ISO/IEC standardizes several chosen ciphertext-secure key encapsulation mechanism (KEM) schemes in ISO/IEC 18033-2. However, all ISO/IEC KEM schemes are not quantum resilient. In this paper, we introduce new isogeny-based KEM schemes (i.e., CSIDH-ECIES-KEM and CSIDH-PSEC-KEM) by modifying Diffie-Hellman-based KEM schemes in ISO/IEC standards. The main advantage of our schemes are compactness. The key size and the ciphertext overhead of our schemes are smaller than these of SIKE, which is submitted to NIST's post-quantum cryptosystems standardization, for current security analyses. Moreover, though SIKE is proved in the classical random oracle model, CSIDH-PSEC-KEM is proved in the quantum random oracle model. Finally, we discuss difficulty to construct isogeny-based KEM from ISO/IEC KEM schemes in the standard model (i.e., ACE-KEM and FACE-KEM).
Kazuki YONEYAMA
Ibaraki University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Kazuki YONEYAMA, "Post-Quantum Variants of ISO/IEC Standards: Compact Chosen Ciphertext Secure Key Encapsulation Mechanism from Isogenies" in IEICE TRANSACTIONS on Fundamentals,
vol. E104-A, no. 1, pp. 69-78, January 2021, doi: 10.1587/transfun.2020CIP0011.
Abstract: ISO/IEC standardizes several chosen ciphertext-secure key encapsulation mechanism (KEM) schemes in ISO/IEC 18033-2. However, all ISO/IEC KEM schemes are not quantum resilient. In this paper, we introduce new isogeny-based KEM schemes (i.e., CSIDH-ECIES-KEM and CSIDH-PSEC-KEM) by modifying Diffie-Hellman-based KEM schemes in ISO/IEC standards. The main advantage of our schemes are compactness. The key size and the ciphertext overhead of our schemes are smaller than these of SIKE, which is submitted to NIST's post-quantum cryptosystems standardization, for current security analyses. Moreover, though SIKE is proved in the classical random oracle model, CSIDH-PSEC-KEM is proved in the quantum random oracle model. Finally, we discuss difficulty to construct isogeny-based KEM from ISO/IEC KEM schemes in the standard model (i.e., ACE-KEM and FACE-KEM).
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2020CIP0011/_p
Copy
@ARTICLE{e104-a_1_69,
author={Kazuki YONEYAMA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Post-Quantum Variants of ISO/IEC Standards: Compact Chosen Ciphertext Secure Key Encapsulation Mechanism from Isogenies},
year={2021},
volume={E104-A},
number={1},
pages={69-78},
abstract={ISO/IEC standardizes several chosen ciphertext-secure key encapsulation mechanism (KEM) schemes in ISO/IEC 18033-2. However, all ISO/IEC KEM schemes are not quantum resilient. In this paper, we introduce new isogeny-based KEM schemes (i.e., CSIDH-ECIES-KEM and CSIDH-PSEC-KEM) by modifying Diffie-Hellman-based KEM schemes in ISO/IEC standards. The main advantage of our schemes are compactness. The key size and the ciphertext overhead of our schemes are smaller than these of SIKE, which is submitted to NIST's post-quantum cryptosystems standardization, for current security analyses. Moreover, though SIKE is proved in the classical random oracle model, CSIDH-PSEC-KEM is proved in the quantum random oracle model. Finally, we discuss difficulty to construct isogeny-based KEM from ISO/IEC KEM schemes in the standard model (i.e., ACE-KEM and FACE-KEM).},
keywords={},
doi={10.1587/transfun.2020CIP0011},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - Post-Quantum Variants of ISO/IEC Standards: Compact Chosen Ciphertext Secure Key Encapsulation Mechanism from Isogenies
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 69
EP - 78
AU - Kazuki YONEYAMA
PY - 2021
DO - 10.1587/transfun.2020CIP0011
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E104-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2021
AB - ISO/IEC standardizes several chosen ciphertext-secure key encapsulation mechanism (KEM) schemes in ISO/IEC 18033-2. However, all ISO/IEC KEM schemes are not quantum resilient. In this paper, we introduce new isogeny-based KEM schemes (i.e., CSIDH-ECIES-KEM and CSIDH-PSEC-KEM) by modifying Diffie-Hellman-based KEM schemes in ISO/IEC standards. The main advantage of our schemes are compactness. The key size and the ciphertext overhead of our schemes are smaller than these of SIKE, which is submitted to NIST's post-quantum cryptosystems standardization, for current security analyses. Moreover, though SIKE is proved in the classical random oracle model, CSIDH-PSEC-KEM is proved in the quantum random oracle model. Finally, we discuss difficulty to construct isogeny-based KEM from ISO/IEC KEM schemes in the standard model (i.e., ACE-KEM and FACE-KEM).
ER -