Pre- and post-quantum Diffie-Hellman from groups, actions, and isogenies (1809.04803v3)

Abstract: Diffie-HeLLMan key exchange is at the foundations of public-key cryptography, but conventional group-based Diffie-HeLLMan is vulnerable to Shor's quantum algorithm. A range of "post-quantum Diffie-HeLLMan" protocols have been proposed to mitigate this threat, including the Couveignes, Rostovtsev-Stolbunov, SIDH, and CSIDH schemes, all based on the combinatorial and number-theoretic structures formed by isogenies of elliptic curves. Pre-and post-quantum Diffie-HeLLMan schemes resemble each other at the highest level, but the further down we dive, the more differences emerge-differences that are critical when we use Diffie-HeLLMan as a basic component in more complicated constructions. In this survey we compare and contrast pre-and post-quantum Diffie-HeLLMan algorithms, highlighting some important subtleties.