{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T21:19:08Z","timestamp":1769721548416,"version":"3.49.0"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030816513","type":"print"},{"value":"9783030816520","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-81652-0_18","type":"book-chapter","created":{"date-parts":[[2021,7,20]],"date-time":"2021-07-20T06:26:19Z","timestamp":1626762379000},"page":"451-479","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Practical Isogeny-Based Key-Exchange with Optimal Tightness"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3143-4381","authenticated-orcid":false,"given":"Bor","family":"de Kock","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7317-8625","authenticated-orcid":false,"given":"Kristian","family":"Gj\u00f8steen","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3946-5668","authenticated-orcid":false,"given":"Mattia","family":"Veroni","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,21]]},"reference":[{"key":"18_CR1","doi-asserted-by":"publisher","unstructured":"Alagic, G., et al.: Nistir 8309. https:\/\/doi.org\/10.6028\/NIST.IR.8309","DOI":"10.6028\/NIST.IR.8309"},{"key":"18_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology \u2014 CT-RSA 2001","author":"M Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The Oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143\u2013158. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45353-9_12"},{"key":"18_CR3","unstructured":"Bernstein, D.J.: Comparing proofs of security for lattice-based encryption. IACR Cryptology ePrint Archive, 2019:691 (2019)"},{"key":"18_CR4","unstructured":"Brendel, J., Fischlin, M., G\u00fcnther, F., Janson, C., Stebila, D.: Towards post-quantum security for signal\u2019s X3DH handshake. Cryptology ePrint Archive, Report 2019\/1356 (2019). https:\/\/eprint.iacr.org\/2019\/1356"},{"key":"18_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/978-3-662-44381-1_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"K Bhargavan","year":"2014","unstructured":"Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zanella-B\u00e9guelin, S.: Proving the TLS handshake secure (as it is). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 235\u2013255. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44381-1_14"},{"key":"18_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-662-49896-5_10","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"C Bader","year":"2016","unstructured":"Bader, C., Jager, T., Li, Y., Sch\u00e4ge, S.: On the impossibility of tight cryptographic reductions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 273\u2013304. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_10"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo random bits. In: 23rd FOCS, pp. 112\u2013117, Chicago, Illinois, 3\u20135 November 1982. IEEE Computer Society Press (1982)","DOI":"10.1109\/SFCS.1982.72"},{"key":"18_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"767","DOI":"10.1007\/978-3-030-26954-8_25","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"K Cohn-Gordon","year":"2019","unstructured":"Cohn-Gordon, K., Cremers, C., Gj\u00f8steen, K., Jacobsen, H., Jager, T.: Highly efficient key exchange protocols with optimal tightness. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 767\u2013797. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26954-8_25"},{"key":"18_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/978-3-030-03332-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"W Castryck","year":"2018","unstructured":"Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part III. LNCS, vol. 11274, pp. 395\u2013427. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03332-3_15"},{"key":"18_CR10","doi-asserted-by":"crossref","unstructured":"Castryck, W., Sot\u00e1kov\u00e1, J., Vercauteren, F.: Breaking the decisional Diffie-Hellman problem for class group actions using genus theory. Cryptology ePrint Archive, Report 2020\/151 (2020). https:\/\/eprint.iacr.org\/2020\/151","DOI":"10.1007\/978-3-030-56880-1_4"},{"key":"18_CR11","doi-asserted-by":"crossref","unstructured":"Deuring, M.: Die Typen der Multiplikatorenringe elliptischer Funktionenk\u00f6rper. Abhandlungen aus dem Mathematischen Seminar der Universit\u00e4t Hamburg 14, 197\u2013272 (1941)","DOI":"10.1007\/BF02940746"},{"key":"18_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"759","DOI":"10.1007\/978-3-030-17659-4_26","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"L De Feo","year":"2019","unstructured":"De Feo, L., Galbraith, S.D.: SeaSign: compact isogeny signatures from class group actions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 759\u2013789. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17659-4_26"},{"key":"18_CR13","unstructured":"De Feo, L.: Mathematics of isogeny based cryptography. CoRR, abs\/1711.04062 (2017). http:\/\/arxiv.org\/abs\/1711.04062"},{"key":"18_CR14","unstructured":"Galbraith, S.D.: Authenticated key exchange for SIDH. Cryptology ePrint Archive, Report 2018\/266 (2018). https:\/\/eprint.iacr.org\/2018\/266"},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Goldwasser, S., Micali, S.: Probabilistic encryption and how to play mental poker keeping secret all partial information. In: 14th ACM STOC, San Francisco, CA, USA, 5\u20137 May 1982, pp. 365\u2013377. ACM Press (1982)","DOI":"10.1145\/800070.802212"},{"key":"18_CR16","doi-asserted-by":"publisher","first-page":"837","DOI":"10.1090\/S0894-0347-1989-1002631-0","volume":"2","author":"JL Hafner","year":"1989","unstructured":"Hafner, J.L., McCurley, K.S.: A rigorous subexponential algorithm for computation of class groups. J. Am. Math. Soc. 2, 837\u2013850 (1989)","journal-title":"J. Am. Math. Soc."