Isogeny Problems with Level Structure

Tako Boris Fouotsa
2024
Conference paper

Given two elliptic curves and the degree of an isogeny between them, finding the isogeny is believed to be a difficult problem—upon which rests the security of nearly any isogeny-based scheme. If, however, to the data above we add information about the behavior of the isogeny on a large enough subgroup, the problem can become easy, as recent cryptanalyses on SIDH have shown. Between the restriction of the isogeny to a full N-torsion subgroup and no “torsion information” at all lies a spectrum of interesting intermediate problems, raising the question of how easy or hard each of them is. Here we explore modular isogeny problems where the torsion information is masked by the action of a group of 2x2 matrices. We give reductions between these problems, classify them by their difficulty, and link them to security assumptions found in the literature.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Tako Boris Fouotsa
2024
Conference paper

Abstract

Official source

https://infoscience.epfl.ch/record/311817?ln=en

About this result

Related concepts (33)

Related publications (40)

Related MOOCs (9)

Exploring SIDH-Based Signature Parameters

Tako Boris Fouotsa, Laurane Chloé Angélina Marco, Andrea Basso

Isogeny-based cryptography is an instance of post-quantum cryptography whose fundamental problem consists of finding an isogeny between two (isogenous) elliptic curves E and E′. This problem is closely related to that of computing the endomorphism ring of ...

Springer2024

Some Mordell-Weil lattices and applications to sphere packings

Gauthier Leterrier

We provide new explicit examples of lattice sphere packings in dimensions 54, 55, 162, 163, 486 and 487 that are the densest known so far, using Kummer families of elliptic curves over global function fields.In some cases, these families of elliptic curves ...

EPFL2024

New SIDH Countermeasures for a More Efficient Key Exchange

Tako Boris Fouotsa, Andrea Basso

The Supersingular Isogeny Diffie-Hellman (SIDH) protocol has been the main and most efficient isogeny-based encryption protocol, until a series of breakthroughs led to a polynomial-time key-recovery attack. While some countermeasures have been proposed, th ...

Springer2023

Algebra (part 1)

Un MOOC francophone d'algèbre linéaire accessible à tous, enseigné de manière rigoureuse et ne nécessitant aucun prérequis.

Algebra (part 1)

Un MOOC francophone d'algèbre linéaire accessible à tous, enseigné de manière rigoureuse et ne nécessitant aucun prérequis.

Algebra (part 2)

Un MOOC francophone d'algèbre linéaire accessible à tous, enseigné de manière rigoureuse et ne nécessitant aucun prérequis.

Dual abelian variety

In mathematics, a dual abelian variety can be defined from an abelian variety A, defined over a field K. To an abelian variety A over a field k, one associates a dual abelian variety Av (over the same field), which is the solution to the following moduli problem. A family of degree 0 line bundles parametrized by a k-variety T is defined to be a line bundle L on A×T such that for all , the restriction of L to A×{t} is a degree 0 line bundle, the restriction of L to {0}×T is a trivial line bundle (here 0 is the identity of A).

Elliptic curve

In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point O. An elliptic curve is defined over a field K and describes points in K^2, the Cartesian product of K with itself. If the field's characteristic is different from 2 and 3, then the curve can be described as a plane algebraic curve which consists of solutions (x, y) for: for some coefficients a and b in K. The curve is required to be non-singular, which means that the curve has no cusps or self-intersections.

Elliptic-curve cryptography

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security. Elliptic curves are applicable for key agreement, digital signatures, pseudo-random generators and other tasks. Indirectly, they can be used for encryption by combining the key agreement with a symmetric encryption scheme.