Torsion point attacks on ‘SIDH‐like’ cryptosystems
Abstract Isogeny‐based cryptography is a promising approach for post‐quantum cryptography. The best‐known protocol following that approach is the supersingular isogeny Diffie–Hellman protocol (SIDH); this protocol was turned into the CCA‐secure key encapsulation mechanism SIKE, which was submitted t...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-IET
2023-03-01
|
Series: | IET Information Security |
Online Access: | https://doi.org/10.1049/ise2.12076 |
_version_ | 1797422400224100352 |
---|---|
author | Péter Kutas Christophe Petit |
author_facet | Péter Kutas Christophe Petit |
author_sort | Péter Kutas |
collection | DOAJ |
description | Abstract Isogeny‐based cryptography is a promising approach for post‐quantum cryptography. The best‐known protocol following that approach is the supersingular isogeny Diffie–Hellman protocol (SIDH); this protocol was turned into the CCA‐secure key encapsulation mechanism SIKE, which was submitted to and remains in the third round of NIST's post‐quantum standardisation process as an ‘alternate’ candidate. Isogeny‐based cryptography generally relies on the conjectured hardness of computing an isogeny between two isogenous elliptic curves, and most cryptanalytic work referenced on SIKE's webpage exclusively focusses on that problem. Interestingly, the hardness of this problem is sufficient for neither SIDH nor SIKE. In particular, these protocols reveal additional information on the secret isogeny, in the form of images of specific torsion points through the isogeny. This paper surveys existing cryptanalysis approaches exploiting this often called ‘torsion point information’, summarises their current impact on SIKE and related algorithms, and suggests some research directions that might lead to further impact. |
first_indexed | 2024-03-09T07:31:46Z |
format | Article |
id | doaj.art-e995f0ac767849f3a4d361c83b3e0f26 |
institution | Directory Open Access Journal |
issn | 1751-8709 1751-8717 |
language | English |
last_indexed | 2024-03-09T07:31:46Z |
publishDate | 2023-03-01 |
publisher | Hindawi-IET |
record_format | Article |
series | IET Information Security |
spelling | doaj.art-e995f0ac767849f3a4d361c83b3e0f262023-12-03T06:20:12ZengHindawi-IETIET Information Security1751-87091751-87172023-03-0117216117010.1049/ise2.12076Torsion point attacks on ‘SIDH‐like’ cryptosystemsPéter Kutas0Christophe Petit1School of Computer Science University of Birmingham Birmingham UKSchool of Computer Science University of Birmingham Birmingham UKAbstract Isogeny‐based cryptography is a promising approach for post‐quantum cryptography. The best‐known protocol following that approach is the supersingular isogeny Diffie–Hellman protocol (SIDH); this protocol was turned into the CCA‐secure key encapsulation mechanism SIKE, which was submitted to and remains in the third round of NIST's post‐quantum standardisation process as an ‘alternate’ candidate. Isogeny‐based cryptography generally relies on the conjectured hardness of computing an isogeny between two isogenous elliptic curves, and most cryptanalytic work referenced on SIKE's webpage exclusively focusses on that problem. Interestingly, the hardness of this problem is sufficient for neither SIDH nor SIKE. In particular, these protocols reveal additional information on the secret isogeny, in the form of images of specific torsion points through the isogeny. This paper surveys existing cryptanalysis approaches exploiting this often called ‘torsion point information’, summarises their current impact on SIKE and related algorithms, and suggests some research directions that might lead to further impact.https://doi.org/10.1049/ise2.12076 |
spellingShingle | Péter Kutas Christophe Petit Torsion point attacks on ‘SIDH‐like’ cryptosystems IET Information Security |
title | Torsion point attacks on ‘SIDH‐like’ cryptosystems |
title_full | Torsion point attacks on ‘SIDH‐like’ cryptosystems |
title_fullStr | Torsion point attacks on ‘SIDH‐like’ cryptosystems |
title_full_unstemmed | Torsion point attacks on ‘SIDH‐like’ cryptosystems |
title_short | Torsion point attacks on ‘SIDH‐like’ cryptosystems |
title_sort | torsion point attacks on sidh like cryptosystems |
url | https://doi.org/10.1049/ise2.12076 |
work_keys_str_mv | AT peterkutas torsionpointattacksonsidhlikecryptosystems AT christophepetit torsionpointattacksonsidhlikecryptosystems |