{"title":"二次和扭转Edwards曲线上csidh算法的随机化","authors":"A. Bessalov, Ludmila Kovalchuk, Sergey Abramov","doi":"10.28925/2663-4023.2022.17.128144","DOIUrl":null,"url":null,"abstract":"The properties of quadratic and twisted supersingular Edwards curves that form pairs of quadratic twist with order over a prime field are considered. A modification of the CSIDH algorithm based on odd degree isogenies of these curves is considered. A simple model for the implementation of the CSIDH algorithm in 3 minimal odd isogeny degrees 3, 5, 7, with the prime field modulus and the order of supersingular curves is constructed. At the precipitation stage, the parameters of isogenic chains of all degrees for these two classes of supersingular Edwards curves are calculated and tabulated. An example of the implementation of the CSIDH algorithm as a non-interactive secret sharing scheme based on the secret and public keys of Alice and Bob is given. A new randomized CSIDH algorithm with a random equiprobable choice of one of the curves of these two classes at each step of the isogeny chain is proposed. The choice of the degree of each isogeny is randomized. The operation of the randomized algorithm by an example is illustrated. This algorithm as a possible alternative to \"CSIDH with constant time\" is considered. A combination of the two approaches is possible to counter side channel attacks. Estimates of the probability of a successful side-channel attack in a randomized algorithm are given. It is noted that all calculations in the CSIDH algorithm necessary to calculate the shared secret are reduced only to calculating the parameter of the isogenic curve and are performed by field and group operations, in particular, scalar point multiplications and doubling points of the isogeny kernel. In the new algorithm we propose to abandon the calculation of the isogenic function of random point , which significantly speeds up the algorithm.","PeriodicalId":198390,"journal":{"name":"Cybersecurity: Education, Science, Technique","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"RANDOMIZATION OF CSIDH ALGORITHM ON QUADRATIC AND TWISTED EDWARDS CURVES\",\"authors\":\"A. Bessalov, Ludmila Kovalchuk, Sergey Abramov\",\"doi\":\"10.28925/2663-4023.2022.17.128144\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The properties of quadratic and twisted supersingular Edwards curves that form pairs of quadratic twist with order over a prime field are considered. A modification of the CSIDH algorithm based on odd degree isogenies of these curves is considered. A simple model for the implementation of the CSIDH algorithm in 3 minimal odd isogeny degrees 3, 5, 7, with the prime field modulus and the order of supersingular curves is constructed. At the precipitation stage, the parameters of isogenic chains of all degrees for these two classes of supersingular Edwards curves are calculated and tabulated. An example of the implementation of the CSIDH algorithm as a non-interactive secret sharing scheme based on the secret and public keys of Alice and Bob is given. A new randomized CSIDH algorithm with a random equiprobable choice of one of the curves of these two classes at each step of the isogeny chain is proposed. The choice of the degree of each isogeny is randomized. The operation of the randomized algorithm by an example is illustrated. This algorithm as a possible alternative to \\\"CSIDH with constant time\\\" is considered. A combination of the two approaches is possible to counter side channel attacks. Estimates of the probability of a successful side-channel attack in a randomized algorithm are given. It is noted that all calculations in the CSIDH algorithm necessary to calculate the shared secret are reduced only to calculating the parameter of the isogenic curve and are performed by field and group operations, in particular, scalar point multiplications and doubling points of the isogeny kernel. In the new algorithm we propose to abandon the calculation of the isogenic function of random point , which significantly speeds up the algorithm.\",\"PeriodicalId\":198390,\"journal\":{\"name\":\"Cybersecurity: Education, Science, Technique\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cybersecurity: Education, Science, Technique\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.28925/2663-4023.2022.17.128144\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity: Education, Science, Technique","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.28925/2663-4023.2022.17.128144","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
RANDOMIZATION OF CSIDH ALGORITHM ON QUADRATIC AND TWISTED EDWARDS CURVES
The properties of quadratic and twisted supersingular Edwards curves that form pairs of quadratic twist with order over a prime field are considered. A modification of the CSIDH algorithm based on odd degree isogenies of these curves is considered. A simple model for the implementation of the CSIDH algorithm in 3 minimal odd isogeny degrees 3, 5, 7, with the prime field modulus and the order of supersingular curves is constructed. At the precipitation stage, the parameters of isogenic chains of all degrees for these two classes of supersingular Edwards curves are calculated and tabulated. An example of the implementation of the CSIDH algorithm as a non-interactive secret sharing scheme based on the secret and public keys of Alice and Bob is given. A new randomized CSIDH algorithm with a random equiprobable choice of one of the curves of these two classes at each step of the isogeny chain is proposed. The choice of the degree of each isogeny is randomized. The operation of the randomized algorithm by an example is illustrated. This algorithm as a possible alternative to "CSIDH with constant time" is considered. A combination of the two approaches is possible to counter side channel attacks. Estimates of the probability of a successful side-channel attack in a randomized algorithm are given. It is noted that all calculations in the CSIDH algorithm necessary to calculate the shared secret are reduced only to calculating the parameter of the isogenic curve and are performed by field and group operations, in particular, scalar point multiplications and doubling points of the isogeny kernel. In the new algorithm we propose to abandon the calculation of the isogenic function of random point , which significantly speeds up the algorithm.