Miyaji Laboratory

When quantum computers become available, cryptosystems such as RSA, or elliptic curves, which are currently used as standards, will be broken in polynomial time using quantum algorithms. For this reason, research on quantum-resistant cryptosystems that are secure against quantum computers is underway. Isogeny-based cryptography, based on the difficulty of finding an isogeny between two elliptic curves, is one of the candidates for post-quantum cryptosystems. CSIDH, the principal isogeny-based key exchange protocol, is expected to be used in IoT because its short public key length and memory-efficient key sharing make it suitable for hardware that cannot use large memory. However, the execution time of CSIDH varies depending on the secret key, making it vulnerable to physical attacks called side-channel attacks. For this reason, CSIDH has been improved so that its execution time does not depend on the secret key. There are two methods: the MCR method, which uses dummy isogenies, and the CCCDRS method, which does not use dummy isogenies. The former is weak against the fault injection attack, a kind of side-channel attack, while the latter is resistant to it. However, the problem with the CCCDRS method is that it takes twice as long to execute as the MCR method. In this study, we improve the performance of CSIDH by using vectors on a lattice called a relation lattice. The result is a method that is resistant to fault injection attacks and faster than the CCCDRS method by 15.2%.