Abstract
Abstract Password authenticated key establishment (PAKE) is a cryptographic primitive that allows two parties who share a low-entropy secret (a password) to securely establish cryptographic keys in the absence of public key infrastructure. We propose the first quantum-resistant password-authenticated key exchange scheme based on supersingular elliptic curve isogenies. The scheme is built upon supersingular isogeny Diffie-Hellman [15], and uses the password to generate permutations which obscure the auxiliary points. We include elements of a security proof, and discuss roadblocks to obtaining a proof in the BPR model [1]. We also include some performance results.
Highlights
Many current cryptographic schemes are based on mathematical problems that are considered difficult for classical computers, but can be solved using quantum algorithms
We propose the first quantum-resistant password-authenticated key exchange scheme based on supersingular elliptic curve isogenies
Subsequent work by Costache et al [8] has shown that the security of SIDH reduces to the Supersingular Isogeny Graph problem originally proposed by Charles et al [7]
Summary
Many current cryptographic schemes are based on mathematical problems that are considered difficult for classical computers, but can be solved using quantum algorithms. To prepare for the emergence of quantum computers, we aim to design cryptographic primitives which will resist quantum attacks One family of such primitives, proposed by Jao and De Feo [15]—commonly referred to as SIDH—uses isogenies between supersingular elliptic curves to construct quantum-resistant cryptographic protocols for public key cryptography. Subsequent work by Costache et al [8] has shown that the security of SIDH reduces to the Supersingular Isogeny Graph problem originally proposed by Charles et al [7]. Many protocols of this type exist—most are based on the discrete logarithm problem in subgroups of Z*p or elliptic curve groups, and are not quantum-safe. We propose the first PAKE based on isogenies between supersingular elliptic curves. This work is licensed under the Creative Commons correct points (preventing o ine dictionary attacks) or performing the computation without them, while the active security from the fact that the adversary needs to “commit,” in a sense, to a group element in order to actively attack the protocol (preventing all but the most basic online dictionary attacks)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
