论文信息 - On the Degree-Insensitive SI-GDH problem and assumption

On the Degree-Insensitive SI-GDH problem and assumption

Fujioka, Takashima, Terada and Yoneyama, in their 2018 work on an authenticated key exchange protocol using supersingular isogenies, use new assumptions in their security proof of the scheme. In particular, they define the degree-sensitive and degree-insensitive SI-GDH assumptions and problems. These assumptions include a decision oracle that is used in the security proofs. We give evidence that those assumptions are not well defined. Hence, the security proofs in their paper do not seem to be correct.

Steven D. Galbraith | Samuel Dobson

[1] Joseph H. Silverman,et al. The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[2] Frederik Vercauteren,et al. Computational problems in supersingular elliptic curve isogenies , 2017, IACR Cryptol. ePrint Arch..

[3] Atsushi Fujioka,et al. Supersingular Isogeny Diffie-Hellman Authenticated Key Exchange , 2018, IACR Cryptol. ePrint Arch..

[4] David Jao,et al. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..