Jean Kieffer

Luca De Feo, Jean Kieffer, Benjamin Smith

We revisit the ordinary isogeny-graph based cryptosystems of Couveignes and Rostovtsev-Stolbunov, long dismissed as impractical. We give algorithmic improvements that accelerate key exchange in this framework, and explore the problem of generating suitable system parameters for contemporary pre-and post-quantum security that take advantage of these new algorithms. We also prove the session-key security of this key exchange in the Canetti-Krawczyk model, and the IND-CPA security of the related public-key encryption scheme, under reasonable assumptions on the hardness of computing isogeny walks. Our systems admit efficient key-validation techniques that yield CCA-secure encryp-tion, thus providing an important step towards efficient post-quantum non-interactive key exchange (NIKE).

Jean Kieffer

We study a key exchange protocol based on isogenies between ordinary elliptic curves over a finite field, first mentioned by Couveignes and investigated by Rostovtsev and Stolbunov. After presenting the fundamental notions about elliptic curves, we present the theory of complex multiplication which is the theoretical basis of this cryptosystem. Modular curves, which are an essential tool in the computations, are also introduced. We then present the protocol itself and original ideas to boost its practical performances. Finally, we discuss our implementation and practical results.