search

microsoft / PQCrypto-SIDH

SIDH Library is a fast and portable software library that implements state-of-the-art supersingular isogeny cryptographic schemes. The chosen parameters aim to provide security against attackers running a large-scale quantum computer, and security against classical algorithms.
MIT License
316 stars 101 forks source link

SIKE: Choice of Alice/Bob sequence #27

Closed dave-bear-systems closed 3 years ago

dave-bear-systems commented 4 years ago

Hi! I've been reviewing and testing this Library and Test code for a project. It's been working quite well, Kudos to the writers.

I do have one question on the sequence of operations implemented in the sike.c file. In many papers on SIKE (including Fig2 of "A Note on Post-Quantum Authenticated Key Exchange from Supersingular Isogenies"), Alice does the KeyGen, Bob does the Encode, then Alice completes with Decode.

Yet in sike.c the crypto_kem_keypair() function does a Bob KeyGen, crypto_kem_enc() does Alice Encode, and crypto_kem_dec() Bob Decode. Was this done on purpose? Can they be reversed without consequence?

I know this might seem a nit, but there appears to be differences in the _A and _B versions of the underlying SIDH functions, and I wanted to get this clarfied.

patricklonga commented 3 years ago

In the paper you refer to, Alice and Bob take the role of doing the 2-torsion and 3-torsion operations, respectively, for SIDH. In SIKE these operations are not necessarily exclusive to a particular party. For example, in decapsulation there are both 2- and 3-torsion operations. The confusion happens because we use the SIDH operations internally in SIKE. So to avoid any confusion you should simply assume that for SIKE one party does KeyGen and Decaps and the other party does Encaps. Thanks for the interest in our work!

dave-bear-systems commented 3 years ago

Patrick, thank you for your response and explanation, makes sense!