TY - GEN
T1 - An Efficient Authenticated Key Exchange from Random Self-reducibility on CSIDH
AU - Kawashima, Tomoki
AU - Takashima, Katsuyuki
AU - Aikawa, Yusuke
AU - Takagi, Tsuyoshi
N1 - Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021
Y1 - 2021
N2 - SIDH and CSIDH are key exchange protocols based on isogenies and conjectured to be quantum-resistant. Since the protocols are similar to the classical Diffie–Hellman, they are vulnerable to the man-in-the-middle attack. A key exchange which is resistant to such an attack is called an authenticated key exchange (AKE), and many isogeny-based AKEs have been proposed. However, the parameter sizes of the existing schemes should be large since they all have relatively large security losses in security proofs. This is partially because the random self-reducibility of isogeny-based decisional problems has not been proved yet. In this paper, we show that the computational problem and the gap problem of CSIDH are random self-reducible. A gap problem is a computational problem given access to the corresponding decision oracle. Moreover, we propose a CSIDH-based AKE with small security loss, following the construction of Cohn-Gordon et al. in CRYPTO 2019, as an application of the random self-reducibility of the gap problem of CSIDH. Our AKE is proved to be the fastest CSIDH-based AKE when we aim at 110-bit security level.
AB - SIDH and CSIDH are key exchange protocols based on isogenies and conjectured to be quantum-resistant. Since the protocols are similar to the classical Diffie–Hellman, they are vulnerable to the man-in-the-middle attack. A key exchange which is resistant to such an attack is called an authenticated key exchange (AKE), and many isogeny-based AKEs have been proposed. However, the parameter sizes of the existing schemes should be large since they all have relatively large security losses in security proofs. This is partially because the random self-reducibility of isogeny-based decisional problems has not been proved yet. In this paper, we show that the computational problem and the gap problem of CSIDH are random self-reducible. A gap problem is a computational problem given access to the corresponding decision oracle. Moreover, we propose a CSIDH-based AKE with small security loss, following the construction of Cohn-Gordon et al. in CRYPTO 2019, as an application of the random self-reducibility of the gap problem of CSIDH. Our AKE is proved to be the fastest CSIDH-based AKE when we aim at 110-bit security level.
KW - Authenticated key exchange
KW - CSIDH
KW - Isogeny-based cryptography
KW - Post-quantum
KW - Tight security
UR - http://www.scopus.com/inward/record.url?scp=85102626030&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85102626030&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-68890-5_4
DO - 10.1007/978-3-030-68890-5_4
M3 - Conference contribution
AN - SCOPUS:85102626030
SN - 9783030688899
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 58
EP - 84
BT - 23rd International Conference, 2020, Proceedings
A2 - Hong, Deukjo
PB - Springer Science and Business Media Deutschland GmbH
T2 - 23rd International Conference on Information Security and Cryptology, ICISC 2020
Y2 - 2 December 2020 through 4 December 2020
ER -