Faster CGL hash function via reduced backtracking checks

Abstract

The CGL hash function is an isogeny-based hash function that computes non-backtracking paths on a supersingular isogeny graph. Since one of the problems of the CGL hash function is its relatively slow computational time, many acceleration methods have been studied, including the use of the Legendre form, radical isogenies. An algorithm for computing the CGL hash function proposed at SAC'22 has achieved acceleration of several orders of magnitude, by using 2ⁿ-isogenies for an integer n = Θ (log p), where p is characteristic of the underlying field. In this algorithm, the backtracking 2-isogeny between two consecutive 2ⁿ-isogenies must be prevented to assure the security of the hash function, which is called backtracking checks.

In this paper, we propose two algorithms to further accelerate the computation by reducing the overhead of backtracking checks. The first algorithm skips backtracking checks when unnecessary. The second one completely eliminates the need for these checks. Moreover, we implement our proposed algorithms. We perform a detailed and precise complexity analysis of our algorithms as well as previously proposed ones by program-matically counting the actual number of operations over the underlying finite field. We demonstrate that the first algorithm reduces the cost by 7.6%, 7.0%, 7.6%, 6.2% and second one by 18.9%, 17.8%, 16.7%, 16.1% compared to the original algorithm at SAC'22 for 256, 512, 1024, 1536-bit primes, respectively.

This paper is an extended version of [1]. We add the second algorithm without backtracking checks, which is faster than the first algorithm, and its efficiency is demonstrated by the implementation.