p751sidh

The p751sidh package provides a Go implementation of (ephemeral) supersingular isogeny Diffie-Hellman, as described in Costello-Longa-Naehrig 2016. Internal functions useful for the implementation are published in the p751toolbox package.

The implementation is intended for use on the amd64 architecture only -- no generic field arithmetic implementation is provided. Portions of the field arithmetic were ported from the Microsoft Research implementation.

This package follows their naming convention, writing “Alice” for the party using 2^e-isogenies and “Bob” for the party using 3^e-isogenies.

This package does NOT implement SIDH key validation, so it should only be used for ephemeral DH. Each keypair should be used at most once.

If you feel that SIDH may be appropriate for you, consult your cryptographer.

Special thanks to Craig Costello, Diego Aranha, and Deirdre Connolly for advice and discussion.