Filters








117 Hits in 4.0 sec

Constructing elliptic curve isogenies in quantum subexponential time

Andrew Childs, David Jao, Vladimir Soukharev
2014 Journal of Mathematical Cryptology  
In this paper, we give a subexponential-time quantum algorithm for constructing isogenies, assuming the Generalized Riemann Hypothesis (but with no other assumptions).  ...  Given two elliptic curves over a finite field having the same cardinality and endomorphism ring, it is known that the curves admit an isogeny between them, but finding such an isogeny is believed to be  ...  Acknowledgments This work was supported in part by MITACS, NSERC, the Ontario Ministry of Research and Innovation, QuantumWorks, and the US ARO/DTO.  ... 
doi:10.1515/jmc-2012-0016 fatcat:fy5y7wpanvgohkidb76b26czb4

A Quantum Algorithm for Computing Isogenies between Supersingular Elliptic Curves [chapter]

Jean-François Biasse, David Jao, Anirudh Sankar
2014 Lecture Notes in Computer Science  
In this paper, we describe a quantum algorithm for computing an isogeny between any two supersingular elliptic curves defined over a given finite field.  ...  Our method is an asymptotic improvement over the previous fastest known method which had complexitỹ O(p 1/2 ) (on both classical and quantum computers).  ...  Acknowledgments The first author thanks Luca De Feo for helpful discussions on the quantum safe protocols based on isogenies between supersingular curves described in [10] .  ... 
doi:10.1007/978-3-319-13039-2_25 fatcat:maa7iu23hfat3ifpxqmlsrtdge

Computational problems in supersingular elliptic curve isogenies

Steven D. Galbraith, Frederik Vercauteren
2018 Quantum Information Processing  
We give a brief survey of elliptic curve isogenies and the computational problems relevant for supersingular isogeny crypto.  ...  The main goal of the paper is to advertise various related computational problems, and to explain the relationships between them, in a way that is accessible to experts in quantum algorithms.  ...  A subexponential-time quantum algorithm for the "ordinary curve" case was discovered by Childs, Jao and Soukharev [7] .  ... 
doi:10.1007/s11128-018-2023-6 fatcat:7zlqrtmefffapbfax5qqwzc42u

A note on the security of CSIDH [article]

Jean-François Biasse, Annamaria Iezzi, Michael J. Jacobson Jr
2018 arXiv   pre-print
This concerns ordinary curves and supersingular curves defined over F_p (the latter used in the recent CSIDH proposal).  ...  We propose an algorithm for computing an isogeny between two elliptic curves E_1,E_2 defined over a finite field such that there is an imaginary quadratic order O satisfying O≃End(E_i) for i = 1,2.  ...  In other words, given two j-invariants j 1 , j 2 ∈ F q , we wish to construct an isogeny between (any) two elliptic curves E 1 , E 2 over F q having jinvariant j 1 (respectively j 2 ).  ... 
arXiv:1806.03656v4 fatcat:uif2raxclvez3phpbpvdswrhnu

A Note on the Security of CSIDH [chapter]

Jean-François Biasse, Annamaria Iezzi, Michael J. Jacobson
2018 CSR und Social Enterprise  
This concerns ordinary curves and supersingular curves defined over Fp (the latter used in the recent CSIDH proposal).  ...  We propose an algorithm for computing an isogeny between two elliptic curves E1, E2 defined over a finite field such that there is an imaginary quadratic order O satisfying O ≃ End(Ei) for i = 1, 2.  ...  In other words, given two j-invariants j 1 , j 2 ∈ F q , we wish to construct an isogeny between (any) two elliptic curves E 1 , E 2 over F q having jinvariant j 1 (respectively j 2 ).  ... 
doi:10.1007/978-3-030-05378-9_9 dblp:conf/indocrypt/BiasseIJ18 fatcat:3blqkbsfdreuvjtba5opr5ns5i

How to not break SIDH [article]

Chloe Martindale, Lorenz Panny
2019 IACR Cryptology ePrint Archive  
Our aim is to save some time for others who are looking to assess the security of SIDH/SIKE.  ...  We include methods that fail to attack the pure isogeny problem, namely: looking at the Fpsubgraph, lifting to characteristic zero, and using Weil restrictions.  ...  The negative results presented in the paper are the result of discussions with many other researchers. We have tried to acknowledge all specific discussions in the relevant subsections.  ... 
dblp:journals/iacr/MartindaleP19 fatcat:4a6xfv463vcp7e6bdsqlcxrwvu

One-Way Functions and Malleability Oracles: Hidden Shift Attacks on Isogeny-Based Protocols [chapter]

Péter Kutas, Simon-Philipp Merz, Christophe Petit, Charlotte Weitkämper
2021 Lecture Notes in Computer Science  
curves in quantum subexponential time.  ...  Childs-Jao-Soukharev provide an algorithm that constructs such an isogeny in quantum subexponential time [7] using a reduction to the hidden shift problem.  ... 
doi:10.1007/978-3-030-77870-5_9 fatcat:brj6z5buhrcyhetb7y43xccxde

Pre- and post-quantum Diffie-Hellman from groups, actions, and isogenies [article]