},{"key":"18_CR17","series-title":"Graduate Texts in Mathematics","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-09494-6","volume-title":"The Arithmetic of Elliptic Curves","author":"JH Silverman","year":"2009","unstructured":"Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (2009). https:\/\/doi.org\/10.1007\/978-0-387-09494-6"},{"key":"18_CR18","unstructured":"Jao, D., et al.: SIKE. Technical report, National Institute of Standards and Technology (2019). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions"},{"key":"18_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-642-25405-5_2","volume-title":"Post-Quantum Cryptography","author":"D Jao","year":"2011","unstructured":"Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19\u201334. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25405-5_2"},{"key":"18_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-32009-5_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T Jager","year":"2012","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273\u2013293. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_17"},{"key":"18_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/978-3-642-40041-4_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"H Krawczyk","year":"2013","unstructured":"Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 429\u2013448. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_24"},{"key":"18_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/11535218_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"H Krawczyk","year":"2005","unstructured":"Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546\u2013566. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_33"},{"key":"18_CR23","unstructured":"Kawashima, T., Takashima, K., Aikawa, Y., Takagi, T.: An efficient authenticated key exchange from random self-reducibility on CSIDH. Cryptology ePrint Archive, Report 2020\/1178 (2020). https:\/\/eprint.iacr.org\/2020\/1178"},{"key":"18_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-75670-5_1","volume-title":"Provable Security","author":"B LaMacchia","year":"2007","unstructured":"LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1\u201316. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-75670-5_1"},{"key":"18_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/11745853_25","volume-title":"Public Key Cryptography - PKC 2006","author":"K Lauter","year":"2006","unstructured":"Lauter, K., Mityagin, A.: Security analysis of KEA authenticated key exchange protocol. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 378\u2013394. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11745853_25"},{"key":"18_CR26","unstructured":"Longa, P.: A note on post-quantum authenticated key exchange from supersingular isogenies. Cryptology ePrint Archive, Report 2018\/267 (2018). https:\/\/eprint.iacr.org\/2018\/267"},{"key":"18_CR27","doi-asserted-by":"crossref","unstructured":"Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: 38th FOCS, Miami Beach, Florida, 19\u201322 October 1997, pp. 458\u2013467. IEEE Computer Society Press (1997)","DOI":"10.1109\/SFCS.1997.646134"},{"key":"18_CR28","doi-asserted-by":"crossref","unstructured":"Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484\u20131509 (1997)","DOI":"10.1137\/S0097539795293172"},{"key":"18_CR29","doi-asserted-by":"crossref","unstructured":"Sutherland, A.V.: On the evaluation of modular polynomials. In: Tenth Algorithmic Number Theory Symposium (ANTS X), MSP Open Book Series 1, pp. 531\u2013555 (2013)","DOI":"10.2140\/obs.2013.1.531"},{"key":"18_CR30","unstructured":"V\u00e9lu, J.: Isog\u00e9nies entre courbes elliptiques. Comptes-Rendus de l\u2019Acad\u00e9mie des Sciences, S\u00e9rie I(273), 238\u2013241 (1971)"},{"key":"18_CR31","doi-asserted-by":"publisher","DOI":"10.1201\/9781420071474","volume-title":"Elliptic Curves: Number Theory and Cryptography","author":"LC Washington","year":"2008","unstructured":"Washington, L.C.: Elliptic Curves: Number Theory and Cryptography, 2nd edn. Chapman & Hall\/CRC, London (2008)","edition":"2"},{"key":"18_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-030-34578-5_11","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"X Xu","year":"2019","unstructured":"Xu, X., Xue, H., Wang, K., Au, M.H., Tian, S.: Strongly secure authenticated key exchange from supersingular isogenies. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part I. LNCS, vol. 11921, pp. 278\u2013308. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34578-5_11"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-81652-0_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,19]],"date-time":"2025-07-19T22:02:36Z","timestamp":1752962556000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-81652-0_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030816513","9783030816520"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-81652-0_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"21 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Selected Areas in Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sacrypt2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sac2020.ca\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"iChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6-8","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}