IACR News item: 15 February 2023
Kaizhan Lin, Jianming Lin, Shiping Cai, Weize Wang, Chang-An Zhao
ePrint Report
Recently, SIKE was broken by the Castryck-Decru attack in polynomial time. To avoid this attack, Fouotsa proposed a SIDH-like scheme called M-SIDH, which hides the information of auxiliary points. The countermeasure also leads to huge parameter sizes, and correspondingly the public key size is relatively large.
In this paper, we present several new techniques to compress the public key of M-SIDH. Our method to compress the key is reminiscent of public-key compression in SIDH/SIKE, including torsion basis generation, pairing computation and discrete logarithm computation. We also prove that compressed M-SIDH is secure if M-SIDH is secure.
Experimental results showed that our approach fits well with compressed M-SIDH. It should be noted that most techniques proposed in this paper could be also utilized into other SIDH-like protocols.
In this paper, we present several new techniques to compress the public key of M-SIDH. Our method to compress the key is reminiscent of public-key compression in SIDH/SIKE, including torsion basis generation, pairing computation and discrete logarithm computation. We also prove that compressed M-SIDH is secure if M-SIDH is secure.
Experimental results showed that our approach fits well with compressed M-SIDH. It should be noted that most techniques proposed in this paper could be also utilized into other SIDH-like protocols.
Additional news items may be found on the IACR news page.