We present the first constant-round, tree-based, group key exchange protocol based on SIDH with logarithmic-order communication and memory complexity, where the only previous isogeny-based group key exchange, SIBD, has linear-order communication and memory complexity. We call our protocol the supersingular isogeny tree-based group key exchange (SIT). We show that our protocol satisfies post-quantum security through a reduction to the supersingular decisional Diffie–Hellman (SSDDH) problem in the security model of Manulis, Suzuki, and Ustaoglu. We also construct a peer-to-peer (sequential) version of SIT. Finally, we present a compiler that turns SIT into an authenticated group key exchange while maintaining the same complexity and security as SIT, resulting in the authenticated SIT group key exchange (A-SIT).

我们提出了第一个基于SIDH的基于树的恒定轮的，组密钥交换协议，具有对数阶通信和存储器复杂性，其中以前的唯一基于异构的组密钥交换SIBD具有线性阶通信和存储器复杂性。我们称我们的协议为基于超奇异性树的组密钥交换（SIT）。我们证明了我们的协议通过减少Manulis，Suzuki和Ustaoglu的安全模型中的超奇异决策Diffie-Hellman（SSDDH）问题来满足后量子安全性。我们还构建了SIT的对等（顺序）版本。最后，我们提出了一个编译器，该编译器将SIT转换为经过身份验证的组密钥交换，同时保持与SIT相同的复杂性和安全性，从而实现了经过身份验证的SIT组密钥交换（A-SIT）。