News Highlights:
- Following the 2022 breach of SIKE, QFESTA emerges as the most computationally efficient alternative in isogeny-based cryptography.
- The newly developed RandIsogImages algorithm, integral to QFESTA, shows promise for advancing isogeny-based cryptographic techniques.
TOKYO – September 5, 2024 – NTT Corporation, headquartered in Chiyoda Ward, Tokyo, and led by President Akira Shimada, has unveiled QFESTA, a novel isogeny-based cryptographic solution designed to offer robust security (IND-CCA2) against quantum computer threats while ensuring computational efficiency. Isogeny-based cryptography has gained attention due to its smaller public key and ciphertext sizes compared to other methods. SIKE, a notable isogeny-based cryptographic candidate, was a leading choice but was compromised in 2022. Since then, alternative solutions have faced challenges with encryption and decryption costs. QFESTA stands out as the most efficient among these alternatives. NTT plans to explore the application of RandIsogImages, a key component of QFESTA, to cryptographic protocols like digital signatures.
This breakthrough was presented at Crypto 2024, a premier international cryptology conference held in August 2024.
1. Background
Quantum computers, leveraging principles of quantum mechanics, pose a threat to current cryptographic systems. Shor’s algorithm, introduced in 1994, demonstrated that RSA and elliptic curve cryptography are vulnerable to quantum attacks. Consequently, research into post-quantum cryptography—secure against quantum threats—has become a priority. Among various post-quantum cryptography candidates, isogeny-based cryptography is notable for its compact public key and ciphertext sizes. SIKE, a prominent isogeny-based method, was a finalist in the National Institute of Standards and Technology (NIST) standardization competition. However, a 2022 attack compromised SIKE’s security. Despite numerous proposed alternatives, they have struggled with high computational costs. The development of new isogeny-based cryptographies is ongoing to address these issues.
2. Contributions
In collaboration with the University of Tokyo, NTT has developed QFESTA, an innovative isogeny-based cryptography that outperforms SIKE. Utilizing an attack technique on SIKE, the new RandIsogImages algorithm computes isogenies of non-smooth degrees. QFESTA, built on this algorithm, offers more than double the speed of traditional isogeny-based methods. It has been mathematically validated to meet NIST’s security standards under various assumptions. QFESTA is the most computationally efficient alternative to SIKE available today. RandIsogImages is highly versatile, supporting a wide range of degrees, and is expected to drive future advancements in isogeny-based cryptography.
These findings were presented at Crypto 2024 on August 21.Outlook
Looking ahead, we plan to explore the application of RandIsogImages in other cryptographic protocols, including digital signatures, to enhance post-quantum security. Our ongoing research aims to advance cryptographic protocols, ensuring secure and reliable communication in anticipation of the quantum computing era.