Fast Strategies for the Implementation of SIKE Round 3 on ARM Cortex-M4

The Supersingular Isogeny Key Encapsulation mechanism (SIKE) is the only post-quantum key encapsulation protocol based on elliptic curves and isogeny maps between them. Despite the quantum security of the protocol, SIKE requires a greater number of clock cycles and hence does not provide competitive timing and energy consumption results. However, it is more attractive offering the smallest public key as well as ciphertext sizes, which considering the impact of the communication costs and storage of the keys could become a good fit for resource-constrained devices. In this work, we present the fastest practical implementation of SIKE, targeting the platform Cortex-M4 based on the ARMv7-M architecture. We performed our measurements on the STM32F407VG microcontroller for benchmarking the clock cycles and on Nucleo-F411RE attached to X-NUCLEO-LPM01A (Power Shield) for measuring the energy consumption of the protocol. The low-level finite field arithmetic operations play main role in determining the efficiency of SIKE. Therefore, we mainly focus on their optimization and apply them to all NIST-required security levels. Our SIKEp434 implementation for NIST security level 1 is about 22.97% faster than the counterparts appeared in Seo et al. (2020), where for the SIKEp503, SIKEp610 and SIKEp751 the speedup reaches 21.10%, 19.21% and 19.08%. Finally, we benchmark energy consumption and report optimization of up to 11.9% depending on the NIST security level implementation.