Efficient and Secure CSIDH Using Relation Lattices
摘要
CSIDH (Commutative Supersingular Isogeny Diffie-Hellman) is a post-quantum cryptographic protocol that uses supersingular elliptic curves and isogenies for secure key exchange. However, this protocol is not side-channel resistant. Various algorithms with side-channel attack resistance have been proposed for CSIDH. In 2018, Meyer et al. proposed a constant-time CSIDH algorithm based on dummy isogeny calculations. In 2019, Onuki et al. proposed a more efficient method by keeping two torsion points on an elliptic curve also based on dummy isogeny calculations. In the same year, Cervantes-Vázquez et al. proposed improvements to the versions by Meyer et al. (CCCDRS-1 algorithm) and Onuki et al. (CCCDRS-2 algorithm), as well as a dummy-free proposal for security against fault-injection attacks (CCCDRS-3 algorithm). However, the CCCDRS-3 method is computationally more expensive. The goal of our work is to introduce an algorithm that is secure against timing, power analysis, and fault injection attacks, while also being faster than CCCDRS-3. We do so by using the concept of a relation lattice introduced in CSI-FiSh (Constant-Time Supersingular Isogeny FHE Scheme), a signature scheme based on the group action of CSIDH.