Pre- and post-quantum Diffie-Hellman from groups, actions, and isogenies

TL;DR

This paper surveys and compares classical and post-quantum Diffie-Hellman protocols, emphasizing their structural differences and implications for cryptographic constructions, especially those based on elliptic curve isogenies.

Contribution

It provides a detailed comparison of pre- and post-quantum Diffie-Hellman schemes, highlighting subtle differences and their impact on cryptographic applications.

Findings

Post-quantum schemes are based on isogenies of elliptic curves.

Structural differences influence their use in complex cryptographic protocols.

Understanding these differences is crucial for secure post-quantum cryptography.

Abstract

Diffie-Hellman key exchange is at the foundations of public-key cryptography, but conventional group-based Diffie-Hellman is vulnerable to Shor's quantum algorithm. A range of "post-quantum Diffie-Hellman" protocols have been proposed to mitigate this threat, including the Couveignes, Rostovtsev-Stolbunov, SIDH, and CSIDH schemes, all based on the combinatorial and number-theoretic structures formed by isogenies of elliptic curves. Pre-and post-quantum Diffie-Hellman schemes resemble each other at the highest level, but the further down we dive, the more differences emerge-differences that are critical when we use Diffie-Hellman as a basic component in more complicated constructions. In this survey we compare and contrast pre-and post-quantum Diffie-Hellman algorithms, highlighting some important subtleties.