In this paper, we present the performance and security analysis for various commutative SIDH (CSIDH)-based algorithms. As CSIDH offers a smaller key size than SIDH and provides a relatively efficient signature scheme, numerous CSIDH-based key exchange algorithms have been proposed to optimize the CSIDH. In CSIDH, the private key is an ideal class in a class group, which can be represented by an integer vector. As the number of ideal classes represented by these vectors determines the security level of CSIDH, it is important to analyze whether the different vectors induce the same public key. In this regard, we generalize the existence of a collision for a base prime p ≡ 7 mod 8. Based on our result, we present a new interval for the private key to have a similar security level for the various CSIDH-based algorithms for a fair comparison of the performance. Deduced from the implementation result, we conclude that for a prime p ≡ 7 mod 8, CSIDH on the surface using the Montgomery curves is the most likely to be efficient. For a prime p ≡ 3 mod 8, CSIDH on the floor using the hybrid method with Onuki’s collision-free method is the most likely to be efficient and secure.
Bibliographical notePublisher Copyright:
© 2020 by the authors. Licensee MDPI, Basel, Switzerland.
- Montgomery curves
- Post-quantum cryptography
ASJC Scopus subject areas
- General Materials Science
- General Engineering
- Process Chemistry and Technology
- Computer Science Applications
- Fluid Flow and Transfer Processes