A Quantum Algorithm for Computing Isogenies between Supersingular Elliptic Curves

In this paper, we describe a quantum algorithm for computing an isogeny between any two supersingular elliptic curves defined over a given finite field. The complexity of our method is in \(\tilde{O}(p^{1/4})\) where \(p\) is the characteristic of the base field. Our method is an asymptotic improvement over the previous fastest known method which had complexity \(\tilde{O}(p^{1/2})\) (on both classical and quantum computers). We also discuss the cryptographic relevance of our algorithm.

[1]  T. Hagedorn,et al.  PRIMES OF THE FORM x 2 + ny 2 AND THE GEOMETRY OF ( CONVENIENT ) NUMBERS , 2010 .

[2]  Steven D. Galbraith,et al.  Pairing-Based Cryptography - Pairing 2008, Second International Conference, Egham, UK, September 1-3, 2008. Proceedings , 2008, Pairing.

[3]  David Jao,et al.  Isogeny-Based Quantum-Resistant Undeniable Signatures , 2014, PQCrypto.

[4]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[5]  Kazuya Kato,et al.  Number Theory 1 , 1999 .

[6]  K. Gandhi Primes of the form x2 + ny2 , 2012 .

[7]  Steven D. Galbraith,et al.  Computing isogenies between supersingular elliptic curves over F_p , 2013 .

[8]  David Jao,et al.  Do All Elliptic Curves of the Same Order Have the Same Difficulty of Discrete Log? , 2004, ASIACRYPT.

[9]  Seiichiro Tani,et al.  Claw finding algorithms using quantum walk , 2007, Theor. Comput. Sci..

[10]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[11]  Alexander Rostovtsev,et al.  Public-Key Cryptosystem Based on Isogenies , 2006, IACR Cryptol. ePrint Arch..

[12]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2014, J. Math. Cryptol..

[13]  Steven D. Galbraith,et al.  Computing isogenies between supersingular elliptic curves over Fp\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${\mat , 2013, Designs, Codes and Cryptography.

[14]  R. Zuccherato,et al.  Counting Points on Elliptic Curves Over F2m , 1993 .

[15]  David Jao,et al.  Constructing elliptic curve isogenies in quantum subexponential time , 2010, J. Math. Cryptol..

[16]  J. Tate Endomorphisms of abelian varieties over finite fields , 1966 .

[17]  O. Regev A Subexponential Time Algorithm for the Dihedral Hidden Subgroup Problem with Polynomial Space , 2004, quant-ph/0406151.

[18]  G. Ballew,et al.  The Arithmetic of Elliptic Curves , 2020, Elliptic Curves.

[19]  Greg Kuperberg A Subexponential-Time Quantum Algorithm for the Dihedral Hidden Subgroup Problem , 2005, SIAM J. Comput..

[20]  J. E. Littlewood,et al.  On the Class-Number of the Corpus P(√−k) , 1928 .

[21]  Steven D. Galbraith,et al.  Improved algorithm for the isogeny problem for ordinary elliptic curves , 2011, Applicable Algebra in Engineering, Communication and Computing.

[22]  Anton Stolbunov,et al.  Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves , 2010, Adv. Math. Commun..

[23]  Reinier Bröker,et al.  CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES , 2007 .

[24]  S. Galbraith Constructing Isogenies between Elliptic Curves Over Finite Fields , 1999 .

[25]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[26]  Kristin E. Lauter,et al.  Evaluating Large Degree Isogenies and Applications to Pairing Based Cryptography , 2008, Pairing.

[27]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[28]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[29]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[30]  Gilles Brassard,et al.  Tight bounds on quantum searching , 1996, quant-ph/9605034.

[31]  R. Venkatesan,et al.  Expander graphs based on GRH with an application to elliptic curve cryptography , 2008, 0811.0647.