Isogeny-based cryptography uses keys large enough to resist a far-future attack from
Tani’s algorithm, a quantum random walk on Johnson graphs. The key size is based on an
analysis in the query model. Queries do not reflect the full cost of an algorithm, and this
thesis considers other cost models. These models fit in a memory peripheral framework,
which focuses on the classical control costs of a quantum computer. Rather than queries,
we use the costs of individual gates, error correction, and latency. Primarily, these costs
make quantum memory access expensive and thus Tani’s memory-intensive algorithm is
no longer the best attack against isogeny-based cryptography. A classical algorithm due to
van Oorschot and Wiener can be faster and cheaper, depending on the model used and the
availability of time and hardware. This means that isogeny-based cryptography is more
secure than previously thought
