Afficher la notice abrégée

Supersingular Curves You Can Trust

hal.structure.identifierUniversity of Birmingham [Birmingham]
hal.structure.identifierUniversity of Bristol [Bristol]
dc.contributor.authorBASSO, Andrea
hal.structure.identifierDipartimento di Matematica [Bologna]
dc.contributor.authorCODOGNI, Giulio
dc.contributor.authorCONNOLLY, Deirdre
hal.structure.identifierIBM Research [Zurich]
dc.contributor.authorDE FEO, Luca
hal.structure.identifierEcole Polytechnique Fédérale de Lausanne [EPFL]
dc.contributor.authorFOUOTSA, Tako
hal.structure.identifierDipartimento di Matematica [Bologna]
dc.contributor.authorLIDO, Guido
hal.structure.identifierVirginia Tech [Blacksburg]
dc.contributor.authorMORRISON, Travis
hal.structure.identifierAcademia Sinica
dc.contributor.authorPANNY, Lorenz
hal.structure.identifierIBM India Research Lab.
dc.contributor.authorPATRANABIS, Sikhar
hal.structure.identifierCentre National de la Recherche Scientifique [CNRS]
hal.structure.identifierUnité de Mathématiques Pures et Appliquées [UMPA-ENSL]
hal.structure.identifierLithe and fast algorithmic number theory [LFANT]
hal.structure.identifierAnalyse cryptographique et arithmétique [CANARI]
dc.contributor.authorWESOLOWSKI, Benjamin
dc.date.accessioned2024-04-04T02:34:43Z
dc.date.available2024-04-04T02:34:43Z
dc.date.conference2023-04-23
dc.identifier.urihttps://oskar-bordeaux.fr/handle/20.500.12278/190573
dc.description.abstractEnGenerating a supersingular elliptic curve such that nobody knows its endomorphism ring is a notoriously hard task, despite several isogeny-based protocols relying on such an object. A trusted setup is often proposed as a workaround, but several aspects remain unclear. In this work, we develop the tools necessary to practically run such a distributed trusted-setup ceremony. Our key contribution is the first statistically zero-knowledge proof of isogeny knowledge that is compatible with any base field. To prove statistical ZK, we introduce isogeny graphs with Borel level structure and prove they have the Ramanujan property. Then, we analyze the security of a distributed trusted-setup protocol based on our ZK proof in the simplified universal composability framework. Lastly, we develop an optimized implementation of the ZK proof, and we propose a strategy to concretely deploy the trusted-setup protocol.
dc.description.sponsorshipMéthodes pour les variétés abéliennes de petite dimension - ANR-20-CE40-0013
dc.description.sponsorshipPost-quantum padlock for web browser - ANR-22-PETQ-0008
dc.language.isoen
dc.rights.urihttp://creativecommons.org/licenses/by/
dc.subject.enIsogenies
dc.subject.enRamanujan Graphs
dc.subject.enZero-knowledge Proofs
dc.subject.enTrusted Setup
dc.title.enSupersingular Curves You Can Trust
dc.typeCommunication dans un congrès
dc.subject.halInformatique [cs]/Cryptographie et sécurité [cs.CR]
bordeaux.hal.laboratoriesInstitut de Mathématiques de Bordeaux (IMB) - UMR 5251*
bordeaux.institutionUniversité de Bordeaux
bordeaux.institutionBordeaux INP
bordeaux.institutionCNRS
bordeaux.conference.titleEurocrypt 2023
bordeaux.countryFR
bordeaux.conference.cityLyon
bordeaux.peerReviewedoui
hal.identifierhal-04052486
hal.version1
hal.invitednon
hal.proceedingsoui
hal.conference.end2023-04-27
hal.popularnon
hal.audienceInternationale
hal.origin.linkhttps://hal.archives-ouvertes.fr//hal-04052486v1
bordeaux.COinSctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.au=BASSO,%20Andrea&CODOGNI,%20Giulio&CONNOLLY,%20Deirdre&DE%20FEO,%20Luca&FOUOTSA,%20Tako&rft.genre=unknown


Fichier(s) constituant ce document

FichiersTailleFormatVue

Il n'y a pas de fichiers associés à ce document.

Ce document figure dans la(les) collection(s) suivante(s)

Afficher la notice abrégée