부산대학교 도서관

In recent years, the isogeny-based protocol, namely supersingular isogeny Diffie-Hellman (SIDH) has become highly attractive for its small public key size. In addition, one can utilize several techniques to further compress the public key. However, compared to other post-quantum protocols, the computational cost of SIDH is relatively high, and so is that of its public-key compression. On the other hand, the storage for pairing computation and discrete logarithms to speed up the current implementation of the key compression is somewhat large. In this paper, we mainly improve the performance of public-key compression of SIDH, especially the efficiency and the storage of pairing computation involved. Our experimental results show that the memory requirement for pairing computation is reduced by a factor of about 1.5. Meanwhile, the instantiation of public-key compression of SIDH is $6.95\%--10.44\%$6.95%--10.44% faster than the current state-of-the-art. Although SIKE is broken now, the techniques in this paper may benefit other isogeny-based cryptosystems which are still secure.