Benjamin Smith
2019 arXiv   pre-print
number-theoretic structures formed by isogenies of elliptic curves.  ...  as a basic component in more complicated constructions.  ...  In the quantum world, Childs, Jao, and Soukharev have defined a subexponential quantum isogeny evaluation algorithm [36] , which in combination with Kuperberg's algorithm gives a full subexponential quantum  ... 
arXiv:1809.04803v3 fatcat:feyexp5afbdurg5rbtbp75rvgq

Pre- and Post-quantum Diffie–Hellman from Groups, Actions, and Isogenies [chapter]

Benjamin Smith
2018 Lecture Notes in Computer Science  
number-theoretic structures formed by isogenies of elliptic curves.  ...  as a basic component in more complicated constructions.  ...  In the quantum world, Childs, Jao, and Soukharev have defined a subexponential quantum isogeny evaluation algorithm [36] , which in combination with Kuperberg's algorithm gives a full subexponential quantum  ... 
doi:10.1007/978-3-030-05153-2_1 fatcat:hrtt6eon7fhnlpfkwxmzwtgd4a

A note on isogeny-based hybrid verifiable delay functions [article]

Barak Shani
2019 IACR Cryptology ePrint Archive  
We explain how to realise the proposed VDF on elliptic curves with commutative endomorphism ring, however this construction is not quantum secure.  ...  Using the idea behind the recently proposed isogeny-and paring-based verifiable delay function (VDF) by De Feo, Masson, Petit and Sanso, we construct an isogeny-based VDF without the use of pairings.  ...  Our construction can be realised over elliptic curves with commutative endomorphism ring. Unfortunately, in this case our proposed construction is quantum insecure.  ... 
dblp:journals/iacr/Shani19a fatcat:ygumxoycezdvroruzt6pmjp5dm

How to Keep Your Secrets in a Post-Quantum World

Kristin Lauter
2020 Notices of the American Mathematical Society  
In fact, mathematicians often estimate the projected security of cryptographic systems by plotting the evolution in "running time" and "space requirements" of the best-known attacks.  ...  These predictions work well, but only in the absence of major disruptions: new algorithms or technologies that drastically improve the expected running time of attacks.  ...  The best-known quantum algorithm for computing isogenies between supersingular elliptic curves runs in time O(p 1⁄4 ), ignoring log factors [BJS14] . Key exchange.  ... 
doi:10.1090/noti2004 fatcat:jq44tmpfdnb2pl6rpa5scvl3qi

A subexponential-time, polynomial quantum space algorithm for inverting the CM group action

David Jao, Jason LeGrow, Christopher Leonardi, Luis Ruiz-Lopez
2020 Journal of Mathematical Cryptology  
AbstractWe present a quantum algorithm which computes group action inverses of the complex multiplication group action on isogenous ordinary elliptic curves, using subexponential time, but only polynomial  ...  One application of this algorithm is that it can be used to find the private key from the public key in the isogeny-based CRS and CSIDH cryptosystems.  ...  This research was undertaken thanks in part to funding from the Canada First Research Excellence Fund, CryptoWorks21, Public Works and Government Services Canada, and the Royal Bank of Canada.  ... 
doi:10.1515/jmc-2015-0057 fatcat:jjectysbanfnzdnbrjcev7zwz4

Isogeny-Based Certificateless Identification Scheme

Hassan Daghigh, Ruholla Khodakaramian Gilan
2019 Algebraic structures and their applications  
In this paper, we propose a new certificateless identification scheme based on isogenies between elliptic curves that is a candidate for quantum-resistant problems.  ...  In quantum computing, there exists a subexponential quantum algorithm that breaks the isogeny problem for ordinary elliptic curves using the commutativity of the endomorphism rings of these curves.  ...  Developing a sub-exponential time quantum algorithm to break isogenies between ordinary elliptic curves by Childs et al.  ... 
doi:10.29252/asta.6.1.85 fatcat:6va6wmeg7vcnjl7taxamnfguzq

One-way functions and malleability oracles: Hidden shift attacks on isogeny-based protocols [article]

Péter Kutas, Simon-Philipp Merz, Christophe Petit, Charlotte Weitkämper
2021 IACR Cryptology ePrint Archive  
Supersingular isogeny Diffie-Hellman key exchange (SIDH) is a post-quantum protocol based on the presumed hardness of computing an isogeny between two supersingular elliptic curves given some additional  ...  This reduces the underlying hardness assumption to a hidden shift problem instance which can be solved in quantum subexponential time.  ...  This can be done in classical subexponential time or in quantum polynomial time.  ... 
dblp:journals/iacr/KutasMPW21 fatcat:vejgw7hfabgsvcvceturxw2f6m

Simple and Universal Construction for Round-Optimal Password Authenticated Key Exchange towards Quantum-Resistant

Hongfeng Zhu, Shuai Geng
2017 Journal of Information Hiding and Multimedia Signal Processing  
Based on these motivations, this paper firstly proposes a provably secure and flexible one-round PAKE scheme based on elliptic curve isogenies.  ...  However Jonathans two protocols are subjected to quantum attacks, and there are so many time-consuming arithmetics just only for achieving a smooth projective hash function in Jonathans two protocols.  ...  elliptic curve isogenies, a secure one-way quantum hash function H Q against quantum attack.  ... 
dblp:journals/jihmsp/ZhuG17 fatcat:iquq72uhqvau5p7tdwyxzop6oa
« Previous Showing results 1 — 15 out of 117 results