Hash functions from superspecial genus-2 curves using Richelot isogenies

@article{Castryck2019HashFF,
  title={Hash functions from superspecial genus-2 curves using Richelot isogenies},
  author={W. Castryck and Thomas Decru and Benjamin A. Smith},
  journal={Journal of Mathematical Cryptology},
  year={2019},
  volume={14},
  pages={268 - 292}
}
Abstract In 2018 Takashima proposed a version of Charles, Goren and Lauter’s hash function using Richelot isogenies, starting from a genus-2 curve that allows for all subsequent arithmetic to be performed over a quadratic finite field 𝔽p2. In 2019 Flynn and Ti pointed out that Takashima’s hash function is insecure due to the existence of small isogeny cycles. We revisit the construction and show that it can be repaired by imposing a simple restriction, which moreover clarifies the security… Expand

Figures and Topics from this paper

Counting superspecial Richelot isogenies and its cryptographic application
TLDR
An improved isogeny path-finding algorithm in genus 2 is obtained by using $M$-small genus-2 curves for some threshold $M$. Expand
ISOGENIES OF ABELIAN VARIETIES IN CRYPTOGRAPHY
  • Y. Ti
  • Mathematics
  • Bulletin of the Australian Mathematical Society
  • 2020
Isogenies of abelian varieties have been used in cryptography to create post-quantum cryptosystems. In particular, supersingular elliptic curve isogenies have been used to construct key exchange,Expand
Automorphisms and isogeny graphs of abelian varieties, with applications to the superspecial Richelot isogeny graph
TLDR
Theoretical and experimental results on the spectral and statistical properties of (2, 2)-isogeny graphs of superspecial abelian surfaces, including stationary distributions for random walks, bounds on eigenvalues and diameters, and a proof of the connectivity of the Jacobian subgraph of the ( 2, 2) graph. Expand
Decomposed Richelot isogenies of Jacobian varieties of hyperelliptic curves and generalized Howe curves
We advance previous studies on decomposed Richelot isogenies (Katsura– Takashima (ANTS 2020) and Katsura (ArXiv 2021)) which are useful for analysing superspecial Richelot isogeny graphs inExpand
Genus 2 Supersingular Isogeny Oblivious Transfer
We present an oblivious transfer scheme that extends the proposal made by Barreto, Oliveira and Benits, based in isogenies supersingular elliptic curves, to the setting of principally polarizedExpand
The supersingular isogeny problem in genus 2 and beyond
TLDR
In the general case where A and \(A'\) are any two nodes in the graph, this algorithm presents an asymptotic improvement over all of the algorithms in the current literature. Expand
An atlas of the Richelot isogeny graph
TLDR
The local neighbourhoods of vertices and edges in the (2, 2)-isogeny graph of principally polarized abelian surfaces are described and illustrated, considering the action of automorphisms. Expand
Quantum Computing: A Taxonomy, Systematic Review and Future Directions
TLDR
A comprehensive review of quantum computing literature, and taxonomy, and a detailed overview of quantum software tools and technologies, post-quantum cryptography and quantum computer hardware development to document the current state-of-the-art in the respective areas are presented. Expand
Undeniable signatures based on isogenies of supersingular hyperelliptic curves
TLDR
A proposal for an undeniable signature scheme based in supersingular hyperelliptic curves of genus 2.0 is presented. Expand
Decomposed Richelot isogenies of Jacobian varieties of curves of genus 3
For a non-singular projective curve C of genus 3 defined over an algebraically closed field of characteristic p 6= 2, we give a necessary and sufficient condition that the Jacobian variety J(C) has aExpand
...
1
2
...

References

SHOWING 1-10 OF 52 REFERENCES
Faster Cryptographic Hash Function From Supersingular Isogeny Graphs
TLDR
A variant of the CGL hash is proposed that is significantly faster than the original algorithm, and it is proved that it is preimage and collision resistant and achieves a concrete speed-up for a 256-bit quantum preimage security level by a factor 33.5. Expand
Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies
TLDR
A new zero-knowledge identification scheme and detailed security proofs for the protocols, and a new, asymptotically faster, algorithm for key generation, a thorough study of its optimization, and new experimental data are presented. Expand
Cryptographic Hash Functions from Expander Graphs
TLDR
This work investigates two specific families of optimal expander graphs for provable collision resistant hash function constructions: the families of Ramanujan graphs constructed by Lubotzky-Phillips-Sarnak and Pizer respectively. Expand
Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies
TLDR
The main technical idea in this scheme is that the images of torsion bases under the isogeny are transmitted in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring. Expand
CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations
TLDR
A new record class group computation of an imaginary quadratic field having 154-digit discriminant, surpassing the previous record of 130 digits is reported, which is smaller than any other post-quantum signature scheme at the 128-bit security level. Expand
Counting superspecial Richelot isogenies and its cryptographic application
TLDR
An improved isogeny path-finding algorithm in genus 2 is obtained by using $M$-small genus-2 curves for some threshold $M$. Expand
Towards practical key exchange from ordinary isogeny graphs
TLDR
The ordinary isogeny-graph based cryptosystems of Couveignes and Rostovtsev-Stolbunov are revisited, and efficient key-validation techniques that yield CCA-secure encryp-tion are admitted, thus providing an important step towards efficient post-quantum non-interactive key exchange (NIKE). Expand
Genus Two Isogeny Cryptography
  • E. Flynn, Y. Ti
  • Mathematics, Computer Science
  • IACR Cryptol. ePrint Arch.
  • 2019
TLDR
The genus two isogeny Diffie–Hellman protocol achieves the same level of security as SIDH but uses a prime with a third of the bit length. Expand
Hard Homogeneous Spaces
TLDR
It is shown that the concept of HHS fits with class field theory to provide a unified theory for the already used discrete logarithm problems and the HHS is presented here. Expand
Superspecial curves of genera two and three
A superspecial curve in characteristic p is a curve whose Jacobian is a product of supersingular elliptic curves. Using Igusa's result that h p (λ) has only simple roots, one can calculate how manyExpand
...
1
2
3
4
5
...