Faster Algorithms for Isogeny Problems Using Torsion Point Images

@inproceedings{Petit2017FasterAF,
  title={Faster Algorithms for Isogeny Problems Using Torsion Point Images},
  author={Christophe Petit},
  booktitle={ASIACRYPT},
  year={2017}
}
  • C. Petit
  • Published in ASIACRYPT 3 December 2017
  • Computer Science, Mathematics
There is a recent trend in cryptography to construct protocols based on the hardness of computing isogenies between supersingular elliptic curves. Two prominent examples are Jao-De Feo’s key exchange protocol and the resulting encryption scheme by De Feo-Jao-Plut. One particularity of the isogeny problems underlying these protocols is that some additional information is given as input, namely the image of some torsion points with order coprime to the isogeny. This additional information was… 
Computational problems in supersingular elliptic curve isogenies
TLDR
An overview of supersingular isogeny cryptography and how it fits into the broad theme of post-quantum public-key crypto is presented and the relationships between them are explained in a way that is accessible to experts in quantum algorithms.
Hard and Easy Problems for Supersingular Isogeny Graphs
TLDR
This work shows that constructing Deuring’s correspondence is easy in one direction and equivalent to the endomorphism ring computation problem in the other direction, and provides a collision attack for special but natural parameters of the hash function.
SÉTA: Supersingular Encryption from Torsion Attacks
TLDR
SÉTA, a new family of public-key encryption schemes with post-quantum security based on isogenies of supersingular elliptic curves, is presented and makes use of generic transformations to obtain IND-CCA security in the quantum random oracle model, both for a PKE scheme and a KEM.
On oriented supersingular elliptic curves
  • Hiroshi Onuki
  • Mathematics, Computer Science
    Finite Fields Their Appl.
  • 2021
Identification Protocols and Signature Schemes Based on Supersingular Isogeny Problems
TLDR
Two signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves are presented, both of them based on interactive identification protocols that lead to signatures that are existentially unforgeable under chosen message attacks.
Improved Torsion-Point Attacks on SIDH Variants
TLDR
A classical attack that completely breaks the n-party group key exchange of [2] for 6 parties or more, and a quantum attack for 3 parties ormore that improves on the best known asymptotic complexity.
Torsion point attacks on "SIDH-like" cryptosystems
TLDR
Existing cryptanalysis approaches exploiting this often called “torsion point information” are surveyed, their current impact on SIKE and related algorithms are summarized, and some research directions that might lead to further impact are suggested.
Supersingular Isogeny-based Cryptography: A Survey
TLDR
This survey describes one of the most promising approaches to post-quantum cryptography: cryptosystems based on supersingular isogenies and discusses the most important protocols that have been proposed in recent years, starting with the so-called Supersingular Isogeny Diffie–Hellman.
Isogeny-based post-quantum key exchange protocols
The goal of this project is to understand and analyze the supersingular isogeny Diffie Hellman (SIDH), a post-quantum key exchange protocol which security lies on the isogeny-finding problem between
Failing to hash into supersingular isogeny graphs
TLDR
A number of failed attempts to solve the supersingular isogeny-based cryptography problem are documented in the hopes that they may spur further research, and shed light on the challenges and obstacles to this endeavour.
...
...

References

SHOWING 1-10 OF 30 REFERENCES
Signature Schemes Based On Supersingular Isogeny Problems
TLDR
The first signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves and which lead to signatures that are existentially unforgeable under chosen message attacks are presented.
Hard and Easy Problems for Supersingular Isogeny Graphs
TLDR
This work shows that constructing Deuring’s correspondence is easy in one direction and equivalent to the endomorphism ring computation problem in the other direction, and provides a collision attack for special but natural parameters of the hash function.
Identification Protocols and Signature Schemes Based on Supersingular Isogeny Problems
TLDR
Two signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves are presented, both of them based on interactive identification protocols that lead to signatures that are existentially unforgeable under chosen message attacks.
On the Security of Supersingular Isogeny Cryptosystems
TLDR
This work gives a very powerful active attack on the supersingular isogeny encryption scheme, and shows that the security of all schemes of this type depends on the difficulty of computing the endomorphism ring of asupersingular elliptic curve.
A Post-quantum Digital Signature Scheme Based on Supersingular Isogenies
TLDR
This scheme is an application of Unruh’s construction of non-interactive zero- knowledge proofs to an interactive zero-knowledge proof proposed by De Feo, Jao, and Plut.
Public-Key Cryptosystem Based on Isogenies
TLDR
The paper describes theoretical background and a publickey encryption technique, followed by security analysis and consideration of cryptosystem parameters selection, and proposes ElGamal public-key encryption and Diffie-Hellman key agreement for an isogeny Cryptosystem.
Computing isogenies between supersingular elliptic curves over F_p
TLDR
This paper gives an algorithm to construct isogenies between such supersingular elliptic curves that works faster than the usual algorithm and discusses how this results can be used to obtain an improved algorithm for the general supersingularity isogeny problem.
Efficient Algorithms for Supersingular Isogeny Diffie-Hellman
We propose a new suite of algorithms that significantly improve the performance of supersingular isogeny Diffie-Hellman SIDH key exchange. Subsequently, we present a full-fledged implementation of
Fault Attack on Supersingular Isogeny Cryptosystems
  • Y. Ti
  • Computer Science, Mathematics
    PQCrypto
  • 2017
TLDR
The first fault attack on cryptosystems based on supersingular isogenies, which aims to change the base point to a random point on the curve via a fault injection, demonstrates the need to incorporate checks in implementations of the cryptos system.
On the quaternion ℓ-isogeny path problem
TLDR
A probabilistic algorithm which, for a given left $\mathcal{O}$ -ideal, computes a representative in its left ideal class of $\ell $ -power norm, which solves the underlying problem for a quaternion analog of the Charles–Goren–Lauter hash function, and has security implications for the original CGL construction in terms of supersingular elliptic curves.
...
...