{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T04:31:32Z","timestamp":1778128292671,"version":"3.51.4"},"reference-count":65,"publisher":"International Association for Cryptologic Research","license":[{"start":{"date-parts":[[2024,1,9]],"date-time":"2024-01-09T00:00:00Z","timestamp":1704758400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,3,5]]},"abstract":" In this work, we assess the real-world practicality of CSIDH, an isogeny-based non-interactive key exchange. We provide the first thorough assessment of the practicality of CSIDH in higher parameter sizes for conservative estimates of quantum security, and with protection against physical attacks.<\/jats:p>\n This requires a three-fold analysis of CSIDH. First, we describe two approaches to efficient high-security CSIDH implementations, based on SQALE and CTIDH. Second, we optimize such high-security implementations, on a high level by improving several subroutines, and on a low level by improving the finite field arithmetic. Third, we benchmark the performance of high-security CSIDH. As a stand-alone primitive, our implementations outperform previous results by a factor up to 2.53\u00d7.<\/jats:p>\n As a real-world use case considering network protocols, we use CSIDH in TLS variants that allow early authentication through a NIKE. Although our instantiations of CSIDH have smaller communication requirements than post-quantum KEM and signature schemes, even our highly-optimized implementations result in too-large handshake latency (tens of seconds), showing that CSIDH is only practical in niche cases. <\/jats:p>","DOI":"10.62056\/anjbksdja","type":"journal-article","created":{"date-parts":[[2024,4,9]],"date-time":"2024-04-09T19:27:10Z","timestamp":1712690830000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":12,"title":["Optimizations and Practicality of High-Security CSIDH"],"prefix":"10.62056","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3912-7570","authenticated-orcid":false,"given":"Fabio","family":"Campos","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/0378gm372","id-type":"ROR","asserted-by":"publisher"}],"name":"RheinMain University of Applied Sciences","place":["Wiesbaden, Germany"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7006-1779","authenticated-orcid":false,"given":"Jorge","family":"Ch\u00e1vez-Saab","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/001kv2y39","id-type":"ROR","asserted-by":"publisher"}],"name":"Cryptography Research Center, Technology Innovation Institute","place":["Abu Dhabi, United Arab Emirates"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9753-7263","authenticated-orcid":false,"given":"Jes\u00fas-Javier","family":"Chi-Dom\u00ednguez","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/001kv2y39","id-type":"ROR","asserted-by":"publisher"}],"name":"Cryptography Research Center, Technology Innovation Institute","place":["Abu Dhabi, United Arab Emirates"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-2972-7324","authenticated-orcid":false,"given":"Michael","family":"Meyer","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/01eezs655","id-type":"ROR","asserted-by":"publisher"}],"name":"University of Regensburg","place":["Regensburg, Germany"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8015-399X","authenticated-orcid":false,"given":"Krijn","family":"Reijnders","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/016xsfp80","id-type":"ROR","asserted-by":"publisher"}],"name":"Radboud University","place":["Nijmegen, The Netherlands"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5916-6625","authenticated-orcid":false,"given":"Francisco","family":"Rodr\u00edguez-Henr\u00edquez","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/001kv2y39","id-type":"ROR","asserted-by":"publisher"}],"name":"Cryptography Research Center, Technology Innovation Institute","place":["Abu Dhabi, United Arab Emirates"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1310-0997","authenticated-orcid":false,"given":"Peter","family":"Schwabe","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/00bj0r217","id-type":"ROR","asserted-by":"publisher"}],"name":"Max Planck Institute for Security and