A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is `application/pdf`

.

## Filters

##
###
Constructing elliptic curve isogenies in quantum subexponential time

2014
*
Journal of Mathematical Cryptology
*

*In*this paper, we give a

*subexponential*-

*time*

*quantum*algorithm for

*constructing*

*isogenies*, assuming the Generalized Riemann Hypothesis (but with no other assumptions). ... Given two

*elliptic*

*curves*over a finite field having the same cardinality and endomorphism ring, it is known that the

*curves*admit an

*isogeny*between them, but finding such an

*isogeny*is believed to be ... Acknowledgments This work was supported

*in*part by MITACS, NSERC, the Ontario Ministry of Research and Innovation, QuantumWorks, and the US ARO/DTO. ...

##
###
A Quantum Algorithm for Computing Isogenies between Supersingular Elliptic Curves
[chapter]

2014
*
Lecture Notes in Computer Science
*

*In*this paper, we describe a

*quantum*algorithm for computing an

*isogeny*between any two supersingular

*elliptic*

*curves*defined over a given finite field. ... Our method is an asymptotic improvement over the previous fastest known method which had complexitỹ O(p 1/2 ) (on both classical and

*quantum*computers). ... Acknowledgments The first author thanks Luca De Feo for helpful discussions on the

*quantum*safe protocols based on

*isogenies*between supersingular

*curves*described

*in*[10] . ...

##
###
Computational problems in supersingular elliptic curve isogenies

2018
*
Quantum Information Processing
*

We give a brief survey of

doi:10.1007/s11128-018-2023-6
fatcat:7zlqrtmefffapbfax5qqwzc42u
*elliptic**curve**isogenies*and the computational problems relevant for supersingular*isogeny*crypto. ... The main goal of the paper is to advertise various related computational problems, and to explain the relationships between them,*in*a way that is accessible to experts*in**quantum*algorithms. ... A*subexponential*-*time**quantum*algorithm for the "ordinary*curve*" case was discovered by Childs, Jao and Soukharev [7] . ...##
###
A note on the security of CSIDH
[article]

2018
*
arXiv
*
pre-print

This concerns ordinary

arXiv:1806.03656v4
fatcat:uif2raxclvez3phpbpvdswrhnu
*curves*and supersingular*curves*defined over F_p (the latter used*in*the recent CSIDH proposal). ... We propose an algorithm for computing an*isogeny*between two*elliptic**curves*E_1,E_2 defined over a finite field such that there is an imaginary quadratic order O satisfying O≃End(E_i) for i = 1,2. ...*In*other words, given two j-invariants j 1 , j 2 ∈ F q , we wish to*construct*an*isogeny*between (any) two*elliptic**curves*E 1 , E 2 over F q having jinvariant j 1 (respectively j 2 ). ...##
###
A Note on the Security of CSIDH
[chapter]

2018
*
CSR und Social Enterprise
*

This concerns ordinary

doi:10.1007/978-3-030-05378-9_9
dblp:conf/indocrypt/BiasseIJ18
fatcat:3blqkbsfdreuvjtba5opr5ns5i
*curves*and supersingular*curves*defined over Fp (the latter used*in*the recent CSIDH proposal). ... We propose an algorithm for computing an*isogeny*between two*elliptic**curves*E1, E2 defined over a finite field such that there is an imaginary quadratic order O satisfying O ≃ End(Ei) for i = 1, 2. ...*In*other words, given two j-invariants j 1 , j 2 ∈ F q , we wish to*construct*an*isogeny*between (any) two*elliptic**curves*E 1 , E 2 over F q having jinvariant j 1 (respectively j 2 ). ...##
###
How to not break SIDH
[article]

2019
*
IACR Cryptology ePrint Archive
*

Our aim is to save some

dblp:journals/iacr/MartindaleP19
fatcat:4a6xfv463vcp7e6bdsqlcxrwvu
*time*for others who are looking to assess the security of SIDH/SIKE. ... We include methods that fail to attack the pure*isogeny*problem, namely: looking at the Fpsubgraph, lifting to characteristic zero, and using Weil restrictions. ... The negative results presented*in*the paper are the result of discussions with many other researchers. We have tried to acknowledge all specific discussions*in*the relevant subsections. ...##
###
One-Way Functions and Malleability Oracles: Hidden Shift Attacks on Isogeny-Based Protocols
[chapter]

2021
*
Lecture Notes in Computer Science
*

*curves*

*in*

*quantum*

*subexponential*

*time*. ... Childs-Jao-Soukharev provide an algorithm that

*constructs*such an

*isogeny*

*in*

*quantum*

*subexponential*

*time*[7] using a reduction to the hidden shift problem. ...

