36 Post Quantum Crypto for Dummies last n polynomials. Iteratively, this allows to compute a key stream of arbitrary length. This key stream is xored on the data stream. The disadvantage of QUAD is its low efficiency compared to AES. Supersingular Elliptic-curve Isogeny Cryptography Classical elliptic-curve cryptography (ECC) works on points on specific elliptic curves: operations like addition and scalar multiplication are performed on points and also the exchanged data structures in cryptographic protocols are coordinates of points. However, instead of computing on points of an elliptic curve, one can also define operations between different elliptic curves. Operations that map a curve onto another curve have different properties. Maps with certain properties are called isogenies. Using isogenies between elliptic curves for building cryptographic schemes is a relatively new approach compared to the schemes described in the previous sections. Public-key cryptosystems based on isogenies were introduced in 2006 by Rostovtsev and Stolbunov 52, 57. A major drawback of the scheme was the long computation time required for encryption and decryption. Even worse, in 2010 Childs, Jao and Soukharev found a subexponential quantum computer attack on this scheme 20. In 2011 Jao and De Feo extended the idea of using isogenies on ordinary elliptic curves to supersingular elliptic curves 38. Due to the special structure of supersingular elliptic curves, the Childs/Jao/Soukharev attack does not work. Furthermore, the efficiency of encryption and decryption is greatly improved. However, due to the novelty of cryptographic schemes based on isogenies of supersingular elliptic curves, there is not yet great confidence in these schemes. Therefore, they are currently not consensually considered as candidates for post-quantum public-key encryption. Nevertheless, due to their symmetric nature, schemes based on isogenies on supersingular elliptic curves have a very similar structure to classical DH and ECDH schemes. In particular, isogenies are the only post-quantum approach that enables a Diffie-Hellman like key exchange, the supersingular isogeny Diffie-Hellman (SIDH) key exchange. There are SIDH implementations with very competitive performance and small message sizes for the key exchange 21.
PQC_for_Dummies
To see the actual publication please follow the link above