Privacy","place":["Bochum, Germany"]},{"id":[{"id":"https:\/\/ror.org\/016xsfp80","id-type":"ROR","asserted-by":"publisher"}],"name":"Radboud University","place":["Nijmegen, The Netherlands"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8967-8456","authenticated-orcid":false,"given":"Thom","family":"Wiggers","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/03sdv7269","id-type":"ROR","asserted-by":"publisher"}],"name":"PQShield","place":["Nijmegen, The Netherlands"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"48349","published-online":{"date-parts":[[2024,4,9]]},"reference":[{"key":"ref1:Kuh18","article-title":"OPTLS revisited","author":"Wouter Kuhnen","year":"2018"},{"key":"ref2:BDLS20","article-title":"Faster computation of isogenies of large prime\n degree","volume-title":"ANTS XIV \u2013 Proceedings of the Fourteenth Algorithmic\n Number Theory Symposium","author":"Daniel J. Bernstein","year":"2020"},{"key":"ref3:AC:CDHV22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/978-3-031-22966-4_3","article-title":"Horizontal Racewalking Using Radical Isogenies","volume-title":"ASIACRYPT\u00a02022, Part\u00a0II","volume":"13792","author":"Wouter Castryck","year":"2022"},{"key":"ref4:AC:CLMPR18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/978-3-030-03332-3_15","article-title":"CSIDH: An Efficient Post-Quantum Commutative Group\n Action","volume-title":"ASIACRYPT\u00a02018, Part\u00a0III","volume":"11274","author":"Wouter Castryck","year":"2018"},{"key":"ref5:LC:CCCDRS19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-030-30530-7_9","article-title":"Stronger and Faster Side-Channel Protections for\n CSIDH","volume-title":"LATINCRYPT\u00a02019","volume":"11774","author":"Daniel Cervantes-V\u00e1zquez","year":"2019"},{"key":"ref6:TCHES:BBCCLMSS21","doi-asserted-by":"publisher","first-page":"351","DOI":"10.46586\/tches.v2021.i4.351-387","article-title":"CTIDH: faster constant-time CSIDH","volume":"2021","author":"Gustavo Banegas","year":"2021","journal-title":"IACR TCHES","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref7:EPRINT:LeGHut20","article-title":"An Analysis of Fault Attacks on CSIDH","author":"Jason LeGrow","year":"2020"},{"key":"ref8:CCS:ADHSW22","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1145\/3548606.3560577","article-title":"Post Quantum Noise","volume-title":"ACM CCS 2022","author":"Yawning Angel","year":"2022"},{"key":"ref9:JCEng:CCJR22","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1007\/s13389-021-00271-w","article-title":"Journal of Cryptographic Engineering","volume":"12","author":"Jorge Ch\u00e1vez-Saab","year":"2022","journal-title":"Journal of Cryptographic Engineering"},{"key":"ref10:CKM+20","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1109\/FDTC51366.2020.00015","article-title":"Trouble at the CSIDH: Protecting CSIDH with\n Dummy-Operations Against Fault Injection Attacks","volume-title":"2020 Workshop on Fault Detection and Tolerance in\n Cryptography (FDTC)","author":"Fabio Campos","year":"2020"},{"key":"ref11:SAC:AzaJaoLeo17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-319-72565-9_3","article-title":"Post-Quantum Static-Static Key Agreement Using\n Multiple Protocol Instances","volume-title":"SAC 2017","volume":"10719","author":"Reza Azarderakhsh","year":"2017"},{"key":"ref12:ESORICS:SchSteWig21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-88418-5_1","article-title":"More Efficient Post-quantum KEMTLS with\n Pre-distributed Public Keys","volume-title":"ESORICS\u00a02021, Part\u00a0I","volume":"12972","author":"Peter Schwabe","year":"2021"},{"key":"ref13:EC:CasDec23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1007\/978-3-031-30589-4_15","article-title":"An Efficient Key Recovery Attack on SIDH","volume-title":"EUROCRYPT\u00a02023, Part\u00a0V","volume":"14008","author":"Wouter Castryck","year":"2023"},{"key":"ref14:Lyu17","article-title":"Converting NewHope\/LWE key exchange to a\n Diffe-Hellman-like algorithm","author":"Vadim Lyubashevsky","year":"2017"},{"key":"ref15:EC:BonSch20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/978-3-030-45724-2_17","article-title":"Quantum Security Analysis of CSIDH","volume-title":"EUROCRYPT\u00a02020, Part\u00a0II","volume":"12106","author":"Xavier