**Are you an EPFL student looking for a semester project?**

Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.

Publication# Isogeny Problems with Level Structure

Abstract

Given two elliptic curves and the degree of an isogeny between them, finding the isogeny is believed to be a difficult problem—upon which rests the security of nearly any isogeny-based scheme. If, however, to the data above we add information about the behavior of the isogeny on a large enough subgroup, the problem can become easy, as recent cryptanalyses on SIDH have shown. Between the restriction of the isogeny to a full N-torsion subgroup and no “torsion information” at all lies a spectrum of interesting intermediate problems, raising the question of how easy or hard each of them is. Here we explore modular isogeny problems where the torsion information is masked by the action of a group of 2x2 matrices. We give reductions between these problems, classify them by their difficulty, and link them to security assumptions found in the literature.

Official source

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (40)

Related MOOCs (9)

Related concepts (33)

Algebra (part 1)

Un MOOC francophone d'algèbre linéaire accessible à tous, enseigné de manière rigoureuse et ne nécessitant aucun prérequis.

Algebra (part 1)

Un MOOC francophone d'algèbre linéaire accessible à tous, enseigné de manière rigoureuse et ne nécessitant aucun prérequis.

Algebra (part 2)

Un MOOC francophone d'algèbre linéaire accessible à tous, enseigné de manière rigoureuse et ne nécessitant aucun prérequis.

Dual abelian variety

In mathematics, a dual abelian variety can be defined from an abelian variety A, defined over a field K. To an abelian variety A over a field k, one associates a dual abelian variety Av (over the same field), which is the solution to the following moduli problem. A family of degree 0 line bundles parametrized by a k-variety T is defined to be a line bundle L on A×T such that for all , the restriction of L to A×{t} is a degree 0 line bundle, the restriction of L to {0}×T is a trivial line bundle (here 0 is the identity of A).

Elliptic curve

In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point O. An elliptic curve is defined over a field K and describes points in K^2, the Cartesian product of K with itself. If the field's characteristic is different from 2 and 3, then the curve can be described as a plane algebraic curve which consists of solutions (x, y) for: for some coefficients a and b in K. The curve is required to be non-singular, which means that the curve has no cusps or self-intersections.

Elliptic-curve cryptography

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security. Elliptic curves are applicable for key agreement, digital signatures, pseudo-random generators and other tasks. Indirectly, they can be used for encryption by combining the key agreement with a symmetric encryption scheme.

We provide new explicit examples of lattice sphere packings in dimensions 54, 55, 162, 163, 486 and 487 that are the densest known so far, using Kummer families of elliptic curves over global function fields.In some cases, these families of elliptic curves ...

Tako Boris Fouotsa, Laurane Chloé Angélina Marco, Andrea Basso

Isogeny-based cryptography is an instance of post-quantum cryptography whose fundamental problem consists of finding an isogeny between two (isogenous) elliptic curves E and E′. This problem is closely related to that of computing the endomorphism ring of ...

Tako Boris Fouotsa, Andrea Basso

The Supersingular Isogeny Diffie-Hellman (SIDH) protocol has been the main and most efficient isogeny-based encryption protocol, until a series of breakthroughs led to a polynomial-time key-recovery attack. While some countermeasures have been proposed, th ...