International Association for Cryptologic Research (IACR)
Doi
Abstract
We present the first practical software implementation of Supersingular
Isogeny Key Encapsulation (SIKE) round 2, targeting NIST’s 1, 2, and 5 security
levels on 32-bit ARM Cortex-M4 microcontrollers. The proposed library introduces a
new speed record of SIKE protocol on the target platform. We achieved this record
by adopting several state-of-the-art engineering techniques as well as highly-optimized
hand-crafted assembly implementation of finite field arithmetic. In particular, we
carefully redesign the previous optimized implementations of filed arithmetic on 32-bit
ARM Cortex-M4 platform and propose a set of novel techniques which are explicitly
suitable for SIKE/SIDH primes. Moreover, the proposed arithmetic implementations
are fully scalable to larger bit-length integers and can be adopted over different
security levels. The benchmark result on STM32F4 Discovery board equipped with
32-bit ARM Cortex-M4 microcontrollers shows that the entire key encapsulation
over p434 takes about 326 million clock cycles (i.e. 1.94 seconds @168MHz). In
contrast to the previous optimized implementation of the isogeny-based key exchange
on low-power 32-bit ARM Cortex-M4, our performance evaluation shows feasibility
of using SIKE mechanism on the target platform. In comparison to the most of the
post-quantum candidates, SIKE requires an excessive number of arithmetic operations,
resulting in significantly slower timings. However, its small key size makes this scheme
as a promising candidate on low-end microcontrollers in the quantum era by ensuring
the lower energy consumption for key transmission than other schemes