A Direct Key Recovery Attack on SIDH
نویسندگان
چکیده
We present an attack on SIDH utilising isogenies between polarized products of two supersingular elliptic curves. In the case arbitrary starting curve, our (discovered independently from [8]) has subexponential complexity, thus significantly reducing security and SIKE. When endomorphism ring curve is known, (here derived polynomial-time complexity assuming generalised Riemann hypothesis. Our applies to any isogeny-based cryptosystem that publishes images points under secret isogeny, for example Séta [13] B-SIDH [11]. It does not apply CSIDH [9], CSI-FiSh [3], or SQISign [14].
منابع مشابه
Key Recovery Attack on QuiSci
QuiSci is incredible fast, faster than most other ciphers. On modern CPUs it needs only arround 1 clock cycle per byte, so it is 10 times fast than most other well-known algorithm. On the website of QuiSci [1] it is claimed that this algorithm is secure. With this paper I like to show a key recovery attack on QuiSci, exploiting the weak key setup. When you are able to guess the beginning of the...
متن کاملA Key Recovery Attack on Edon80
Edon80 is a recent stream cipher design that has advanced to the third and last phase of the eSTREAM project. It has remained unbroken and untweaked since it was designed and submitted to eSTREAM. It is now one of the 8 nal hardware candidates. In this paper we cryptanalyze the cipher by describing a key recovery attack. The complexity of the attack is around 2 simple operations for a keystream...
متن کاملA Key-Recovery Attack on SOBER-128
In this paper, we consider how an unknown constant within a state update function or output function a ects biases of linear approximations. This allows us to obtain information from an unknown constant within a T-function. We use this knowledge for mounting an attack against stream cipher SOBER-128 where we gain information from the key dependent secret constant using multiple linear approxima...
متن کاملPractical Key-Recovery Attack on MANTIS5
MANTIS is a lightweight tweakable block cipher recently published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2 less than 2 chosen plaintexts (or 2 known plaintexts), and computa...
متن کاملGeneric Key Recovery Attack on Feistel Scheme
We propose new generic key recovery attacks on Feistel-type block ciphers. The proposed attack is based on the all subkeys recovery approach presented in SAC 2012, which determines all subkeys instead of the master key. This enables us to construct a key recovery attack without taking into account a key scheduling function. With our advanced techniques, we apply several key recovery attacks to ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2023
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-031-30589-4_16