12 research outputs found
Improved Low-qubit Hidden Shift Algorithms
Hidden shift problems are relevant to assess the quantum security of various
cryptographic constructs. Multiple quantum subexponential time algorithms have
been proposed. In this paper, we propose some improvements on a polynomial
quantum memory algorithm proposed by Childs, Jao and Soukharev in 2010. We use
subset-sum algorithms to significantly reduce its complexity. We also propose
new tradeoffs between quantum queries, classical time and classical memory to
solve this problem
Recommended from our members
Multiparty Non-Interactive Key Exchange and More From Isogenies on Elliptic Curves
We describe a framework for constructing an efficient non-interactive key exchange (NIKE) protocol for n parties for any n ≥ 2. Our approach is based on the problem of computing isogenies between isogenous elliptic curves, which is believed to be difficult. We do not obtain a working protocol because of a missing step that is currently an open mathematical problem. What we need to complete our protocol is an efficient algorithm that takes as input an abelian variety presented as a product of isogenous elliptic curves, and outputs an isomorphism invariant of the abelian variety.
Our framework builds a cryptographic invariant map, which is a new primitive closely related to a cryptographic multilinear map, but whose range does not necessarily have a group structure. Nevertheless, we show that a cryptographic invariant map can be used to build several cryptographic primitives, including NIKE, that were previously constructed from multilinear maps and indistinguishability obfuscation
Improved Low-qubit Hidden Shift Algorithms
Hidden shift problems are relevant to assess the quantum security of various cryptographic constructs. Multiple quantum subexponential time algorithms have been proposed. In this paper, we propose some improvements on a polynomial quantum memory algorithm proposed by Childs, Jao and Soukharev in 2010. We use subset-sum algorithms to significantly reduce its complexity. We also propose new tradeoffs between quantum queries, classical time and classical memory to solve this problem
Multiparty Non-Interactive Key Exchange and More From Isogenies on Elliptic Curves
We describe a framework for constructing an efficient non-interactive key
exchange (NIKE) protocol for n parties for any n >= 2. Our approach is based on
the problem of computing isogenies between isogenous elliptic curves, which is
believed to be difficult. We do not obtain a working protocol because of a
missing step that is currently an open mathematical problem. What we need to
complete our protocol is an efficient algorithm that takes as input an abelian
variety presented as a product of isogenous elliptic curves, and outputs an
isomorphism invariant of the abelian variety.
Our framework builds a cryptographic invariant map, which is a new primitive
closely related to a cryptographic multilinear map, but whose range does not
necessarily have a group structure. Nevertheless, we show that a cryptographic
invariant map can be used to build several cryptographic primitives, including
NIKE, that were previously constructed from multilinear maps and
indistinguishability obfuscation
Orienteering with One Endomorphism
In supersingular isogeny-based cryptography, the path-finding problem reduces
to the endomorphism ring problem. Can path-finding be reduced to knowing just
one endomorphism? It is known that a small endomorphism enables polynomial-time
path-finding and endomorphism ring computation (Love-Boneh [36]). An
endomorphism gives an explicit orientation of a supersingular elliptic curve.
In this paper, we use the volcano structure of the oriented supersingular
isogeny graph to take ascending/descending/horizontal steps on the graph and
deduce path-finding algorithms to an initial curve. Each altitude of the
volcano corresponds to a unique quadratic order, called the primitive order. We
introduce a new hard problem of computing the primitive order given an
arbitrary endomorphism on the curve, and we also provide a sub-exponential
quantum algorithm for solving it. In concurrent work (Wesolowski [54]), it was
shown that the endomorphism ring problem in the presence of one endomorphism
with known primitive order reduces to a vectorization problem, implying
path-finding algorithms. Our path-finding algorithms are more general in the
sense that we don't assume the knowledge of the primitive order associated with
the endomorphism.Comment: 40 pages, 1 figure; 3rd revision implements small corrections and
expositional improvement