A Constant-Time Hardware Architecture for the CSIDH Key-Exchange Protocol

TL;DR

This paper introduces the first comprehensive hardware architecture for the CSIDH post-quantum key exchange protocol, achieving constant-time operation and providing performance benchmarks on FPGA and ASIC platforms.

Contribution

It presents a unified, high-performance hardware architecture for CSIDH-512, enabling constant-time key generation on FPGA and ASIC with detailed performance metrics.

Findings

Achieves 515 ms key generation latency on FPGA at 200 MHz.

Achieves 591 ms key generation latency on ASIC at ~180 MHz.

Provides the first public hardware performance benchmarks for CSIDH.

Abstract

The commutative supersingular isogeny Diffie-Hellman (CSIDH) algorithm is a promising post-quantum key exchange protocol, notable for its exceptionally small key sizes, but hindered by computationally intensive key generation. Furthermore, practical implementations must operate in constant time to mitigate side-channel vulnerabilities, which presents an additional performance challenge. This paper presents, to our knowledge, the first comprehensive hardware study of CSIDH, establishing a performance baseline with a unified architecture on both field-programmable gate array (FPGA) and application-specific integrated circuit (ASIC) platforms. The architecture features a top-level finite state machine (FSM) that orchestrates a deeply pipelined arithmetic logic unit (ALU) to accelerate the underlying 512-bit finite field operations. The ALU employs a parallelized schoolbook multiplier, completing a 512$\times$512-bit multiplication in 22 clock cycles and enabling a full Montgomery modular multiplication in 87 cycles. The constant-time CSIDH-512 design requires $1.03\times10^{8}$ clock cycles per key generation. When implemented on a Xilinx Zynq UltraScale+ FPGA, the architecture achieves a 200 MHz clock frequency, corresponding to a 515 ms latency. For ASIC implementation in a 180nm process, the design requires $1.065\times10^{8}$ clock cycles and achieves a \textasciitilde 180 MHz frequency, resulting in a key generation latency of 591 ms. By providing the first public hardware performance metrics for CSIDH on both FPGA and ASIC platforms, this work delivers a crucial benchmark for future isogeny-based post-quantum cryptography (PQC) accelerators.