4 Hits in 1.1 sec

The Dark SIDH of Isogenies [article]

Paul Bottinelli, Victoria de Quehen, Chris Leonardi, Anton Mosunov, Filip Pawlega, Milap Sheth
2019 IACR Cryptology ePrint Archive  
Many isogeny-based cryptosystems are believed to rely on the hardness of the Supersingular Decision Diffie-Hellman (SSDDH) problem. However, most cryptanalytic efforts have treated the hardness of this problem as being equivalent to the more generic supersingular e -isogeny problem -an established hard problem in number theory. In this work, we shine some light on the possibility that the combination of two additional pieces of information given in practical SSDDH instancesthe image of the
more » ... on subgroup, and the starting curve's endomorphism ring -can lead to better attacks cryptosystems relying on this assumption. We show that SIKE/SIDH are secure against our techniques. However, in certain settings, e.g., multi-party protocols, our results may suggest a larger gap between the security of these cryptosystems and the e -isogeny problem. Our analysis relies on the ability to find many endomorphisms on the base curve that have special properties. To the best of our knowledge, this class of endomorphisms has never been studied in the literature. We informally discuss the parameter sets where these endomorphisms should exist. We also present an algorithm which may provide information about additional torsion points under the party's private isogeny, which is of independent interest. Finally, we present a minor variation of the SIKE protocol that avoids exposing a known endomorphism ring.
dblp:journals/iacr/BottinelliQLMPS19 fatcat:2hp25ajavrgsjjiemlouailuya

Revisiting TESLA in the Quantum Random Oracle Model [chapter]

Erdem Alkim, Nina Bindel, Johannes Buchmann, Özgür Dagdelen, Edward Eaton, Gus Gutoski, Juliane Krämer, Filip Pawlega
2017 Lecture Notes in Computer Science  
We study a scheme of Bai and Galbraith (CT-RSA'14), also known as TESLA. TESLA was thought to have a tight security reduction from the learning with errors problem (LWE) in the random oracle model (ROM). Moreover, a variant using chameleon hash functions was lifted to the quantum random oracle model (QROM). However, both reductions were later found to be flawed and hence it remained unresolved until now whether TESLA can be proven to be tightly secure in the (Q)ROM. In the present paper we
more » ... de an entirely new, tight security reduction for TESLA from LWE in the QROM (and thus in the ROM). Our security reduction involves the adaptive re-programming of a quantum oracle. Furthermore, we propose parameter sets targeting 128 bits of security against both classical and quantum adversaries and compare TESLA's performance with state-of-the-art signature schemes.
doi:10.1007/978-3-319-59879-6_9 fatcat:qd3gs6qknban5jbkq2fq45fz6i

Improved torsion point attacks on SIDH variants [article]

Victoria de Quehen, Péter Kutas, Chris Leonardi, Chloe Martindale, Lorenz Panny, Christophe Petit, Katherine E. Stange
2021 arXiv   pre-print
We would also like to thank Filip Pawlega and the anonymous reviewers for their careful reading and helpful feedback.  ... 
arXiv:2005.14681v3 fatcat:w3oplqvwufeuhlcm2n3yodetva

Politics of sexuality in neoliberal(ized) times and spaces: LGBT movements and reparative therapy in contemporary Poland

Magdalena Mikulak, Ania Plomien
recommendations from the Council of Europe to promote tolerance and to promulgate legislation banning discrimination based on sexual orientation, the Polish government has not taken any such steps (Pawlęga  ...  of equality parades: . no one was naked, no one was in feathers, nobody flashed their boobs, nor asses and I was in shock (Focus group interview with Monika, Justyna, Kasia, Mariusz, Ewelina and Filip  ... 
doi:10.21953/lse.6pv8ey9vxc10 fatcat:2d2o2pfhufdijbgljl56c6zgdm