Faster Algorithms for Isogeny Problems using Torsion Point Images

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Colleges, School and Institutes

Abstract

There is a recent trend in cryptography to construct protocols based on the hardness of computing isogenies between supersingular elliptic curves. Two
prominent examples are Jao-De Feo’s key exchange protocol and the resulting
encryption scheme by De Feo-Jao-Plut. One particularity of the isogeny problems underlying these protocols is that some additional information is given as input, namely the image of some torsion points with order coprime to the isogeny. This additional information was used in several active attacks against the protocols but the current best passive attacks make no use of it at all.
In this paper, we provide new algorithms that exploit the additional information
provided in isogeny protocols to speed up the resolution of the underlying problems. Our techniques lead to heuristic polynomial-time key recovery on two non-standard variants of De Feo-Jao-Plut’s protocols in plausible attack models. This shows that at least some isogeny problems are easier to solve when additional information is leaked.

Details

Original languageEnglish
Title of host publicationASIACRYPT 2017
Subtitle of host publicationProceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security
Publication statusPublished - 7 Dec 2017
Event23rd Annual International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT 2017) - Hong Kong
Duration: 3 Dec 20177 Dec 2017

Conference

Conference23rd Annual International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT 2017)
CityHong Kong
Period3/12/177/12/17