Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies

Daniel J. Bernstein, Tanja Lange, Chloe Martindale, Lorenz Panny

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

32 Citations (Scopus)


Choosing safe post-quantum parameters for the new CSIDH
isogeny-based key-exchange system requires concrete analysis of the cost of quantum attacks. The two main contributions to attack cost are the number of queries in hidden-shift algorithms and the cost of each query.
This paper analyzes algorithms for each query, introducing several new speedups while showing that some previous claims were too optimistic for the attacker. This paper includes a full computer-verified simulation of its main algorithm down to the bit-operation level.
Original languageEnglish
Title of host publicationAdvances in Cryptology - EUROCRYPT 2019
PublisherSpringer, Cham
ISBN (Electronic)978-3-030-17656-3
ISBN (Print)978-3-030-17655-6
Publication statusE-pub ahead of print - 24 Apr 2019

Publication series

ISSN (Electronic)1611-3349


Dive into the research topics of 'Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies'. Together they form a unique fingerprint.

Cite this