Afficher la notice abrégée

dc.contributor.authorFEO, Luca De
dc.contributor.authorFOUOTSA, Tako Boris
hal.structure.identifierEötvös Loránd University [ELTE]
hal.structure.identifierUniversity of Birmingham [Birmingham]
dc.contributor.authorKUTAS, Péter
hal.structure.identifierDGA
hal.structure.identifierInstitut de Recherche Mathématique de Rennes [IRMAR]
dc.contributor.authorLEROUX, Antonin
hal.structure.identifierRoyal Holloway [University of London] [RHUL]
dc.contributor.authorMERZ, Simon-Philipp
hal.structure.identifierAcademia Sinica
dc.contributor.authorPANNY, Lorenz
hal.structure.identifierLithe and fast algorithmic number theory [LFANT]
hal.structure.identifierUnité de Mathématiques Pures et Appliquées [UMPA-ENSL]
hal.structure.identifierCentre National de la Recherche Scientifique [CNRS]
hal.structure.identifierAnalyse cryptographique et arithmétique [CANARI]
dc.contributor.authorWESOLOWSKI, Benjamin
dc.date.accessioned2024-04-04T02:34:41Z
dc.date.available2024-04-04T02:34:41Z
dc.date.issued2023-05-02
dc.date.conference2023-05-07
dc.identifier.urihttps://oskar-bordeaux.fr/handle/20.500.12278/190571
dc.description.abstractEnWe present SCALLOP: SCALable isogeny action based on Oriented supersingular curves with Prime conductor, a new group action based on isogenies of supersingular curves. Similarly to CSIDH and OSIDH, we use the group action of an imaginary quadratic order’s class group on the set of oriented supersingular curves. Compared to CSIDH, the main benefit of our construction is that it is easy to compute the class-group structure; this data is required to uniquely represent—and efficiently act by — arbitrary group elements, which is a requirement in, e.g., the CSI-FiSh signature scheme by Beullens, Kleinjung and Vercauteren. The index-calculus algorithm used in CSI-FiSh to compute the class-group structure has complexity L(1/2), ruling out class groups much larger than CSIDH-512, a limitation that is particularly problematic in light of the ongoing debate regarding the quantum security of cryptographic group actions.Hoping to solve this issue, we consider the class group of a quadratic order of large prime conductor inside an imaginary quadratic field of small discriminant. This family of quadratic orders lets us easily determine the size of the class group, and, by carefully choosing the conductor, even exercise significant control on it—in particular supporting highly smooth choices. Although evaluating the resulting group action still has subexponential asymptotic complexity, a careful choice of parameters leads to a practical speedup that we demonstrate in practice for a security level equivalent to CSIDH-1024, a parameter currently firmly out of reach of index-calculus-based methods. However, our implementation takes 35 seconds (resp. 12.5 minutes) for a single group-action evaluation at a CSIDH-512-equivalent (resp. CSIDH-1024-equivalent) security level, showing that, while feasible, the SCALLOP group action does not achieve realistically usable performance yet.
dc.description.sponsorshipMéthodes pour les variétés abéliennes de petite dimension - ANR-20-CE40-0013
dc.description.sponsorshipPost-quantum padlock for web browser - ANR-22-PETQ-0008
dc.description.sponsorshipCentre de Mathématiques Henri Lebesgue : fondements, interactions, applications et Formation - ANR-11-LABX-0020
dc.language.isoen
dc.publisherSpringer Nature Switzerland
dc.publisher.locationCham
dc.rights.urihttp://creativecommons.org/licenses/by/
dc.title.enSCALLOP: scaling the CSI-FiSh
dc.typeCommunication dans un congrès
dc.identifier.doi10.1007/978-3-031-31368-4_13
dc.subject.halInformatique [cs]/Cryptographie et sécurité [cs.CR]
bordeaux.page345-375
bordeaux.volume13940
bordeaux.hal.laboratoriesInstitut de Mathématiques de Bordeaux (IMB) - UMR 5251*
bordeaux.institutionUniversité de Bordeaux
bordeaux.institutionBordeaux INP
bordeaux.institutionCNRS
bordeaux.conference.titlePKC 2023
bordeaux.countryUS
bordeaux.conference.cityAtlanta
bordeaux.peerReviewedoui
hal.identifierhal-04052532
hal.version1
hal.invitednon
hal.proceedingsoui
hal.conference.end2023-05-10
hal.popularnon
hal.audienceInternationale
hal.origin.linkhttps://hal.archives-ouvertes.fr//hal-04052532v1
bordeaux.COinSctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.date=2023-05-02&rft.volume=13940&rft.spage=345-375&rft.epage=345-375&rft.au=FEO,%20Luca%20De&FOUOTSA,%20Tako%20Boris&KUTAS,%20P%C3%A9ter&LEROUX,%20Antonin&MERZ,%20Simon-Philipp&rft.genre=unknown


Fichier(s) constituant ce document

FichiersTailleFormatVue

Il n'y a pas de fichiers associés à ce document.

Ce document figure dans la(les) collection(s) suivante(s)

Afficher la notice abrégée