Isogeny-based cryptography is one of the promising post-quantum candidates mainly because of its smaller public key length. Due to its high computational cost, efficient implementations are significantly important. In this paper, we have proposed a high-speed FPGA implementation of the supersingular isogeny Diffie-Hellman (SIDH) and key encapsulation (SIKE). To this end, we have adapted the algorithm of finding optimal large-degree isogeny computation strategy for hardware implementations. Using this algorithm, hardware-suited strategies (HSSs) can be devised. We have also developed a tool to schedule field arithmetic operations efficiently using constraint programming. This tool enables reducing the latency of SIDH and SIKE subroutines by up to 14% at NIST\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'s highest security level, i.e., using the SIKEp751 parameter set. We have also improved the latency of field inversion, the most costly field operation in SIDH, by 23% using the Montgomery ladder technique. We have provided constant-time implementations of SIDH and SIKE on Virtex-7 using SIKEp751 utilizing 6 and 8 prime field multipliers to resemble the previous work. Experimental results show that using 8 multipliers SIDH and SIKE encapsulation and decapsulation can be performed in 24.66 ms and 24.10 ms, which is 1.37 and 1.12 times faster than the latest corresponding FPGA implementations, respectively.

Keywords