On the performance analysis for csidh-based cryptosystems

Donghoe Heo, Suhri Kim, Young Ho Park, Seokhie Hong

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)


In this paper, we present the performance and security analysis for various commutative SIDH (CSIDH)-based algorithms. As CSIDH offers a smaller key size than SIDH and provides a relatively efficient signature scheme, numerous CSIDH-based key exchange algorithms have been proposed to optimize the CSIDH. In CSIDH, the private key is an ideal class in a class group, which can be represented by an integer vector. As the number of ideal classes represented by these vectors determines the security level of CSIDH, it is important to analyze whether the different vectors induce the same public key. In this regard, we generalize the existence of a collision for a base prime p ≡ 7 mod 8. Based on our result, we present a new interval for the private key to have a similar security level for the various CSIDH-based algorithms for a fair comparison of the performance. Deduced from the implementation result, we conclude that for a prime p ≡ 7 mod 8, CSIDH on the surface using the Montgomery curves is the most likely to be efficient. For a prime p ≡ 3 mod 8, CSIDH on the floor using the hybrid method with Onuki’s collision-free method is the most likely to be efficient and secure.

Original languageEnglish
Article number6927
Pages (from-to)1-14
Number of pages14
JournalApplied Sciences (Switzerland)
Issue number19
Publication statusPublished - 2020 Oct 1

Bibliographical note

Publisher Copyright:
© 2020 by the authors. Licensee MDPI, Basel, Switzerland.


  • Isogeny
  • Montgomery curves
  • Post-quantum cryptography

ASJC Scopus subject areas

  • General Materials Science
  • Instrumentation
  • General Engineering
  • Process Chemistry and Technology
  • Computer Science Applications
  • Fluid Flow and Transfer Processes


Dive into the research topics of 'On the performance analysis for csidh-based cryptosystems'. Together they form a unique fingerprint.

Cite this