KULeuven-COSIC / Radical-Isogenies

4 stars 2 forks source link

Radical-Isogenies

The files contained in this repository are the Magma codes associated with the paper 'Radical Isogenies' by Wouter Castryck, Thomas Decru & Frederik Vercauteren.

The file radical_formulas.m contains the formulas for radical N-isogenies for N = 2, ..., 13. More precisely, let E be an elliptic curve in a general form such that P = (0,0) is an N-torsion point. Formulas are given for:

For N = 2 we use the Montgomery form of an elliptic curve. For N = 3 we use a Weierstrass form that is isomorphic to a Hessian form. For N > 3 we use the Tate normal form of an elliptic curve. From N = 6 onwards, we use the optimized equations by Sutherland that can be found here: http://math.mit.edu/~drew/X1_optcurves.html

The file crad_512.m contains a Magma implementation for the CSIDH key exchange protocol, which was built upon the code of Bernstein, De Feo, Leroux and Smith and can be found here: https://velusqrt.isogeny.org/software.html

The main adjustments to the code correspond to implementing radical N-isogenies to speed up the CSIDH protocol. The 2-isogenies are implemented by using radical 4-isogenies, and - likewise - the 3-isogenies are calculated by means of 9-isogenies. Apart from that, radical 5-, 7-, 11- and 13-isogenies are also implemented. The sampling box for the exponents is changed, and is now very skewed towards computing a lot more isogenies of the smallest degree. Both the old and new way of computing the class group action can be used to perform a key exhcange, with the procedures csidh_key_exchange_old(), resp. csidh_key_exchange_new().