A quantum computer exploits quantum-mechanical effects such as superposition to solve hard mathematical problems that are intractable on classical computers. The most prominent example is Shor’s algorithm that renders all widely deployed cryptographic systems such as included in TLS totally insecure, and thus also all digital services that crucially rely on them.
Post-quantum cryptography deals with the design and analysis of cryptographic algorithms that remain secure against attacks not only by classical computers, but also by quantum computers. The threat of quantum computers is a very real and pressing issue as evidenced by the ongoing NIST standardization effort for post-quantum cryptographic algorithms. Since the classical hard mathematical problems, i.e. factoring and discrete logarithm problem, can be broken by Shor's algorithm, we need to find new hard mathematical problems that can be used as the basis of post-quantum cryptosystems. The current state of the art in post-quantum cryptography is well illustrated by the submissions to the NIST competition, which can be divided up into 6 categories depending on the type of hard problem (in a broad sense) they rely on: lattices, multivariate polynomials, hash trees, codes, multi-party-computation in the head and finally, isogenies between elliptic curves. Isogenies are maps between elliptic curves, and hard problems related to the computation of such maps, have recently been proposed as a candidate for post-quantum cryptography.
What the NIST standardization effort shows is that there are very few hard mathematical problems that remain hard in the presence of quantum computers, and at the same time are sufficiently versatile to be used in cryptographic algorithms. Furthermore, some of these hard problems are very much limited in the functionality they offer: hash trees and multivariate polynomials are only useful for signature schemes, whereas codes are mainly used for encryption. The ISOCRYPT project focuses solely on isogeny-based cryptography, the most recent and thus fairly immature approach to post-quantum cryptography. This is evidenced by the fact that only one isogeny based key encapsulation mechanism (SIKE) was submitted to NIST and that it was selected as one of the 8 alternate candidates (not a finalist) where NIST stated that: ''Further research in isogeny-based cryptography is encouraged."
Despite its immature nature, isogeny-based cryptography looks extremely promising: it typically results in more compact cryptosystems and is sufficiently versatile to allow for a multitude of cryptographic applications, unlike the hash-, code- and multivariate polynomial-based approach mentioned above, which have rather limited applications. As such, isogeny-based cryptography has the potential to become the only fully fledged alternative to lattice-based cryptography, due to its versatility and compact key / ciphertext sizes, but most importantly, it relies on a totally different hard mathematical problem, thereby providing much needed diversity. However, to inspire confidence a lot more research is required on the purported security, its efficiency and especially post-quantum secure applications. The goal of the ISOCRYPT project is to develop the full potential of isogeny-based cryptography and to provide a comprehensive toolbox to enable real world deployment of isogeny-based cryptography, including security analysis, efficient and secure implementation and a suite of quantum-safe applications. To achieve this goal, a number of key research challenges need to be solved: determining the exact security of isogeny-based systems, providing efficient and secure implementations and building a suite isogeny-based post-quantum secure applications. Our approach to solving these challenges relies on a deep exploration of the mathematical properties of isogenies, guided by the functionalities needed to build practical applications.