1

I'm a newbie in studying and learning how SIDH works. I have a simple doubt. So my question is in the SIKE submission present in this link (https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions), once you download and unzip the SIKE folder, you get supporting documentation, a .pdf file. In that .pdf file, Section 5.1, 5.2 (Chapter 5), in Table 5.1, they mention that SIKE503 has a quantum security level of 64 bits and SIKE 751 has a quantum security level of 96, right? The doubt that I have is SIDH or SIKE is not a block cipher, isn't it? Can we still use Grover's algorithm to get it quantum security level ? or am I missing something here. Any explanation will be highly appreciated. Thank you so much for your patience! Looking forward to some help

yyyyyyy
  • 12,261
  • 4
  • 48
  • 68
ChanBan
  • 31
  • 3

1 Answers1

5

Block cipher is a concept from symmetric cryptography. Here we're talking about public key cryptography. SIKE is a public key encryption (PKE), and a key encapsulation mechanism (KEM).

Of course Grover's algorithm applies to any public key cryptosystem, but there is not a single system where we don't know a better algorithm than Grover's. SIKE is no exception.

The quantum security of SIKE is (roughly) obtained by dividing the bit-size of the prime p by 6. For example SIKE503 has about 80 qubits of security, but NIST security categories come by large increments (64, 96, 128 qubits), the closest one being 64 qubits.

There is currently debate on whether the divide by 6 rule is too pessimistic.

Luca De Feo
  • 853
  • 6
  • 11