The Diffie Hellman algorithm involves two parties encrypting their own secret key and exchange with each other, and the encryption of the exchanged message will be the shared secret between the two parties.
Another metric vital in cryptography is the security level, where a security level of $n$ implies that an average of $2^n$ operations are required to decrypt an encryption using the most efficient known decryption algorithm. As a rule of thumb, any cryptography algorithm with at least 128 bits of security level is considered secure. (There is a fun avtivity below, where you can enter a number and it will show the number of digits it has).
The security level you entered has {{securityLevel/3.32192809489 + 0.5| number:0}} digits!
There have been several papers that is based on the work of SIDH, including the key compression in isogeny and the newly minted CSIDH (it is not clear what does 'C' stand for, but it is conjectured that it means 'Commutative'). We also started looking into various signature schemes, which involves protocols like hashing (using the theory of random oracle), Fiat Shamir and Unruh transformations.
The commutativity of the CSIDH scheme is based on the fact that the endomorphism ring of ordinary elliptic curve is an order of the quadratic field. It therefore uses the theory of class group extensively (since the elliptic curve and its isogeny are modelled in terms of class group action). This necessitates the need of studying class group of imaginary quadratic fields. It is interesting to note the bijection between a class group and a reduced binary quadratic form of the same discriminant $D$ (to be precise, it is the bijection between $ax^2+bxy+cy^2$ and $(a, \frac{-b+\sqrt{D}}{2})$), with $D$ being negative.
It is difficult to imagine, but in understanding the endomorphism ring structure of a supersingular curve we landed on an abstract algebra object where multiplication is non commutative. It consists of vectors $1, i, j, k$ over a field $\mathbb{F}$, and two element $a, b$ in $\mathbb{F}$ with multiplication defined as $i^2=a, j^2=b$ and $ij=-ji=k$ (anticommutative). Below are the related things I have studied:
This works for all primes in the form $4k+1$ and this prime number multiplied by any power of two (e.g. 1, 2, 4, 5, 8, 10, 13, 16, 17, etc). I followed the algorithm given in Wikipedia for my implementation in Sage (there are other examples of numbers that can be written as sum of two squares, but these set of numbers make it computaitonally practical to actually determine the sum of two squares).
Finding an element of suitable norm involves solving equation like $a^2+b^2+p(c^2+d^2)=N$, which reduces to randomly finding $c, d$ such that $N-p(c^2+d^2)$ is in the desirable form for the sum-of-two-squares algorithm.
Although it is straightforward to multiply a point on the elliptic curve by an integer, this is not true in the case of multiplication of points with elements in quaternion algebra. To visualize what the multiplication of $i$ and $j$ actually means (and using the fact that $ij=k$ for multiplication by $k$), we need to first realize that $i^2=-1$ and $j^2=-p$. This necessitates the finding of endomorphisms $\phi$ and $\pi$ such that $\phi^2=-1$ and $\pi^2=-p$. It is well-known that we can take $\pi$ as the Frobenius endomorphism; the case for $\phi$ is less obvious. Luckily, we start at a curve $y^2=x^3+x$ where it is straightforward that we can let $\phi$ to map $(x, y)$ to $(-x, iy)$.