Hard and Easy Problems for Supersingular Isogeny Graphs
نویسندگان
چکیده
We consider the endomorphism ring computation problem for supersingular elliptic curves, constructive versions of Deuring’s correspondence, and the security of Charles-Goren-Lauter’s cryptographic hash function. We show that constructing Deuring’s correspondence is easy in one direction and equivalent to the endomorphism ring computation problem in the other direction. We also provide a collision attack for special but natural parameters of the hash function, and we prove that for general parameters its preimage and collision resistance are also equivalent to the endomorphism ring computation problem. Our reduction and attack techniques are of independent interest and may find further applications in both cryptanalysis and the design of new protocols.
منابع مشابه
Classical and Quantum Algorithms for Isogeny-based Cryptography
Isogeny-based cryptography using supersingular elliptic curves — most prominently, the constructions of De Feo-Jao-Plut — is one of the few practical candidates for post-quantum public key cryptography. Its formidable security claim is earned through the continual exploration of quantum algorithms for ‘isogeny problems’ and the assessment of the threat they pose to supersingular isogeny-based c...
متن کاملSignature Schemes Based On Supersingular Isogeny Problems
We present the first signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves. We give two schemes, both of them based on interactive identification protocols. The first identification protocol is due to De Feo, Jao and Plût. The second one, and the main contribution of the paper, uses novel ideas that have not been used in...
متن کاملComputational problems in supersingular elliptic curve isogenies
We give a brief survey of elliptic curve isogenies and the computational problems relevant for supersingular isogeny crypto. Supersingular isogeny cryptography is attracting attention due to the fact that there are no quantum attacks known against it that are significantly faster than classical attacks. However, the underlying computational problems have not been sufficiently studied by quantum...
متن کاملOn the Security of Supersingular Isogeny Cryptosystems
We study cryptosystems based on supersingular isogenies. This is an active area of research in post-quantum cryptography. Our first contribution is to give a very powerful active attack on the supersingular isogeny encryption scheme. This attack can only be prevented by using a (relatively expensive) countermeasure. Our second contribution is to show that the security of all schemes of this typ...
متن کاملIdentification Protocols and Signature Schemes Based on Supersingular Isogeny Problems
We present signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves. We give two schemes, both of them based on interactive identification protocols. The first identification protocol is due to De Feo, Jao and Plût. The second one, and the main contribution of the paper, makes novel use of an algorithm of Kohel, Lauter, Pet...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017