SIDH for Open SSL
This release contains a patch for OpenSSL 1.0.2g to support the Supersingular Isogeny-based Diffie-Hellman (SIDH) key exchange1, using the implementation by Microsoft Research2. This scheme provides approximately 128 bits of quantum security and 192 bits of classical security.
The library specifies four ciphersuites:
The first two consist of a SIDH key exchange, as described in , authentication based on ECDSA or RSA digital signatures, authenticated encryption (with associated data) (AEAD) based on AES-128 in GCM (Galois Counter Mode); key derivation and hashing based on SHA-256. The last two offer hybrid ciphersuites that are as above, except the key exchange includes both SIDH and ECDH key exchange; the pre-master secret is the concatenation of the ECDH shared secret and the SIDH shared secret. All these ciphersuites require TLSv1.2 because of the use of AES-GCM.
- Craig Costello, Patrick Longa, and Michael Naehrig (Microsoft Research). "Efficient algorithms for supersingular isogeny Diffe-Hellman." https://eprint.iacr.org/2016/413.pdf.