Bonnetain","year":"2020"},{"key":"ref16:EC:Robert23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"472","DOI":"10.1007\/978-3-031-30589-4_17","article-title":"Breaking SIDH in Polynomial Time","volume-title":"EUROCRYPT\u00a02023, Part\u00a0V","volume":"14008","author":"Damien Robert","year":"2023"},{"key":"ref17:AC:BeuKleVer19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-030-34578-5_9","article-title":"CSI-FiSh: Efficient Isogeny Based Signatures\n Through Class Group Computations","volume-title":"ASIACRYPT\u00a02019, Part\u00a0I","volume":"11921","author":"Ward Beullens","year":"2019"},{"key":"ref18:nist_pqc","article-title":"Post-Quantum Cryptography Standardization","author":"National Institute of Standards","year":"2017"},{"key":"ref19:EPRINT:Hamburg21","article-title":"Computing the Jacobi symbol using Bernstein-Yang","author":"Mike Hamburg","year":"2021"},{"key":"ref20:CECPQ2b","article-title":"The TLS Post-Quantum Experiment","author":"Kris Kwiatkowski","year":"2019"},{"key":"ref21:AC:CasDecVer20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/978-3-030-64834-3_17","article-title":"Radical Isogenies","volume-title":"ASIACRYPT\u00a02020, Part\u00a0II","volume":"12492","author":"Wouter Castryck","year":"2020"},{"key":"ref22:EPRINT:CMRS22:ournote","article-title":"Patient Zero and Patient Six: Zero-Value and\n Correlation Attacks on CSIDH and SIKE","author":"Fabio Campos","year":"2022"},{"key":"ref23:CCS:SchSteWig20","doi-asserted-by":"publisher","first-page":"1461","DOI":"10.1145\/3372297.3423350","article-title":"Post-Quantum TLS Without Handshake Signatures","volume-title":"ACM CCS 2020","author":"Peter Schwabe","year":"2020"},{"key":"ref24:ML-KEM","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.FIPS.203.ipd","article-title":"Security Requirements for Cryptographic Modules","author":"National Institute of Standards","year":"2023"},{"key":"ref25:rustls","article-title":"A modern TLS library in Rust","author":"Joseph Birr-Pixton","year":"2023"},{"key":"ref26:EC:MMPPW23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1007\/978-3-031-30589-4_16","article-title":"A Direct Key Recovery Attack on SIDH","volume-title":"EUROCRYPT\u00a02023, Part\u00a0V","volume":"14008","author":"Luciano Maino","year":"2023"},{"key":"ref27:SAC:BFGJS20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-030-81652-0_16","article-title":"Towards Post-Quantum Security for Signal's X3DH\n Handshake","volume-title":"SAC 2020","volume":"12804","author":"Jacqueline Brendel","year":"2020"},{"key":"ref28:Karatsuba:1963:MMN","first-page":"595","article-title":"Multiplication of multidigit numbers on automata","volume":"7","author":"Anatolii Karatsuba","year":"1963","journal-title":"Soviet Physics Doklady"},{"key":"ref29:DBLP:conf\/eurocrypt\/BanegasKLMPRST23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/978-3-031-30589-4_11","article-title":"Disorientation Faults in CSIDH","volume-title":"Advances in Cryptology - EUROCRYPT 2023","volume":"14008","author":"Gustavo Banegas","year":"2023"},{"key":"ref30:Lon22","doi-asserted-by":"publisher","first-page":"445","DOI":"10.46586\/tches.v2023.i3.445-472","article-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"2023","author":"Patrick Longa","year":"2023","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref31:bor","article-title":"A non-interactive key exchange based on ring-learning\n with errors","author":"Bor de Kock","year":"2018"},{"key":"ref32:PQCRYPTO:JaoDeFo11","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-642-25405-5_2","article-title":"Towards Quantum-Resistant Cryptosystems from\n Supersingular Elliptic Curve Isogenies","volume-title":"Post-Quantum Cryptography - 4th International\n Workshop, PQCrypto 2011","author":"David Jao","year":"2011"},{"key":"ref33:Kup13","series-title":"LIPIcs 22","doi-asserted-by":"publisher","first-page":"20","DOI":"10.4230\/LIPIcs.TQC.2013.20","article-title":"Another Subexponential-time Quantum Algorithm for the\n Dihedral Hidden Subgroup Problem","volume-title":"8th Conference on the Theory of Quantum Computation,\n Communication and Cryptography","volume":"22","author":"Greg Kuperberg","year":"2013"},{"key":"ref34:X3DH","article-title":"The X3DH Key Agreement Protocol","author":"Moxie Marlinspike","year":"2016"},{"key":"ref35:AMC:ChiRod20","doi-asserted-by":"publisher","first-page":"383","DOI":"10.3934\/amc.2020116","article-title":"Optimal strategies for CSIDH","volume":"16","author":"Jes\u00fas-Javier Chi-Dom\u00ednguez","year":"2022","journal-title":"Adv. Math. Commun."