90 research outputs found
Fault attack on Supersingular Isogeny Cryptosystems
We present the first fault attack on cryptosystems based on supersingular isogenies.
During the computation of the auxiliary points, the attack aims to change the base point to a random point on the curve via a fault injection. We will show that this would reveal the secret isogeny with one successful perturbation with high probability. We will exhibit the attack by placing it against signature schemes and key-exchange protocols with validations in place.
Our paper therefore demonstrates the need to incorporate checks in implementations of the cryptosystem
Genus Two Isogeny Cryptography
We study -isogeny graphs of principally polarised supersingular abelian surfaces (PPSSAS). The -isogeny graph has cycles of small length that can be used to break the collision resistance assumption of the genus two isogeny hash function suggested by Takashima. Algorithms for computing -isogenies on the level of Jacobians and -isogenies on the level of Kummers are used to develop a genus two version of the supersingular isogeny Diffie--Hellman protocol of Jao and de~Feo. The genus two isogeny Diffie--Hellman protocol achieves the same level of security as SIDH but uses a prime with a third of the bit length
Generalising Fault Attacks to Genus Two Isogeny Cryptosystems
In this paper, we generalise the SIDH fault attack and the SIDH loop-abort fault attacks on supersingular isogeny cryptosystems (genus-1) to genus-2. Genus-2 isogeny-based cryptosystems are generalisations of its genus-1 counterpart, as such, attacks on the latter are believed to generalise to the former.
The point perturbation attack on supersingular elliptic curve isogeny cryptography has been shown to be practical. We show in this paper that this fault attack continues to be practical in genus-2, albeit with a few additional traces required. We also show that the loop-abort attack carries over to the genus-2 setting seamlessly.
This article is a minor revision of the version accepted to the workshop Fault Diagnosis and Tolerance in Cryptography 2022 (FDTC 2022)
Supersingular Non-Superspecial Abelian Surfaces in Cryptography
We consider the use of supersingular abelian surfaces in cryptography. Several generalisations of well-known cryptographic schemes and constructions based on supersingular elliptic curves to the 2-dimensional setting of superspecial abelian surfaces have been proposed. The computational assumptions in the superspecial 2-dimensional case can be reduced to the corresponding 1-dimensional problems via a product decomposition by observing that every superspecial abelian surface is non-simple and separably isogenous to a product of supersingular elliptic curves. Instead, we propose to use supersingular non-superspecial isogeny graphs where such a product decomposition does not have a computable description via separable isogenies. We study the advantages and investigate security concerns of the move to supersingular non-superspecial abelian surfaces
On the Isogeny Problem with Torsion Point Information
It has recently been rigorously proven (and was previously known under certain heuristics) that the general supersingular isogeny problem reduces to the supersingular endomorphism ring computation problem. However, in order to attack SIDH-type schemes, one requires a particular isogeny which is usually not returned by the general reduction. At Asiacrypt 2016, Galbraith, Petit, Shani and Ti presented a polynomial-time reduction of the problem of finding the secret isogeny in SIDH to the problem of computing the endomorphism ring of a supersingular elliptic curve. Their method exploits the fact that secret isogenies in SIDH are of degree approximately . The method does not extend to other SIDH-type schemes, where secret isogenies of larger degree are used and this condition is not fulfilled.
We present a more general reduction algorithm that generalises to all SIDH-type schemes. The main idea of our algorithm is to exploit available torsion point images together with the KLPT algorithm to obtain a linear system of equations over a certain residue class ring. We show that this system will have a unique solution that can be lifted to the integers if some mild conditions on the parameters are satisfied. This lift then yields the secret isogeny. One consequence of this work is that the choice of the prime in B-SIDH is tight.
Finally, we show that our reduction still applies for SIDH variations deploying recently proposed countermeasures against a series of classical polynomial time attacks against SIDH
An Adaptive Attack on 2-SIDH
We present a polynomial-time adaptive attack on the 2-SIDH protocol. The 2-SIDH protocol is a special instance of the countermeasure proposed by Azarderakhsh, Jao and Leonardi to perform isogeny-based key exchange with static keys in the presence of an adaptive attack. This countermeasure has also been recently explicitly proposed by Kayacan.
