Another look at some isogeny hardness assumptions
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
Authors
Colleges, School and Institutes
External organisations
- Royal Holloway, University of London
- University of Oxford
Abstract
The security proofs for isogeny-based undeniable signature schemes have been based primarily on the assumptions that the One-Sided Modified SSCDH problem and the One-More SSCDH problem are intractable. We challenge the validity of these assumptions, showing that both the decisional and computational variants of these problems can be solved in polynomial time. We further demonstrate an attack, applicable to two undeniable signature schemes, one of which was proposed at PQCrypto 2014. The attack allows to forge signatures in 24λ/5 steps on a classical computer. This is an improvement over the expected classical security of 2λ , where λ denotes the chosen security parameter.
Details
Original language | English |
---|---|
Title of host publication | Topics in Cryptology – CT-RSA 2020 |
Subtitle of host publication | The Cryptographers’ Track at the RSA Conference 2020 |
Editors | Stanislaw Jarecki |
Publication status | E-pub ahead of print - 14 Feb 2020 |
Event | The Cryptographer's Track at the RSA Conference (CT-RSA 2020) - San Francisco, United States Duration: 24 Feb 2020 → 28 Feb 2020 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 12006 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | The Cryptographer's Track at the RSA Conference (CT-RSA 2020) |
---|---|
Country | United States |
City | San Francisco |
Period | 24/02/20 → 28/02/20 |
Keywords
- elliptic curves, isogenies, undeniable signatures