Abstract: The present-day method for setting up a secure communication channel over the internet makes use of the Diffie-Hellman key exchange protocol, which is based on exponentiation in groups. However its security breaks down if an adversary would be given access to a large universal quantum computer. It is unclear whether such a device will see the light of day in the near future, but the threat alone is enough reason to make the transition to so-called "post-quantum key exchange", which is an actively ongoing process. One attractive line of thought is to replace exponentiation in groups by other commutative group actions. Currently, the only working such proposal goes back to Couveignes and uses the CM torsor, which is an action of the class group of an imaginary quadratic ring on a certain set of elliptic curves. I will explain this idea and report on a tweak called CSIDH, which we recently developed in collaboration with Lange, Martindale, Panny and Renes and leads to a considerable speed-up, from minutes to milliseconds.
Pierre-Emmanuel Caprace (MATH)
