 1.06 40.83 KeyAgr Bob 7.82 7.73 1.01 22.76 22.98 0.99 52.05 Table: Performance comparison of this proposal against SIKE17 (using the version 3 of the CLN library). Reported running time (in 10 6 clock cycles) was measured in an Intel Skylake proccessor at 4.0 GHz. We report here the sequential version performance using 1 core. A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 5 / 6
Primes and Times Our proposals [SIKE17] proposals P 509 = 2 250 3 79 5 55 2 6 − 1 P 503 = 2 250 3 159 − 1 P 765 = 2 372 3 119 5 81 2 16 − 1 P 751 = 2 372 3 239 − 1 P 1013 = 2 486 3 157 5 108 2 26 − 1 P 964 = 2 486 3 301 − 1 Table: Our proposals for eSIDH primes in comparison with the current state-of the art SIKE17 Ours SIKE17 Ours Ours p 503 p 509 p 751 p 765 p 1013 Protocol phase Parallel Parallel Parallel AF AF Alice 8.24 5.91 1.39 23.68 16.68 1.42 36.35 KeyGen Bob 9.26 5.58 1.66 26.67 15.99 1.67 34.73 Alice 6.71 5.40 1.24 19.44 15.20 1.28 32.88 KeyAgr Bob 7.82 5.74 1.36 22.76 16.55 1.37 35.75 Table: Performance comparison of this proposal against SIKE17 (using the version 3 of the CLN library). Reported running time (in 10 6 clock cycles) was measured in an Intel Skylake proccessor at 4.0 GHz. We report here the parallel version performance using 3 cores. A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 5 / 6
Work in Progress Working on Ron-Harry side (Bob’s side), extend this proposal to other combinations of small primes [instead of the current (3 , 5)]. Look for more Montgomery-friendly primes. Further optimize the single-core version of this proposal. A ✘✘ ❳❳ Cervantes-Ochoa-Rodr´ ıguez Magical parallel variant of SIDH September 10, 2018 6 / 6
Recommend
More recommend