SimS: A Simplification of SiGamal

At Asiacrypt 2020, Moriya et al. introduced two new INDCPA secure supersingular isogeny based Public Key Encryption (PKE) protocols: SiGamal and C-SiGamal. Unlike the PKEs canonically derived from SIDH and CSIDH, the new protocols provide IND-CPA security without the use of hash functions. SiGamal and C-SiGamal are however not IND-CCA secure. Moriya et al. suggested a variant of SiGamal that could be IND-CCA secure, but left its study as an open problem. In this paper, we revisit the protocols introduced by Moriya et al. First, we show that the SiGamal variant suggested by Moriya et al. for INDCCA security is, in fact, not IND-CCA secure. Secondly, we propose a new isogeny-based PKE protocol named SimS, obtained by simplifying SiGamal. SimS has smaller public keys and ciphertexts than (C-)SiGamal and it is more efficient. We prove that SimS is IND-CCA secure under CSIDH security assumptions and one Knowledge of Exponent-type assumption we introduce. Interestingly, SimS is also much closer to the CSIDH protocol, facilitating a comparison between SiGamal and CSIDH.

[1]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[2]  Christophe Petit,et al.  SÉTA: Supersingular Encryption from Torsion Attacks , 2019, IACR Cryptol. ePrint Arch..

[3]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, CRYPTO.

[4]  OkamotoTatsuaki,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 2013 .

[5]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[6]  Joost Renes Computing isogenies between Montgomery curves using the action of (0, 0) , 2017, IACR Cryptol. ePrint Arch..

[7]  Toshiaki Tanaka,et al.  On the Existence of 3-Round Zero-Knowledge Protocols , 1998, CRYPTO.

[8]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[9]  Tsuyoshi Takagi,et al.  SiGamal: A supersingular isogeny-based PKE and its application to a PRF , 2020, IACR Cryptol. ePrint Arch..

[10]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[11]  Steven D. Galbraith,et al.  Computing isogenies between supersingular elliptic curves over F_p , 2013 .

[12]  Steven D. Galbraith,et al.  On the Security of Supersingular Isogeny Cryptosystems , 2016, ASIACRYPT.

[13]  Steven D. Galbraith,et al.  Computing isogenies between supersingular elliptic curves over Fp\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${\mat , 2013, Designs, Codes and Cryptography.

[14]  L. Washington Elliptic Curves: Number Theory and Cryptography, Second Edition , 2008 .

[15]  Alexander Rostovtsev,et al.  Public-Key Cryptosystem Based on Isogenies , 2006, IACR Cryptol. ePrint Arch..

[16]  Wouter Castryck,et al.  CSIDH on the surface , 2020, IACR Cryptol. ePrint Arch..

[17]  Benjamin A. Smith,et al.  Faster computation of isogenies of large prime degree , 2020, IACR Cryptol. ePrint Arch..

[18]  Frederik Vercauteren,et al.  CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations , 2019, IACR Cryptol. ePrint Arch..

[19]  Craig Costello,et al.  A Simple and Compact Algorithm for SIDH with Arbitrary Degree Isogenies , 2017, ASIACRYPT.

[20]  Jean Marc Couveignes,et al.  Hard Homogeneous Spaces , 2006, IACR Cryptol. ePrint Arch..

[21]  E. E. Kummer Zur Theorie der complexen Zahlen. , 1847 .

[22]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[23]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[24]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[25]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[26]  David Jao,et al.  Constructing elliptic curve isogenies in quantum subexponential time , 2010, J. Math. Cryptol..

[27]  Wouter Castryck,et al.  Breaking the decisional Diffie-Hellman problem for class group actions using genus theory , 2020, IACR Cryptol. ePrint Arch..

[28]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[29]  Wouter Castryck,et al.  Radical isogenies , 2020, IACR Cryptol. ePrint Arch..

[30]  Tanja Lange,et al.  CSIDH: An Efficient Post-Quantum Commutative Group Action , 2018, IACR Cryptol. ePrint Arch..