Recent developments and research on quantum computers hint that we may not be far away to see the reality of a full-scale quantum computer. Once it is achieved, almost all the deployed public-key cryptosystems will become insecure. Post-quantum cryptography deals with cryptosystems that run on conventional computers and are secure against attacks by potential quantum computers.

Isogeny-based cryptography is a new era after the elliptic curve cryptography and considered as a key candidate of post-quantum cryptography. One promising candidate under this category is authenticated key-exchange protocol which survived after the first round of evaluation at NIST competition on post-quantum cryptography, 2017. The security of Isogeny-based cryptosystems is proven under some new assumptions which are believed to be quantum-safe. One core problem is computational supersingular isogeny (CSSI): given two supersingular isogenous curves, compute an isogeny between them, and this problem is analogous to the discrete logarithm problem (DLP).

In this lecture, we will first discuss some mathematical background of isogeny at a high level and then some cryptographic primitives based on it.