sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-10-09 00:04:26 -04:00
Code Issues Projects Releases Wiki Activity
liboqs/docs/Algorithm data sheets/kex_sidh_msr.md

3.1 KiB
Raw Blame History

Algorithm data sheet: kex_sidh_msr

Algorithm

Name: SIDH/SIKE MSR

Description: The ephemeral Diffie-Hellman key exchange scheme "SIDH" [1,2], and the CCA-secure key encapsulation mechanism "SIKE" [3] are schemes based on the supersingular isogeny Diffie-Hellman problem.

The following KEM schemes are supported:

  • SIKEp503: matching the post-quantum security of AES128.
  • SIKEp751: matching the post-quantum security of AES192.

The following ephemeral key exchange schemes are supported:

  • SIDHp503: matching the post-quantum security of AES128.
  • SIDHp751: matching the post-quantum security of AES192.

The library was developed by Microsoft Research for experimentation purposes.

Supporting research:

  • [1] Craig Costello, Patrick Longa, and Michael Naehrig, "Efficient algorithms for supersingular isogeny Diffie-Hellman". Advances in Cryptology - CRYPTO 2016, LNCS 9814, pp. 572-601, 2016.
  • [2] David Jao and Luca DeFeo, "Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies". PQCrypto 2011, LNCS 7071, pp. 19-34, 2011.
  • [3] Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Amir Jalali, David Jao, Brian Koziel, Brian LaMacchia, Patrick Longa, Michael Naehrig, Joost Renes, Vladimir Soukharev, and David Urbanik, "Supersingular Isogeny Key Encapsulation". Submission to the NIST Post-Quantum Standardization project, 2017.

Security

Security model: Unauthenticated key exchange / IND-CPA and CCA secure key encapsulation mechanism

Underlying hard problem(s): hardness of computing large-degree isogenies between two given elliptic curves

Parameter set 1

SIDH P503 parameter set from [1]. Same security as AES128.

Claimed classical security:

  • 2^126

Claimed quantum security:

  • 2^84

Communication size:

  • Alice → Bob: 378 bytes
  • Bob → Alice: 378 bytes
  • total: 756 bytes

Parameter set 2

SIDH P751 parameter set from [1]. Same security as AES192.

Claimed classical security:

  • 2^188

Claimed quantum security:

  • 2^125

Communication size:

  • Alice → Bob: 564 bytes
  • Bob → Alice: 564 bytes
  • total: 1128 bytes

Parameter set 3

SIKE P503 parameter set from [3]. Same security as AES128.

Claimed classical security:

  • 2^126

Claimed quantum security:

  • 2^84

Communication size:

  • Alice → Bob: 378 bytes
  • Bob → Alice: 378 bytes
  • total: 756 bytes

Parameter set 4

SIKE P751 parameter set from [3]. Same security as AES192.

Claimed classical security:

  • 2^188

Claimed quantum security:

  • 2^125

Communication size:

  • Alice → Bob: 564 bytes
  • Bob → Alice: 564 bytes
  • total: 1128 bytes

Implementation

Source of implementation: Original research paper (https://github.com/Microsoft/PQCrypto-SIDH)

License: MIT License

Language: C

Constant-time: Yes

Testing:

  • Correctness: covered by test harness test_kex
  • Statistics of shared secrets: covered by test harness test_kex
  • Static analysis:
    • scan_build