Compact Isogeny PQC can replace HD wallets, key-tweaking, silent payments

The exploration into the realm of post-quantum cryptography has introduced isogeny-based cryptographic methods as a compact and promising alternative to lattice-based schemes. These methods, which involve mapping points between different elliptic curves or on the same curve via functions known as isogenies and endomorphisms, respectively, offer a more space-efficient solution for key and signature sizes, typically requiring less than 300 bytes. This makes them particularly attractive compared to lattice crypto schemes that necessitate several kilobytes for keys and signatures. The research and development in this area have been aimed at making isogeny crypto accessible to bitcoin engineers familiar with classical Elliptic Curve Cryptography (ECC).

Isogenies are defined as functions facilitating the mapping between points on different elliptic curves, while endomorphisms refer to isogenies that map points within the same curve, akin to scalar multiplication. The problem of finding an isogeny between two given elliptic curves, known as the supersingular isogeny path problem (SIPP), alongside the challenge of determining the endomorphism ring of a curve without explicit knowledge of it, termed the endomorphism ring problem (ERP), are both recognized as difficult problems within cryptography. Interestingly, some supersingular elliptic curves exhibit well-known endomorphism rings, providing a foundation for cryptographic applications.

The equivalence of SIPP to ERP underpins the computational feasibility of deriving isogenies between elliptic curves if their endomorphism rings are known. This principle facilitates the generation of secret isogenies and the computation of corresponding endomorphism rings, forming the basis of secure cryptographic keys. Furthermore, the method enables efficient computation of new isogenies and endomorphism rings from given ones, offering potential defenses against quantum-enabled attackers.

The practical applications of isogeny crypto extend to signature schemes, unhardened BIP32 key derivation, silent payments, and taproot-style key tweaking, among others. Despite these advancements, the development of multisignature isogeny schemes that can rival existing methods in terms of compactness remains an open challenge. The ongoing research and dialogue in this field aim to engage more bitcoin developers in contributing to the evolution of isogeny-based cryptography, drawing from the collective expertise in classical ECC multisignature schemes. For a deeper understanding, readers are encouraged to explore the detailed discussions available at DelvingBitcoin.org and Conduition.io.