Fast Hardware Architectures for Supersingular Isogeny Diffie-Hellman Key Exchange on FPGA

Document Type

Conference Proceeding

Publication Date



post-quantum cryptography, elliptic curve cryptography (ECC), field programmable gate array (FPGA), isogeny-based cryptography

Digital Object Identifier (DOI)



In this paper, we present a constant-time hardware implementation that achieves new speed records for the supersingular isogeny Diffie-Hellman (SIDH), even when compared to highly optimized Haswell computer architectures. We employ inversion-free projective isogeny formulas presented by Costello et al. at CRYPTO 2016 on an FPGA. Modern FPGA’s can take advantage of heavily parallelized arithmetic in Fp2, which lies at the foundation of supersingular isogeny arithmetic. Further, by utilizing many arithmetic units, we parallelize isogeny evaluations to accelerate the computations of large-degree isogenies by approximately 57%. On a constant-time implementation of 124-bit quantum security SIDH on a Virtex-7, we generate ephemeral public keys in 10.6 and 11.6 ms and generate the shared secret key in 9.5 and 10.8 ms for Alice and Bob, respectively. This improves upon the previous best time in the literature for 768-bit implementations by a factor of 1.48. Our 83-bit quantum security implementation improves upon the only other implementation in the literature by a speedup of 1.74 featuring fewer resources and constant-time.

Was this content written or created while at USF?


Citation / Publisher Attribution

Progress in Cryptology – INDOCRYPT 2016, p. 191-206