{"id":239768,"date":"2016-06-17T15:29:22","date_gmt":"2016-06-17T22:29:22","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-project&p=239768"},"modified":"2025-06-05T11:45:23","modified_gmt":"2025-06-05T18:45:23","slug":"sidh-library","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/sidh-library\/","title":{"rendered":"SIDH Library"},"content":{"rendered":"

SIKE and SIDH are insecure and should not be used.<\/strong> For more information, please refer to\u00a0the SIKE team’s statement to NIST (opens in new tab)<\/span><\/a>.<\/p>\n

SIDH Library was a fast and portable software library that implements a new suite of algorithms for supersingular isogeny Diffie-Hellman key exchange [1]. The chosen parameters aimed to provide 128 bits of security against attackers running a large-scale quantum computer, and 192 bits of security against classical algorithms. SIDH had the option of a hybrid key exchange that combines supersingular isogeny Diffie-Hellman with a high-security classical elliptic curve Diffie-Hellman key exchange at a small overhead.<\/p>\n

\n

SIDH was the first supersingular isogeny Diffie-Hellman software that is fully protected against timing and cache attacks: all operations on secret data run in constant time. The library was also significantly faster than previous implementations, e.g., it is about 2.5 times faster than the previously best (non-constant-time) supersingular isogeny Diffie-Hellman software.<\/p>\n

The need for post-quantum cryptography<\/h1>\n

A large-scale quantum computer breaks most public-key cryptography that is currently used on the internet such as RSA encryption and digital signatures, ECDH key exchange and ECDSA signatures. Even if no such quantum computer exists today, the prospect of one being built in the not-too-distant future makes it necessary to prepare our cryptography infrastructure and protect our data into the future now. This release is part of a larger effort to identify and deploy asymmetric cryptographic schemes that resist quantum attacks and can replace vulnerable algorithms.<\/p>\n

Supersingular isogeny Diffie Hellman key exchange<\/h1>\n

The supersingular isogeny Diffie-Hellman key exchange protocol was proposed by Jao and DeFeo in [2]. The mathematical structures that provide the key exchange operations are supersingular elliptic curves and isogeny maps between them. Despite the use of elliptic curves, its security is not based on the hardness of the elliptic curve discrete logarithm problem, but instead on the hardness of computing large-degree isogenies between two given elliptic curves. Computing such isogenies is currently believed to be infeasible even for a quantum computer, which makes SIDH a candidate for post-quantum key exchange.<\/p>\n

SIDH Library:<\/h2>\n