Faster Algorithms for Isogeny Problems Using Torsion Point Images

نویسنده

  • Christophe Petit
چکیده

There is a recent trend in cryptography to construct protocols based on the hardness of computing isogenies between supersingular elliptic curves. Two prominent examples are Jao-De Feo’s key exchange protocol and the resulting encryption scheme by De Feo-Jao-Plût. One particularity of the isogeny problems underlying these protocols is that some additional information is given as input, namely the image of some torsion points with order coprime to the isogeny. This additional information was used in several active attacks against the protocols but the current best passive attacks make no use of it at all. In this paper, we provide new algorithms that exploit the additional information provided in isogeny protocols to speed up the resolution of the underlying problems. Our techniques lead to heuristic polynomial-time key recovery on two nonstandard variants of De Feo-Jao-Plût’s protocols in plausible attack models. This shows that at least some isogeny problems are easier to solve when additional information is leaked.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Computational problems in supersingular elliptic curve isogenies

We give a brief survey of elliptic curve isogenies and the computational problems relevant for supersingular isogeny crypto. Supersingular isogeny cryptography is attracting attention due to the fact that there are no quantum attacks known against it that are significantly faster than classical attacks. However, the underlying computational problems have not been sufficiently studied by quantum...

متن کامل

Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies

We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring. Ou...

متن کامل

Descent via isogeny on elliptic curves with large rational torsion subgroups

We outline PARI programs which assist with various algorithms related to descent via isogeny on elliptic curves. We describe, in this context, variations of standard inequalities which aid the computation of members of the Tate-Shafarevich group. We apply these techniques to several examples: in one case we use descent via 9-isogeny to determine the rank of an elliptic curve; in another case we...

متن کامل

Weil Numbers Generated by Other Weil Numbers and Torsion Fields of Abelian Varieties

Using properties of the Frobenius eigenvalues, we show that, in a precise sense, “most” isomorphism classes of (principally polarized) simple abelian varieties over a finite field are characterized, up to isogeny, by the sequence of their division fields, and a similar result for “most” isogeny classes. Some global cases are also treated.

متن کامل

Isogenies and the Discrete Logarithm Problem on Jacobians of Genus 3 Hyperelliptic Curves

We describe the use of explicit isogenies to reduce Discrete Logarithm Problems (DLPs) on Jacobians of hyperelliptic genus 3 curves to Jacobians of non-hyperelliptic genus 3 curves, which are vulnerable to faster index calculus attacks. We provide algorithms which compute an isogeny with kernel isomorphic to (Z/2Z) for any hyperelliptic genus 3 curve. These algorithms provide a rational isogeny...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017