dCTIDH: Fast & Deterministic CTIDH
This paper presents dCTIDH, a CSIDH implementation that combines two recent developments into a novel state-of-the-art deterministic implementation. We combine the approach of deterministic variants of CSIDH with the batching strategy of CTIDH, which shows that the full potential of this key space...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2025-06-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/12226 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849472241221238784 |
|---|---|
| author | Fabio Campos Andreas Hellenbrand Michael Meyer Krijn Reijnders |
| author_facet | Fabio Campos Andreas Hellenbrand Michael Meyer Krijn Reijnders |
| author_sort | Fabio Campos |
| collection | DOAJ |
| description |
This paper presents dCTIDH, a CSIDH implementation that combines two recent developments into a novel state-of-the-art deterministic implementation. We combine the approach of deterministic variants of CSIDH with the batching strategy of CTIDH, which shows that the full potential of this key space has not yet been explored. This high-level adjustment in itself leads to a significant speed-up. To achieve an effective deterministic evaluation in constant time, we introduce WOMBats, a new approach to performing isogenies in batches, specifically tailored to the behavior required for deterministic CSIDH using CTIDH batching. Furthermore, we explore the two-dimensional space of optimal primes for dCTIDH, with regard to both the performance of dCTIDH in terms of finite-field operations per prime and the efficiency of finite-field operations, determined by the prime shape, in terms of cycles. This allows us to optimize both for choice of prime and scheme parameters simultaneously. Lastly, we implement and benchmark constant-time, deterministic dCTIDH. Our results show that dCTIDH not only outperforms state-of-the-art deterministic CSIDH, but even non-deterministic CTIDH: dCTIDH-2048 is faster than CTIDH-2048 by 17%, and is almost five times faster than dCSIDH-2048.
|
| format | Article |
| id | doaj-art-4b0c72edcbb34686a36d27b58d031f1c |
| institution | Kabale University |
| issn | 2569-2925 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj-art-4b0c72edcbb34686a36d27b58d031f1c2025-08-20T03:24:35ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252025-06-012025310.46586/tches.v2025.i3.516-541dCTIDH: Fast & Deterministic CTIDHFabio Campos0Andreas Hellenbrand1Michael Meyer2Krijn Reijnders3Darmstadt University of Applied Sciences, Darmstadt, Germany; European University of Technology, Darmstadt, European UnionRheinMain University of Applied Sciences Wiesbaden, Wiesbaden, GermanyUniversity of Regensburg, Regensburg, GermanyRadboud University, Nijmegen, The Netherlands This paper presents dCTIDH, a CSIDH implementation that combines two recent developments into a novel state-of-the-art deterministic implementation. We combine the approach of deterministic variants of CSIDH with the batching strategy of CTIDH, which shows that the full potential of this key space has not yet been explored. This high-level adjustment in itself leads to a significant speed-up. To achieve an effective deterministic evaluation in constant time, we introduce WOMBats, a new approach to performing isogenies in batches, specifically tailored to the behavior required for deterministic CSIDH using CTIDH batching. Furthermore, we explore the two-dimensional space of optimal primes for dCTIDH, with regard to both the performance of dCTIDH in terms of finite-field operations per prime and the efficiency of finite-field operations, determined by the prime shape, in terms of cycles. This allows us to optimize both for choice of prime and scheme parameters simultaneously. Lastly, we implement and benchmark constant-time, deterministic dCTIDH. Our results show that dCTIDH not only outperforms state-of-the-art deterministic CSIDH, but even non-deterministic CTIDH: dCTIDH-2048 is faster than CTIDH-2048 by 17%, and is almost five times faster than dCSIDH-2048. https://tches.iacr.org/index.php/TCHES/article/view/12226post-quantum cryptographyisogeny-based cryptographyCSIDH |
| spellingShingle | Fabio Campos Andreas Hellenbrand Michael Meyer Krijn Reijnders dCTIDH: Fast & Deterministic CTIDH Transactions on Cryptographic Hardware and Embedded Systems post-quantum cryptography isogeny-based cryptography CSIDH |
| title | dCTIDH: Fast & Deterministic CTIDH |
| title_full | dCTIDH: Fast & Deterministic CTIDH |
| title_fullStr | dCTIDH: Fast & Deterministic CTIDH |
| title_full_unstemmed | dCTIDH: Fast & Deterministic CTIDH |
| title_short | dCTIDH: Fast & Deterministic CTIDH |
| title_sort | dctidh fast deterministic ctidh |
| topic | post-quantum cryptography isogeny-based cryptography CSIDH |
| url | https://tches.iacr.org/index.php/TCHES/article/view/12226 |
| work_keys_str_mv | AT fabiocampos dctidhfastdeterministicctidh AT andreashellenbrand dctidhfastdeterministicctidh AT michaelmeyer dctidhfastdeterministicctidh AT krijnreijnders dctidhfastdeterministicctidh |