},{"key":"ref36:EuroSP:KraWee16","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/EuroSP.2016.18","article-title":"The OPTLS Protocol and TLS 1.3","volume-title":"2016 IEEE European Symposium on Security and Privacy\n (EuroS&P)","author":"Hugo Krawczyk","year":"2016"},{"key":"ref37:RSA:MorOnuTak20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"512","DOI":"10.1007\/978-3-030-40186-3_22","article-title":"How to Construct CSIDH on Edwards Curves","volume-title":"CT-RSA\u00a02020","volume":"12006","author":"Tomoki Moriya","year":"2020"},{"key":"ref38:EC:CJLNRU17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"679","DOI":"10.1007\/978-3-319-56620-7_24","article-title":"Efficient Compression of SIDH Public Keys","volume-title":"EUROCRYPT\u00a02017, Part\u00a0I","volume":"10210","author":"Craig Costello","year":"2017"},{"key":"ref39:CECPQ2","article-title":"CECPQ2","author":"Adam Langley","year":"2018"},{"key":"ref40:JCEng:BajDuq21","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1007\/s13389-021-00260-z","article-title":"Montgomery-friendly primes and applications to\n cryptography","volume":"11","author":"Jean-Claude Bajard","year":"2021","journal-title":"Journal of Cryptographic Engineering"},{"key":"ref41:DBLP:journals\/jss\/LeeKP13","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1016\/j.jss.2012.06.074","article-title":"Improved multi-precision squaring for low-end RISC\n microcontrollers","volume":"86","author":"Younho Lee","year":"2013","journal-title":"J. Syst. Softw."},{"key":"ref42:SPACE:GonzalezWiggers22","isbn-type":"print","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/978-3-031-22829-2","article-title":"KEMTLS vs. Post-quantum TLS: Performance on Embedded\n Systems","volume-title":"Security, Privacy, and Applied Cryptography\n Engineering","author":"Ruben Gonzalez","year":"2022","ISBN":"https:\/\/id.crossref.org\/isbn\/9783031228292"},{"key":"ref43:IWSEC:OAYT19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-030-26834-3_2","article-title":"(Short Paper) A Faster Constant-Time Algorithm of\n CSIDH Keeping Two Points","volume-title":"IWSEC 19","volume":"11689","author":"Hiroshi Onuki","year":"2019"},{"key":"ref44:NISTPQC:CRYSTALS-DILITHIUM22","article-title":"CRYSTALS-DILITHIUM","author":"Vadim Lyubashevsky","year":"2022"},{"key":"ref45:EPRINT:GKQMS23","article-title":"Swoosh: Practical Lattice-Based Non-Interactive Key\n Exchange","volume-title":"Proceedings of the 33rd USENIX Security Symposium","author":"Phillip Gajland","year":"2024"},{"key":"ref46:INDOCRYPT:MeyRei18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/978-3-030-05378-9_8","article-title":"A Faster Way to the CSIDH","volume-title":"INDOCRYPT\u00a02018","volume":"11356","author":"Michael Meyer","year":"2018"},{"key":"ref47:ACNS:HLKA20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"481","DOI":"10.1007\/978-3-030-57808-4_24","article-title":"Further Optimizations of CSIDH: A Systematic\n Approach to Efficient Strategies, Permutations, and\n Bound Vectors","volume-title":"ACNS 20, Part\u00a0I","volume":"12146","author":"Aaron Hutchinson","year":"2020"},{"key":"ref48:velu","first-page":"238","article-title":"Isog\u00e9nies entre courbes elliptiques","volume":"273","author":"Jacques V\u00e9lu","year":"1971","journal-title":"Comptes Rendus de l'Acad\u00e9mie des Sciences de Paris,\n S\u00e9ries A"},{"key":"ref49:NISTPQC:FALCON22","article-title":"FALCON","author":"Thomas Prest","year":"2022"},{"key":"ref50:PQCRYPTO:MeyCamRei19","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/978-3-030-25510-7_17","article-title":"On Lions and Elligators: An Efficient Constant-Time\n Implementation of CSIDH","volume-title":"Post-Quantum Cryptography - 10th International\n Conference, PQCrypto 2019","author":"Michael