A Direct Key Recovery Attack on SIDH

نویسندگان

چکیده

We present an attack on SIDH utilising isogenies between polarized products of two supersingular elliptic curves. In the case arbitrary starting curve, our (discovered independently from [8]) has subexponential complexity, thus significantly reducing security and SIKE. When endomorphism ring curve is known, (here derived polynomial-time complexity assuming generalised Riemann hypothesis. Our applies to any isogeny-based cryptosystem that publishes images points under secret isogeny, for example Séta [13] B-SIDH [11]. It does not apply CSIDH [9], CSI-FiSh [3], or SQISign [14].

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Key Recovery Attack on QuiSci

QuiSci is incredible fast, faster than most other ciphers. On modern CPUs it needs only arround 1 clock cycle per byte, so it is 10 times fast than most other well-known algorithm. On the website of QuiSci [1] it is claimed that this algorithm is secure. With this paper I like to show a key recovery attack on QuiSci, exploiting the weak key setup. When you are able to guess the beginning of the...

متن کامل

A Key Recovery Attack on Edon80

Edon80 is a recent stream cipher design that has advanced to the third and last phase of the eSTREAM project. It has remained unbroken and untweaked since it was designed and submitted to eSTREAM. It is now one of the 8 nal hardware candidates. In this paper we cryptanalyze the cipher by describing a key recovery attack. The complexity of the attack is around 2 simple operations for a keystream...

متن کامل

A Key-Recovery Attack on SOBER-128

In this paper, we consider how an unknown constant within a state update function or output function a ects biases of linear approximations. This allows us to obtain information from an unknown constant within a T-function. We use this knowledge for mounting an attack against stream cipher SOBER-128 where we gain information from the key dependent secret constant using multiple linear approxima...

متن کامل

Practical Key-Recovery Attack on MANTIS5

MANTIS is a lightweight tweakable block cipher recently published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2 less than 2 chosen plaintexts (or 2 known plaintexts), and computa...

متن کامل

Generic Key Recovery Attack on Feistel Scheme

We propose new generic key recovery attacks on Feistel-type block ciphers. The proposed attack is based on the all subkeys recovery approach presented in SAC 2012, which determines all subkeys instead of the master key. This enables us to construct a key recovery attack without taking into account a key scheduling function. With our advanced techniques, we apply several key recovery attacks to ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: Lecture Notes in Computer Science

سال: 2023

ISSN: ['1611-3349', '0302-9743']

DOI: https://doi.org/10.1007/978-3-031-30589-4_16