7 Hits in 6.1 sec

The Case for SIKE: A Decade of the Supersingular Isogeny Problem [article]

Craig Costello
2021 IACR Cryptology ePrint Archive  
To mark the 10-year anniversary of supersingular isogeny Diffie-Hellman, I will touch on 10 points in defense and support of the SIKE protocol, including the rise of classical hardness, the fact that quantum  ...  In the final section I present the two SIKE challenges: $55k USD is up for grabs for the solutions of mini instances that, according to the SIKE team's security analysis, provide significantly less than  ...  In terms of SIKE, however, it must be emphasised that (at present) these attacks do not give improvements to the generic collision-or claw-finding attacks for the original SSI problem.  ... 
dblp:journals/iacr/Costello21 fatcat:ydg626m5effxbjqahbpgexsxoa

The Cost to Break SIKE: A Comparative Hardware-Based Analysis with AES and SHA-3 [article]

Patrick Longa, Wen Wang, Jakub Szefer
2020 IACR Cryptology ePrint Archive  
We then extend the analysis to AES and SHA-3 in the context of the NIST post-quantum cryptography standardization process to carry out a parameter analysis based on our cost model.  ...  This analysis, together with the state-ofthe-art quantum security analysis of SIKE, indicates that the current SIKE parameters offer a wide security margin, which in turn opens up the possibility of using  ...  We also thank Sam Jaques and André Schrottenloher for answering our questions on quantum algorithms and for giving us early access to their quantum security estimation script.  ... 
dblp:journals/iacr/LongaWS20 fatcat:4denq3sax5e73g3iwqn42mmtry

Improved torsion point attacks on SIDH variants [article]

Victoria de Quehen, Péter Kutas, Chris Leonardi, Chloe Martindale, Lorenz Panny, Christophe Petit, Katherine E. Stange
2021 arXiv   pre-print
SIDH is a post-quantum key exchange algorithm based on the presumed difficulty of finding isogenies between supersingular elliptic curves.  ...  We stress that our results do not degrade the security of, or reveal any weakness in, the NIST submission SIKE.  ...  -An improved classical attack for n ≥ 5. -An improved quantum attack for n ≥ 3 (compared to the asymptotic complexity for quantum claw-finding computed in [22] ).  ... 
arXiv:2005.14681v3 fatcat:w3oplqvwufeuhlcm2n3yodetva

Improved Classical Cryptanalysis of the Computational Supersingular Isogeny Problem [article]

Craig Costello, Patrick Longa, Michael Naehrig, Joost Renes, Fernando Virdia
2019 IACR Cryptology ePrint Archive  
key encapsulation (SIKE) protocol, that culminate in an improved classical cryptanalysis of the computational supersingular isogeny (CSSI) problem.  ...  As is typical for cryptanalysis against conjectured hard problems (e. g. factoring or discrete logarithms), challenges can arise in the implementation that are not captured in the theory, making the performance  ...  Currently, the best known classical and quantum attacks on the CSSI problem are generic claw finding attacks: given two functions f : A → C and g : B → C with domains of equal size, the claw finding problem  ... 
dblp:journals/iacr/CostelloLNRV19 fatcat:wf73vqxatndfrjyuiwcb444iwi

SIKE'd Up: Fast and Secure Hardware Architectures for Supersingular Isogeny Key Encapsulation [article]

Brian Koziel, A.-Bon Ackie, Rami El Khatib, Reza Azarderakhsh, Mehran Mozaffari Kermani
2019 IACR Cryptology ePrint Archive  
At the NIST security level 5 on a Kintex UltraScale+ FPGA, we can execute the entire SIKE protocol in 15.3 ms.  ...  On top of our isogeny accelerator, we build a novel architecture for the SIKE primitive, which provides both quantum and IND-CCA security.  ...  attacks on SIDH/SIKE.  ... 
dblp:journals/iacr/KozielAKAK19 fatcat:ikywio5f6bbota5tufiugcqw5e

Low-gate Quantum Golden Collision Finding [article]

Samuel Jaques, André Schrottenloher
2020 IACR Cryptology ePrint Archive  
This generalizes meet-in-the-middle problems, and is thus applicable in many contexts, such as cryptanalysis of the NIST post-quantum candidate SIKE.  ...  This lowers the quantum security of the golden collision and meet-in-the-middle problems, including SIKE.  ...  Both authors would like to thank Steven Galbraith for helpful comments. tradeo will bring a small improvement of the numbers in Table 4 , both for quantum walks and Multi-Grover.  ... 
dblp:journals/iacr/JaquesS20 fatcat:nkuetroefvfzlana4xvb2p7egm

Collisions in Supersingular Isogeny Graphs and the SIDH-based Identification Protocol [article]

Wissam Ghantous, Federico Pintore, Mattia Veroni
2021 IACR Cryptology ePrint Archive  
We provide some theoretical results on their presence in supersingular isogeny graphs, and discuss the relevance of the obtained results for some known cryptographic applications.  ...  In this paper, we revisit the proofs that have appeared in the literature for the special soundness property of the above mentioned SIDH-based identification protocol.  ...  Currently, the best known classical and quantum attacks on the CSSI problem are generic claw-finding attacks, and both require exponential complexity [13, 28] . Our contribution.  ... 
dblp:journals/iacr/GhantousPV21 fatcat:ydsk63bfcjamrpc5ufy3c2vjuu