366 research outputs found
Isogeny-based post-quantum key exchange protocols
The goal of this project is to understand and analyze the supersingular isogeny Diffie Hellman (SIDH), a post-quantum key exchange protocol which security lies on the isogeny-finding problem between supersingular elliptic curves. In order to do so, we first introduce the reader to cryptography focusing on key agreement protocols and motivate the rise of post-quantum cryptography as a necessity with the existence of the model of quantum computation. We review some of the known attacks on the SIDH and finally study some algorithmic aspects to understand how the protocol can be implemented
Easy decision-Diffie-Hellman groups
The decision-Diffie-Hellman problem (DDH) is a central computational problem
in cryptography. It is known that the Weil and Tate pairings can be used to
solve many DDH problems on elliptic curves. Distortion maps are an important
tool for solving DDH problems using pairings and it is known that distortion
maps exist for all supersingular elliptic curves. We present an algorithm to
construct suitable distortion maps. The algorithm is efficient on the curves
usable in practice, and hence all DDH problems on these curves are easy. We
also discuss the issue of which DDH problems on ordinary curves are easy
Computing cardinalities of Q-curve reductions over finite fields
We present a specialized point-counting algorithm for a class of elliptic
curves over F\_{p^2} that includes reductions of quadratic Q-curves modulo
inert primes and, more generally, any elliptic curve over F\_{p^2} with a
low-degree isogeny to its Galois conjugate curve. These curves have interesting
cryptographic applications. Our algorithm is a variant of the
Schoof--Elkies--Atkin (SEA) algorithm, but with a new, lower-degree
endomorphism in place of Frobenius. While it has the same asymptotic asymptotic
complexity as SEA, our algorithm is much faster in practice.Comment: To appear in the proceedings of ANTS-XII. Added acknowledgement of
Drew Sutherlan
On the cost of computing isogenies between supersingular elliptic curves
The security of the Jao-De Feo Supersingular Isogeny Diffie-Hellman
(SIDH) key agreement scheme is based on the intractability of the
Computational Supersingular Isogeny (CSSI) problem --- computing
-rational isogenies of degrees and
between certain supersingular elliptic curves defined over
. The classical meet-in-the-middle attack on CSSI
has an expected running time of , but also has
storage requirements. In this paper, we demonstrate that the van
Oorschot-Wiener collision finding algorithm has a lower cost (but
higher running time) for solving CSSI, and thus should be used instead
of the meet-in-the-middle attack to assess the security of SIDH against
classical attacks. The smaller parameter brings significantly
improved performance for SIDH
Computation of Hilbert class polynomials and modular polynomials from supersingular elliptic curves
We present several new heuristic algorithms to compute class polynomials and
modular polynomials modulo a prime . For that, we revisit the idea of
working with supersingular elliptic curves. The best known algorithms to this
date are based on ordinary curves, due to the supposed inefficiency of the
supersingular case. While this was true a decade ago, it is not anymore due to
the recent advances in the study of supersingular curves. Our main ingredients
are two new heuristic algorithms to compute the -invariants of supersingular
curves having an endomorphism ring contained in some set of isomorphism class
of maximal orders
- …