Our attack extends the adaptive attack by Galbraith, Petit, Shani and Ti (GPST) to recover a static secret key using malformed points. The extension of GPST is non-trivial and requires learning additional information. In particular, the attack needs to recover intermediate elliptic curves in the isogeny path, and points on them. We also discuss how to extend the attack to k-SIDH when k > 2 and explain that the attack complexity is exponential in k
Characterization of a New Cyclohexylamine Oxidase From Acinetobacter sp. YT-02
Cyclohexylamine (CHAM) is widely used in various industries, but it is harmful to human beings and the environment. Acinetobacter sp. YT-02 can degrade CHAM via cyclohexanone as an intermediate. In this study, the cyclohexylamine oxidase (CHAO) gene from Acinetobacter sp. YT-02 was cloned. Amino acid sequence alignment indicated that the cyclohexylamine oxidase (CHAOYT–02) was 48% identical to its homolog from Brevibacterium oxydans IH-35A (CHAOIH–35). The enzyme was expressed in Escherichia coli BL21 (DE3), and purified to apparent homogeneity by Ni-affinity chromatography. The purified enzyme was proposed to be a dimer of molecular mass of approximately 91 kDa. The enzyme exhibited its maximum activity at 50°C and at pH 7.0. The enzyme was thermolabile as demonstrated by loss of important percentage of its maximal activity after 30 min incubation at 50°C. Metal ions Mg2+, Co2+, and K+ had certain inhibitory effect on the enzyme activity. The kinetic parameters Km and Vmax were 0.25 ± 0.02 mM and 4.3 ± 0.083 μM min−1, respectively. The biochemical properties, substrate specificities, and three-dimensional structures of CHAOYT–02 and CHAOIH–35 were compared. Our results are helpful to elucidate the mechanism of microbial degradation of CHAM in the strain YT-02. In addition, CHAOYT–02, as a potential biocatalyst, is promising in controlling CHAM pollution and deracemization of chiral amines
Failing to hash into supersingular isogeny graphs
An important open problem in supersingular isogeny-based cryptography is to
produce, without a trusted authority, concrete examples of "hard supersingular
curves" that is, equations for supersingular curves for which computing the
endomorphism ring is as difficult as it is for random supersingular curves. A
related open problem is to produce a hash function to the vertices of the
supersingular -isogeny graph which does not reveal the endomorphism ring,
or a path to a curve of known endomorphism ring. Such a hash function would
open up interesting cryptographic applications. In this paper, we document a
number of (thus far) failed attempts to solve this problem, in the hope that we
may spur further research, and shed light on the challenges and obstacles to
this endeavour. The mathematical approaches contained in this article include:
(i) iterative root-finding for the supersingular polynomial; (ii) gcd's of
specialized modular polynomials; (iii) using division polynomials to create
small systems of equations; (iv) taking random walks in the isogeny graph of
abelian surfaces; and (v) using quantum random walks.Comment: 33 pages, 7 figure
Search for Quasi-Periodical Oscillations in Precursors of Short and Long Gamma Ray Bursts
The precursors of short and long Gamma Ray Bursts (SGRBs and LGRBs) can serve
as probes of their progenitors, as well as shedding light on the physical
processes of mergers or core-collapse supernovae. Some models predict the
possible existence of Quasi-Periodically Oscillations (QPO) in the precursors
of SGRBs. Although many previous studies have performed QPO search in the main
emission of SGRBs and LGRBs, so far there was no systematic QPO search in their
precursors. In this work, we perform a detailed QPO search in the precursors of
SGRBs and LGRBs detected by Fermi/GBM from 2008 to 2019 using the power density
spectrum (PDS) in frequency domain and Gaussian processes (GP) in time domain.
We do not find any convinced QPO signal with significance above 3 ,
possibly due to the low fluxes of precursors. Finally, the PDS continuum
properties of both the precursors and main emissions are also studied for the
first time, and no significant difference is found in the distributions of the
PDS slope for precursors and main emissions in both SGRBs and LGRBs.Comment: submitte
- …