Supersingular isogeny diffie–hellman authenticated key exchange

Atsushi Fujioka*, Katsuyuki Takashima, Shintaro Terada, Kazuki Yoneyama

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)


We propose two authenticated key exchange protocols from supersingular isogenies. Our protocols are the first post-quantum one-round Diffie–Hellman type authenticated key exchange ones in the following points: one is secure under the quantum random oracle model and the other resists against maximum exposure where a non-trivial combination of secret keys is revealed. The security of the former and the latter is proven under isogeny versions of the decisional and gap Diffie–Hellman assumptions, respectively. We also propose a new approach for invalidating the Galbraith–Vercauteren-type attack for the gap problem.

Original languageEnglish
Title of host publicationInformation Security and Cryptology – ICISC 2018 - 21st International Conference, Revised Selected Papers
EditorsKwangsu Lee
PublisherSpringer Verlag
Number of pages19
ISBN (Print)9783030121457
Publication statusPublished - 2019
Externally publishedYes
Event21st International Conference on Information Security and Cryptology, ICISC 2018 - Seoul, Korea, Republic of
Duration: 2018 Nov 282018 Nov 30

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11396 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other21st International Conference on Information Security and Cryptology, ICISC 2018
Country/TerritoryKorea, Republic of


  • CK model
  • CK model
  • Degree-insensitive supersingular isogeny gap Diffie–Hellman assumption
  • One-round authenticated key exchange
  • Quantum adversary
  • Supersingular isogeny decisional fiffie–Hellman assumption

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Supersingular isogeny diffie–hellman authenticated key exchange'. Together they form a unique fingerprint.

Cite this