Implementation of Supersingular Isogeny-Based Diffie-Hellman and Key Encapsulation Using an Efficient Scheduling

Abstract

Isogeny-based cryptography is one of the promising post-quantum candidates mainly because of its smaller public key length. Due to its high computational cost, efficient implementations are significantly important. In this paper, we have proposed a high-speed FPGA implementation of the supersingular isogeny Diffie-Hellman (SIDH) and key encapsulation (SIKE). To this end, we have adapted the algorithm of finding optimal large-degree isogeny computation strategy for hardware implementations. Using this algorithm, hardware-suited strategies (HSSs) can be devised. We have also developed a tool to schedule field arithmetic operations efficiently using constraint programming. This tool enables reducing the latency of SIDH and SIKE subroutines by up to 14% at NIST's highest security level, i.e., using the SIKEp751 parameter set. We have also improved the latency of field inversion, the most costly field operation in SIDH, by 23% using the Montgomery ladder technique. We have provided constant-time implementations of SIDH and SIKE on Virtex-7 using SIKEp751 utilizing 6 and 8 prime field multipliers to resemble the previous work. Experimental results show that using 8 multipliers SIDH and SIKE encapsulation and decapsulation can be performed in 24.66 ms and 24.10 ms, which is 1.37 and 1.12 times faster than the latest corresponding FPGA implementations, respectively.