Hard and Easy Problems for Supersingular Isogeny Graphs

We consider the endomorphism ring computation problem for supersingular elliptic curves, constructive versions of Deuring’s correspondence, and the security of Charles-Goren-Lauter’s cryptographic hash function. We show that constructing Deuring’s correspondence is easy in one direction and equivalent to the endomorphism ring computation problem in the other direction. We also provide a collision attack for special but natural parameters of the hash function, and we prove that for general parameters its preimage and collision resistance are also equivalent to the endomorphism ring computation problem. Our reduction and attack techniques are of independent interest and may find further applications in both cryptanalysis and the design of new protocols.

[1]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[2]  W. Waterhouse,et al.  Abelian varieties over finite fields , 1969 .

[3]  M. Vignéras Arithmétique des Algèbres de Quaternions , 1980 .

[4]  Reza Azarderakhsh,et al.  A Post-quantum Digital Signature Scheme Based on Supersingular Isogenies , 2017, Financial Cryptography.

[5]  Steven D. Galbraith,et al.  Computing isogenies between supersingular elliptic curves over F_p , 2013 .

[6]  Steven D. Galbraith,et al.  Computing isogenies between supersingular elliptic curves over Fp\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${\mat , 2013, Designs, Codes and Cryptography.

[7]  Benjamin Wesolowski,et al.  Loop-Abort Faults on Supersingular Isogeny Cryptosystems , 2017, PQCrypto.

[8]  Steven D. Galbraith,et al.  On the Security of Supersingular Isogeny Cryptosystems , 2016, ASIACRYPT.

[9]  Steven D. Galbraith,et al.  Signature Schemes Based On Supersingular Isogeny Problems , 2016, IACR Cryptol. ePrint Arch..

[10]  A. Pizer,et al.  An algorithm for computing modular forms on Γ0(N) , 1980 .

[11]  S. Galbraith Constructing Isogenies between Elliptic Curves Over Finite Fields , 1999 .

[12]  Christophe Petit,et al.  Faster Algorithms for Isogeny Problems Using Torsion Point Images , 2017, ASIACRYPT.

[13]  N. Ankeny The least quadratic non residue , 1952 .

[14]  Juan Marcos Cervino,et al.  On the Correspondence between Supersingular Elliptic Curves and maximal quaternionic Orders , 2004, math/0404538.

[15]  M. Deuring Die Typen der Multiplikatorenringe elliptischer Funktionenkörper , 1941 .

[16]  Yan Bo Ti,et al.  Fault Attack on Supersingular Isogeny Cryptosystems , 2017, PQCrypto.

[17]  D. Kohel Endomorphism rings of elliptic curves over finite fields , 1996 .

[18]  Tanja Lange,et al.  Post-quantum cryptography , 2008, Nature.

[19]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[20]  Gaetan Bisson,et al.  Computing the endomorphism ring of an ordinary elliptic curve over a finite field , 2009, IACR Cryptol. ePrint Arch..

[21]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[22]  N. Linial,et al.  Expander Graphs and their Applications , 2006 .

[23]  Kristin E. Lauter,et al.  On the quaternion -isogeny path problem , 2014, LMS J. Comput. Math..