While reading the SIDH key exchange protocol, I noticed that all the isogeny computations and curves are defined over the extended prime field $\mathbb{F}_{p^2}$. Does it make the problem computationally hard for the attacker or what is the reasoning?
Asked
Active
Viewed 175 times
1 Answers
5
I am an inventor of SIDH. The computations take place in $\operatorname{GF}(p^2)$ just because all supersingular elliptic curves are defined over $\operatorname{GF}(p^2)$, up to isomorphism. It's just the way the mathematics works out. For general mathematical background, see any standard reference, such as Silverman "The Arithmetic of Elliptic Curves."