Meyer","year":"2019"},{"key":"ref51:RSA:ChiRei22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/978-3-030-95312-6_4","article-title":"Fully Projective Radical Isogenies in Constant-Time","volume-title":"CT-RSA\u00a02022","volume":"13161","author":"Jes\u00fas-Javier Chi-Dom\u00ednguez","year":"2022"},{"key":"ref52:SP:BCNS15","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1109\/SP.2015.40","article-title":"Post-Quantum Key Exchange for the TLS Protocol from\n the Ring Learning with Errors Problem","volume-title":"2015 IEEE Symposium on Security and Privacy","author":"Joppe W. Bos","year":"2015"},{"key":"ref53:WR22","article-title":"Defending against future threats: Cloudflare goes\n post-quantum","author":"Bas Westerbaan","year":"2022"},{"key":"ref54:ietf-tls-semistatic-dh-01","article-title":"Semi-Static Diffie-Hellman Key Establishment for TLS\n 1.3","author":"Eric Rescorla","year":"2020"},{"key":"ref55:doliskani","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/S00200-018-0349-Z","article-title":"On division polynomial PIT and supersingularity","volume":"29","author":"Javad Doliskani","year":"2018","journal-title":"Applicable Algebra in Engineering, Communication and\n Computing"},{"key":"ref56:JCEng:ACDRR22:UPDATED","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-022-00293-y","article-title":"Karatsuba-based square-root V\u00e9lu's formulas\n applied to two isogeny-based protocols","author":"Gora Adj","year":"2022","journal-title":"Journal of Cryptographic Engineering"},{"key":"ref57:PQCRYPTO:CasDec20","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-030-44223-1_7","article-title":"CSIDH on the Surface","volume-title":"Post-Quantum Cryptography - 11th International\n Conference, PQCrypto 2020","author":"Wouter Castryck","year":"2020"},{"key":"ref58:AC:GPST16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-662-53887-6_3","article-title":"On the Security of Supersingular Isogeny\n Cryptosystems","volume-title":"ASIACRYPT\u00a02016, Part\u00a0I","volume":"10031","author":"Steven D. Galbraith","year":"2016"},{"key":"ref59:CECPQ1","article-title":"Experimenting with Post-Quantum Cryptography","author":"Matt Braithwaite","year":"2016"},{"key":"ref60:RFC8446","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8446","article-title":"The Transport Layer Security (TLS) Protocol Version\n 1.3","author":"Eric Rescorla","year":"2018"},{"key":"ref61:EC:Peikert20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1007\/978-3-030-45724-2_16","article-title":"He Gives C-Sieves on the CSIDH","volume-title":"EUROCRYPT\u00a02020, Part\u00a0II","volume":"12106","author":"Chris Peikert","year":"2020"},{"key":"ref62:EC:BLMP19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/978-3-030-17656-3_15","article-title":"Quantum Circuits for the CSIDH: Optimizing Quantum\n Evaluation of Isogenies","volume-title":"EUROCRYPT\u00a02019, Part\u00a0II","volume":"11477","author":"Daniel J. Bernstein","year":"2019"},{"key":"ref63:C:CosLonNae16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"572","DOI":"10.1007\/978-3-662-53018-4_21","article-title":"Efficient Algorithms for Supersingular Isogeny\n Diffie-Hellman","volume-title":"CRYPTO\u00a02016, Part\u00a0I","volume":"9814","author":"Craig Costello","year":"2016"},{"key":"ref64:JC:VanWie99","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/PL00003816","article-title":"Parallel Collision Search with Cryptanalytic\n Applications","volume":"12","author":"Paul C. van Oorschot","year":"1999","journal-title":"Journal of Cryptology"},{"key":"ref65:EPRINT:BanGilSmi22","first-page":"21","article-title":"Efficient supersingularity testing over\n $\\mathbb{{F}}_p$ and CSIDH key validation","volume":"2","author":"Gustavo Banegas","year":"2022","journal-title":"Mathematical Cryptology"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T21:25:35Z","timestamp":1733865935000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/1\/5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,9]]},"references-count":65,"URL":"https:\/\/doi.org\/10.62056\/anjbksdja","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,9]]},"assertion":[{"value":"2024-01-09","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-05","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-1-21"}}