##
###
Pre- and post-quantum Diffie-Hellman from groups, actions, and isogenies
[article]

2019
*
arXiv
*
pre-print

number-theoretic structures formed by

arXiv:1809.04803v3
fatcat:feyexp5afbdurg5rbtbp75rvgq
*isogenies*of*elliptic**curves*. ... as a basic component*in*more complicated*constructions*. ...*In*the*quantum*world, Childs, Jao, and Soukharev have defined a*subexponential**quantum**isogeny*evaluation algorithm [36] , which*in*combination with Kuperberg's algorithm gives a full*subexponential**quantum*...##
###
Pre- and Post-quantum Diffie–Hellman from Groups, Actions, and Isogenies
[chapter]

2018
*
Lecture Notes in Computer Science
*

number-theoretic structures formed by

doi:10.1007/978-3-030-05153-2_1
fatcat:hrtt6eon7fhnlpfkwxmzwtgd4a
*isogenies*of*elliptic**curves*. ... as a basic component*in*more complicated*constructions*. ...*In*the*quantum*world, Childs, Jao, and Soukharev have defined a*subexponential**quantum**isogeny*evaluation algorithm [36] , which*in*combination with Kuperberg's algorithm gives a full*subexponential**quantum*...##
###
A note on isogeny-based hybrid verifiable delay functions
[article]

2019
*
IACR Cryptology ePrint Archive
*

We explain how to realise the proposed VDF on

dblp:journals/iacr/Shani19a
fatcat:ygumxoycezdvroruzt6pmjp5dm
*elliptic**curves*with commutative endomorphism ring, however this*construction*is not*quantum*secure. ... Using the idea behind the recently proposed*isogeny*-and paring-based verifiable delay function (VDF) by De Feo, Masson, Petit and Sanso, we*construct*an*isogeny*-based VDF without the use of pairings. ... Our*construction*can be realised over*elliptic**curves*with commutative endomorphism ring. Unfortunately,*in*this case our proposed*construction*is*quantum*insecure. ...##
###
How to Keep Your Secrets in a Post-Quantum World

2020
*
Notices of the American Mathematical Society
*

*In*fact, mathematicians often estimate the projected security of cryptographic systems by plotting the evolution

*in*"running

*time*" and "space requirements" of the best-known attacks. ... These predictions work well, but only

*in*the absence of major disruptions: new algorithms or technologies that drastically improve the expected running

*time*of attacks. ... The best-known

*quantum*algorithm for computing

*isogenies*between supersingular

*elliptic*

*curves*runs

*in*

*time*O(p 1⁄4 ), ignoring log factors [BJS14] . Key exchange. ...

##
###
A subexponential-time, polynomial quantum space algorithm for inverting the CM group action

2020
*
Journal of Mathematical Cryptology
*

AbstractWe present a

doi:10.1515/jmc-2015-0057
fatcat:jjectysbanfnzdnbrjcev7zwz4
*quantum*algorithm which computes group action inverses of the complex multiplication group action on isogenous ordinary*elliptic**curves*, using*subexponential**time*, but only polynomial ... One application of this algorithm is that it can be used to find the private key from the public key*in*the*isogeny*-based CRS and CSIDH cryptosystems. ... This research was undertaken thanks*in*part to funding from the Canada First Research Excellence Fund, CryptoWorks21, Public Works and Government Services Canada, and the Royal Bank of Canada. ...##
###
Isogeny-Based Certificateless Identification Scheme

2019
*
Algebraic structures and their applications
*

*In*this paper, we propose a new certificateless identification scheme based on

*isogenies*between

*elliptic*

*curves*that is a candidate for

*quantum*-resistant problems. ...

*In*

*quantum*computing, there exists a

*subexponential*

*quantum*algorithm that breaks the

*isogeny*problem for ordinary

*elliptic*

*curves*using the commutativity of the endomorphism rings of these

*curves*. ... Developing a sub-exponential

*time*

*quantum*algorithm to break

*isogenies*between ordinary

*elliptic*

*curves*by Childs et al. ...

##
###
One-way functions and malleability oracles: Hidden shift attacks on isogeny-based protocols
[article]

2021
*
IACR Cryptology ePrint Archive
*

Supersingular

dblp:journals/iacr/KutasMPW21
fatcat:vejgw7hfabgsvcvceturxw2f6m
*isogeny*Diffie-Hellman key exchange (SIDH) is a post-*quantum*protocol based on the presumed hardness of computing an*isogeny*between two supersingular*elliptic**curves*given some additional ... This reduces the underlying hardness assumption to a hidden shift problem instance which can be solved*in**quantum**subexponential**time*. ... This can be done*in*classical*subexponential**time*or*in**quantum*polynomial*time*. ...##
###
Simple and Universal Construction for Round-Optimal Password Authenticated Key Exchange towards Quantum-Resistant

2017
*
Journal of Information Hiding and Multimedia Signal Processing
*

Based on these motivations, this paper firstly proposes a provably secure and flexible one-round PAKE scheme based on

dblp:journals/jihmsp/ZhuG17
fatcat:iquq72uhqvau5p7tdwyxzop6oa
*elliptic**curve**isogenies*. ... However Jonathans two protocols are subjected to*quantum*attacks, and there are so many*time*-consuming arithmetics just only for achieving a smooth projective hash function*in*Jonathans two protocols. ...*elliptic**curve**isogenies*, a secure one-way*quantum*hash function H Q against*quantum*attack. ...
« Previous

*Showing results 1 — 15 out of 117 results*