Practical Isogeny-Based Key-Exchange with Optimal Tightness
Journal article, Peer reviewed
MetadataShow full item record
Original versionLecture Notes in Computer Science (LNCS). 2021, 12804 451-479. 10.1007/978-3-030-81652-0
We exploit the Diffie-Hellman-like structure of CSIDH to build a quantum-resistant authenticated key-exchange algorithm. Our security proof has optimal tightness, which means that the protocol is efficient even when instantiated with theoretically-sound security parameters. Compared to previous isogeny-based authenticated key-exchange protocols, our scheme is extremely simple, its security relies only on the underlying CSIDH-problem and it has optimal communication complexity for CSIDH-based protocols. Our security proof relies heavily on the re-randomizability of CSIDH-like problems and carries on in the ROM.