MAINO, Luciano; MARTINDALE, Chloe; PANNY, Lorenz; POPE, Giacomo; WESOLOWSKI, Benjamin

doi:10.1007/978-3-031-30589-4_16

Metadatos

Mostrar el registro completo del ítem

Licencia de uso del documento

MAINO, Luciano
University of Bristol [Bristol]

MARTINDALE, Chloe
University of Bristol [Bristol]

PANNY, Lorenz
Academia Sinica

Idioma

Communication dans un congrès

Este ítem está publicado en

Advances in Cryptology – EUROCRYPT 2023, 2023, Lyon. 2023-04-16, vol. 14008, p. 448-471

Springer Nature Switzerland

Resumen en inglés

We present an attack on SIDH utilising isogenies between polarized products of two supersingular elliptic curves. In the case of arbitrary starting curve, our attack (discovered independently from [8]) has subexponential complexity, thus significantly reducing the security of SIDH and SIKE. When the endomorphism ring of the starting curve is known, our attack (here derived from [8]) has polynomial-time complexity assuming the generalised Riemann hypothesis. Our attack applies to any isogeny-based cryptosystem that publishes the images of points under the secret isogeny, for example Séta and B-SIDH. It does not apply to CSIDH, CSI-FiSh, or SQISign.< Leer menos

Palabras clave en inglés

SIDH

Elliptic curve

Isogeny

Cryptanalysis

URI

https://oskar-bordeaux.fr/handle/20.500.12278/190633

DOI

http://dx.doi.org/10.1007/978-3-031-30589-4_16

Proyecto ANR

Méthodes pour les variétés abéliennes de petite dimension - ANR-20-CE40-0013
Post-quantum padlock for web browser - ANR-22-PETQ-0008

Orígen

Importado de Hal

Centros de investigación

Institut de Mathématiques de Bordeaux (IMB) - UMR 5251