Hard and Easy Problems for Supersingular Isogeny Graphs

We consider the endomorphism ring computation problem for supersingular elliptic curves, constructive versions of Deuring\u27s correspondence, and the security of Charles-Goren-Lauter\u27s cryptographic hash function. We show that constructing Deuring\u27s correspondence is easy in one direction and equivalent to the endomorphism ring computation problem in the other direction. We also provide a collision attack for special but natural parameters of the hash function, and we prove that for general parameters its preimage and collision resistance are also equivalent to the endomorphism ring computation problem. Our reduction and attack techniques are of independent interest and may find further applications in both cryptanalysis and the design of new protocols

Isogeny-based post-quantum key exchange protocols

The goal of this project is to understand and analyze the supersingular isogeny Diffie Hellman (SIDH), a post-quantum key exchange protocol which security lies on the isogeny-finding problem between supersingular elliptic curves. In order to do so, we first introduce the reader to cryptography focusing on key agreement protocols and motivate the rise of post-quantum cryptography as a necessity with the existence of the model of quantum computation. We review some of the known attacks on the SIDH and finally study some algorithmic aspects to understand how the protocol can be implemented

Ramanujan graphs in cryptography

In this paper we study the security of a proposal for Post-Quantum Cryptography from both a number theoretic and cryptographic perspective. Charles-Goren-Lauter in 2006 [CGL06] proposed two hash functions based on the hardness of finding paths in Ramanujan graphs. One is based on Lubotzky-Phillips-Sarnak (LPS) graphs and the other one is based on Supersingular Isogeny Graphs. A 2008 paper by Petit-Lauter-Quisquater breaks the hash function based on LPS graphs. On the Supersingular Isogeny Graphs proposal, recent work has continued to build cryptographic applications on the hardness of finding isogenies between supersingular elliptic curves. A 2011 paper by De Feo-Jao-Pl\^{u}t proposed a cryptographic system based on Supersingular Isogeny Diffie-Hellman as well as a set of five hard problems. In this paper we show that the security of the SIDH proposal relies on the hardness of the SIG path-finding problem introduced in [CGL06]. In addition, similarities between the number theoretic ingredients in the LPS and Pizer constructions suggest that the hardness of the path-finding problem in the two graphs may be linked. By viewing both graphs from a number theoretic perspective, we identify the similarities and differences between the Pizer and LPS graphs.Comment: 33 page

Post-Quantum Cryptography from Supersingular Isogenies (Theory and Applications of Supersingular Curves and Supersingular Abelian Varieties)

This paper is based on a presentation made at RIMS conference on “Theory and Applications of Supersingular Curves and Supersingular Abelian Varieties”, so-called “Supersingular 2020”. Post-quantum cryptography is a next-generation public-key cryptosystem that resistant to cryptoanalysis by both classical and quantum computers. Isogenies between supersingular elliptic curves present one promising candidate, which is called isogeny-based cryptography. In this paper, we give an introduction to two isogeny-based key exchange protocols, SIDH [17] and CSIDH [2], which are considered as a standard in the subject so far. Moreover, we explain briefly our recent result [24] about cycles in the isogeny graphs used in some parameters of SIKE, which is a key encapsulation mechanism based on SIDH