Verifiable Delay Functions from Supersingular Isogenies and Pairings

We present two new Verifiable Delay Functions (VDF) based on assumptions from elliptic curve cryptography. We discuss both the advantages and drawbacks of our constructions, we study their security and we demonstrate their practicality with a proof-of-concept implementation.

[1]  Luca De Feo,et al.  Mathematics of Isogeny Based Cryptography , 2017, ArXiv.

[2]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[3]  M. Hellman The Mathematics of Public-Key Cryptography , 1979 .

[4]  Arjen K. Lenstra,et al.  A random zoo: sloth, unicorn, and trx , 2015, IACR Cryptol. ePrint Arch..

[5]  Johannes Buchmann,et al.  A Survey on {IQ} Cryptography , 2001 .

[6]  Steven D. Galbraith,et al.  SeaSign: Compact isogeny signatures from class group actions , 2019, IACR Cryptol. ePrint Arch..

[7]  Craig Costello,et al.  Efficient Algorithms for Supersingular Isogeny Diffie-Hellman , 2016, CRYPTO.

[8]  Kristin E. Lauter,et al.  On the quaternion -isogeny path problem , 2014, LMS J. Comput. Math..

[9]  David Jao,et al.  Constructing elliptic curve isogenies in quantum subexponential time , 2010, J. Math. Cryptol..

[10]  David Jao,et al.  A Quantum Algorithm for Computing Isogenies between Supersingular Elliptic Curves , 2014, INDOCRYPT.

[11]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[12]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[13]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.

[14]  Markus Kirschmer,et al.  Algorithmic Enumeration of Ideal Classes for Quaternion Orders , 2008, SIAM J. Comput..

[15]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[16]  D. Kohel Endomorphism rings of elliptic curves over finite fields , 1996 .

[17]  Paulo S. L. M. Barreto,et al.  Faster Cryptographic Hash Function From Supersingular Isogeny Graphs , 2017, IACR Cryptol. ePrint Arch..

[18]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[19]  Tanja Lange,et al.  CSIDH: An Efficient Post-Quantum Commutative Group Action , 2018, IACR Cryptol. ePrint Arch..

[20]  S. Lang,et al.  Abelian varieties over finite fields , 2005 .

[21]  Arjen K. Lenstra,et al.  Trustworthy public randomness with sloth, unicorn, and trx , 2017, Int. J. Appl. Cryptogr..

[22]  M. Vignéras Arithmétique des Algèbres de Quaternions , 1980 .

[23]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[24]  Frederik Vercauteren,et al.  CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations , 2019, IACR Cryptol. ePrint Arch..

[25]  Joost Renes Computing isogenies between Montgomery curves using the action of (0, 0) , 2017, IACR Cryptol. ePrint Arch..

[26]  Greg Kuperberg,et al.  Another Subexponential-time Quantum Algorithm for the Dihedral Hidden Subgroup Problem , 2011, TQC.

[27]  Dan Boneh,et al.  A Survey of Two Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[28]  O. Regev A Subexponential Time Algorithm for the Dihedral Hidden Subgroup Problem with Polynomial Space , 2004, quant-ph/0406151.

[29]  Michael J. Fischer,et al.  Scalable Bias-Resistant Distributed Randomness , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[30]  Alexei Y. Kitaev,et al.  Quantum measurements and the Abelian Stabilizer Problem , 1995, Electron. Colloquium Comput. Complex..

[31]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.

[32]  Steven D. Galbraith,et al.  Computing isogenies between supersingular elliptic curves over Fp\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${\mat , 2013, Designs, Codes and Cryptography.

[33]  Daniel J. Bernstein,et al.  Modular exponentiation via the explicit Chinese remainder theorem , 2007, Math. Comput..

[34]  David A. Cox Primes of the Form x2 + ny2: Fermat, Class Field Theory, and Complex Multiplication , 1989 .

[35]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2014, J. Math. Cryptol..

[36]  L. Washington Elliptic Curves: Number Theory and Cryptography , 2003 .

[37]  Steven D. Galbraith,et al.  Computing isogenies between supersingular elliptic curves over F_p , 2013 .

[38]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[39]  Steven D. Galbraith,et al.  Identification Protocols and Signature Schemes Based on Supersingular Isogeny Problems , 2017, ASIACRYPT.

[40]  Steven D. Galbraith,et al.  On the Security of Supersingular Isogeny Cryptosystems , 2016, ASIACRYPT.

[41]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[42]  Salil P. Vadhan,et al.  Publicly verifiable proofs of sequential work , 2013, ITCS '13.

[43]  A. Pizer Ramanujan graphs and Hecke operators , 1990 .

[44]  P. Müller,et al.  Exceptional Polynomials of Affine Type , 1997 .

[45]  André Schrottenloher,et al.  Quantum Security Analysis of CSIDH and Ordinary Isogeny-based Schemes , 2018, IACR Cryptol. ePrint Arch..

[46]  Cécile Pierrot,et al.  Malleability of the blockchain’s entropy , 2016, Cryptography and Communications.

[47]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[48]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[49]  J. Buchmann,et al.  Binary Quadratic Forms , 2007 .

[50]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[51]  Claude Tricot,et al.  La méthode des graphes , 1965 .

[52]  Greg Kuperberg A Subexponential-Time Quantum Algorithm for the Dihedral Hidden Subgroup Problem , 2005, SIAM J. Comput..

[53]  Kristin E. Lauter,et al.  Hard and Easy Problems for Supersingular Isogeny Graphs , 2017, IACR Cryptol. ePrint Arch..

[54]  Kristin E. Lauter,et al.  Supersingular Isogeny Graphs and Endomorphism Rings: Reductions and Solutions , 2018, EUROCRYPT.

[55]  Frederik Vercauteren,et al.  Aspects of Pairing Inversion , 2008, IEEE Transactions on Information Theory.

[56]  Michael J. Jacobson,et al.  A note on the security of CSIDH , 2018, INDOCRYPT.

[57]  Krzysztof Pietrzak,et al.  Simple Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[58]  Takeshi Koshiba,et al.  New Assumptions on Isogenous Pairing Groups with Applications to Attribute-Based Encryption , 2018, ICISC.

[59]  Steven D. Galbraith,et al.  Extending the GHS Weil Descent Attack , 2002, EUROCRYPT.

[60]  Krzysztof Pietrzak,et al.  Simple Proofs of Sequential Work , 2018, IACR Cryptol. ePrint Arch..

[61]  M. Murty Ramanujan Graphs , 1965 .

[62]  Reza Azarderakhsh,et al.  A Post-quantum Digital Signature Scheme Based on Supersingular Isogenies , 2017, Financial Cryptography.

[63]  David Jao,et al.  A Subexponential Algorithm for Evaluating Large Degree Isogenies , 2010, ANTS.

[64]  Nigel P. Smart,et al.  Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series) , 2005 .

[65]  Duncan A. Buell,et al.  Binary Quadratic Forms: Classical Theory and Modern Computations , 1989 .

[66]  Tanja Lange,et al.  Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies , 2019, IACR Cryptol. ePrint Arch..

[67]  Razvan Barbulescu,et al.  Improving NFS for the Discrete Logarithm Problem in Non-prime Finite Fields , 2015, EUROCRYPT.

[68]  Takeshi Koshiba,et al.  Pairing Cryptography Meets Isogeny: A New Framework of Isogenous Pairing Groups , 2016, IACR Cryptol. ePrint Arch..