Global InformationSupersingular isogeny key exchange information
 | This article may be too technical for most readers to understand. (July 2023) |
Supersingular isogeny Diffie–Hellman key exchange (SIDH or SIKE) is an insecure proposal for a post-quantum cryptographic algorithm to establish a secret key between two parties over an untrusted communications channel. It is analogous to the Diffie–Hellman key exchange, but is based on walks in a supersingular isogeny graph and was designed to resist cryptanalytic attack by an adversary in possession of a quantum computer. Before it was broken, SIDH boasted one of the smallest key sizes of all post-quantum key exchanges; with compression, SIDH used 2688-bit[1] public keys at a 128-bit quantum security level. SIDH also distinguishes itself[disputed ] from similar systems such as NTRU and Ring-LWE [citation needed] by supporting perfect forward secrecy, a property that prevents compromised long-term keys from compromising the confidentiality of old communication sessions. These properties seemed to make SIDH a natural candidate to replace Diffie–Hellman (DHE) and elliptic curve Diffie–Hellman (ECDHE), which are widely used in Internet communication. However, SIDH is vulnerable to a devastating key-recovery attack published in July 2022 and is therefore insecure. The attack does not require a quantum computer.[2][3]
- ^ Costello, Craig; Jao, David; Longa, Patrick; Naehrig, Michael; Renes, Joost; Urbanik, David (2016-10-04). "Efficient compression of SIDH public keys". Cryptology ePrint Archive.
- ^ Castryck, Wouter; Decru, Thomas (2023). "An efficient key recovery attack on SIDH" (PDF). In Carmit Hazay; Martijn Stam (eds.). Advances in Cryptology – EUROCRYPT 2023. International Association for Cryptologic Research. Lecture Notes in Computer Science. Vol. 14008. Springer. pp. 423–447. doi:10.1007/978-3-031-30589-4_15. ISBN 978-3-031-30589-4.
- ^ "Post-quantum encryption contender is taken out by single-core PC and 1 hour". arstechnica.