7

I'm a semi newbie in crypto (I've had that uni course of discrete math that includes basic cryptography principles) and wanted to go a bit further in isogeny graphs.

I have downloaded the C implementation of SIDH/SIKE from the Microsoft Github page and can't understand the difference between the two. However, most of the resources I find online are either sketchy youtube videos or unreadable academic papers using terms I am unfamiliar with. Any resources/ideas would be appreciated.

Ella Rose
  • 19,603
  • 6
  • 53
  • 101

1 Answers1

4

SIDH is a form of post-quantum Diffie–Hellman key agreement with a non-abelian structure using isogenies. It stands for Supersingular Isogeny Diffie–Hellman. SIKE is the name of the specific submission given to NIST for standardization with a set of specific, fixed parameters. It stands for Supersingular Isogeny Key Encapsulation. SIKE is SIDH, but not all SIDH parameters are SIKE.

From their official website, SIKE is standardized in two forms: SIKE.PKE, an asymmetric encryption algorithm, and SIKE.KEM, a key encapsulation mechanism. They both support four parameter sets: SIKEp434, SIKEp503, SIKEp610, and SIKEp751. SIDH is just an algorithm and doesn't standardize any parameters. You could say SIDH is to SIKE as ECDH is to (the public key part of) ECIES.

Note that SIKE has been badly broken.

forest
  • 15,253
  • 2
  • 48
  • 103
  • SIKE stands for Supersingular Isogeny Key Encapsulation. SIKE.KEM is a Key Encapsulation Mechanism. A key encapsulation differs from a key exchange in a subtly technical way; think of it as a key exchange with a long term public key. SIDH is to SIKE as ECDH is to (the public key part of) ECIES. – Luca De Feo Jul 02 '19 at 22:31
  • @LucaDeFeo Yes you're right. It was just a brain fart. Corrected. – forest Jul 02 '19 at 22:32
  • @LucaDeFeo is the private key also long term or will there be a new (and fresh) private key for each execution? Also, I don't get the main difference between Key Encapsulation Mechanism and Key Exchange protocols. Isn't there also a long-term public key in "ordinary" Key Exchange Protocols? –  Nov 12 '19 at 13:44
  • Private-public keys always go in pairs. If the pk is long term, so is the sk. SIKE has long term keys, because that's what's asked by NIST. Key exchange protocols can be ephemeral, ephemeral-static or static-static, but the usual schoolbook definition is the ephemeral one. – Luca De Feo Nov 13 '19 at 14:15
  • Hmm, not entirely sure if I agree on the definitions. Encryption to me is to hide a previously established message. If that message is a key then it is encapsulation. Key agreement and key encapsulation are both methods of key establishment protocols. You can of course create such a scheme using a key agreement protocol such as DH. With key agreement you both agree (using an algorithm) on a newly calculated shared secret, which is not encapsulated in any way. – Maarten Bodewes Aug 18 '22 at 16:20
  • As you can see, nowhere in these scheme am I talking about how long the keys stay valid, and if you look at NIST SP 800-56A Rev. 3 then you'll find various forms of key establishment schemes using static-static, ephemeral-static as well as ephemeral-ephemeral key agreement. – Maarten Bodewes Aug 18 '22 at 16:21