Skip to content

Replace CSIDH with CTIDH

Richard T. Carback III requested to merge feature/ctidh into release

Swap SIDH (https://sike.org/files/SIDH-spec.pdf) for CTIDH (https://ctidh.isogeny.org/) due to recent research results showing a classical break in SIDH: https://eprint.iacr.org/2022/1038 Our mini-roadmap for this feature is as follows:

Non-destructively remove SIDH implementation with the CTIDH implementation, preserving the old SIDH code as legacy functions while making all active code paths use CTIDH. Use the above to make a desktop demo of the feature as a proof of concept (PoC). Identify and version and touch points in packet formats and storage serializations between the two implementations. Resolve those touch points to make the new version backwards compatible with the older SIDH version. This could get slightly complicated because the library needs to detect and decide when to upgrade using CTIDH keys. I propose we do this by sending SIDH rekeys with a new version number, which prompts the other side to immediately rekey the rekey with a CTIDH. We will need to discuss this strategy in detail.

We cannot merge this until 4 is done and we have tests confirming functionality for mobile phones. Separately and in no particular order, we also need to implement:

CI/CD: client CI should run and test appropriately with CTIDH enabled. This likely involves doing a build of the c library inside the CI for client or ctidh-cgo. See how we do the GPU builds for server to get ideas on how to do this. Minimum viable builds: Maybe remove the valgrind dependency or otherwise create an MVB inside our copy of high-ctidh c library gomobile compatibility: figure out how to statically link and compile for mobile devices go native implementation: appropriately ingest the high-ctidh & ctidh-cgo into a native lib with platform specific asm like we see in e.g., the big int and rsa libraries in regular go crypto. wasm compatibilty: we will need this to work for web3 clients, which could involve either the native implementation or a c -> wasm compilation. give back: try to MR this into the circl library or other popular PQ go libraries.

Merge request reports