2021 Volume 27 Issue 1 Pages 1-23
With the advent of quantum computers that showed the viability of Shor's Algorithm to factor integers, it became apparent that asymmetric cryptographic algorithms might soon become insecure. Since then, a large number of new algorithms that are conjectured to be quantum-secure have been proposed, many of which come with non-negligible trade-offs compared to current cryptosystems. Because of this, both research and standardization attempts are an ongoing effort.
In this survey, we describe one of the most promising approaches to post-quantum cryptography: cryptosystems based on supersingular isogenies. Building on top of isogenies is promising not only because they have been a well-studied topic for many decades, but also because the algorithms proposed in recent literature promise decent performance at small key sizes, especially compared to other post-quantum candidates.
After introducing the basic mathematical backgrounds required to understand the fundamental idea behind the use of supersingular isogenies as well as their relation to elliptic curves, we explain the most important protocols that have been proposed in recent years, starting with the so-called Supersingular Isogeny Diffie–Hellman. We discuss the novel approaches to well-established protocols that supersingular isogeny-based schemes introduce, analyze why it is difficult to translate certain cryptographic schemes into the supersingular isogeny case and argue that while the discussed cryptographic schemes promise to be both performant and quantum-secure, they instead introduce a trade-off in the form of increased protocol complexity.