Abstract
We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring. Our work is motivated by the recent development of a subexponential-time quantum algorithm for constructing isogenies between ordinary elliptic curves. In the supersingular case, by contrast, the fastest known quantum attack remains exponential, since the noncommutativity of the endomorphism ring means that the approach used in the ordinary case does not apply. We give a precise formulation of the necessary computational assumption along with a discussion of its validity. In addition, we present implementation results showing that our protocols are multiple orders of magnitude faster than previous isogeny-based cryptosystems over ordinary curves.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bostan, A., Morain, F., Salvy, B., Schost, É.: Fast algorithms for computing isogenies between elliptic curves. Math. Comp. 77(263), 1755–1778 (2008)
Bröker, R.: Constructing supersingular elliptic curves. J. Comb. Number Theory 1(3), 269–273 (2009)
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Charles, D., Lauter, K., Goren, E.: Cryptographic hash functions from expander graphs. Journal of Cryptology 22, 93–113 (2009)
Childs, A., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time (2010), http://arxiv.org/abs/1012.4019/
Couveignes, J.: Hard homogeneous spaces (2006), http://eprint.iacr.org/2006/291/
Galbraith, S.: Constructing isogenies between elliptic curves over finite fields. LMS J. Comput. Math. 2, 118–138 (1999)
Galbraith, S.D., Hess, F., Smart, N.P.: Extending the GHS Weil Descent Attack. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 29–44. Springer, Heidelberg (2002)
Galbraith, S., Stolbunov, A.: Improved algorithm for the isogeny problem for ordinary elliptic curves (2011), http://arxiv.org/abs/1105.6331/
Joux, A.: The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 20–32. Springer, Heidelberg (2002)
Lagarias, J., Odlyzko, A.: Effective versions of the Chebotarev density theorem. In: Proc. Sympos. on Algebraic Number Fields: L-functions and Galois Properties, Univ. Durham, Durham, 1975, pp. 409–464. Academic Press, London (1977)
Montgomery, P.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48(177), 243–264 (1987)
Petit, C., Lauter, K., Quisquater, J.-J.: Full Cryptanalysis of LPS and Morgenstern Hash Functions. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 263–277. Springer, Heidelberg (2008)
Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies (2006), http://eprint.iacr.org/2006/145/
Silverman, J.: The arithmetic of elliptic curves. Graduate Texts in Mathematics, vol. 106. Springer, New York (1992); Corrected reprint of the 1986 original
Stebila, D., Mosca, M., Lütkenhaus, N.: The Case for Quantum Key Distribution. In: Sergienko, A., Pascazio, S., Villoresi, P. (eds.) QuantumComm 2009. LNICS, vol. 36, pp. 283–296. Springer, Heidelberg (2010)
Stein, W., et al.: Sage Mathematics Software (Version 4.6.2). The Sage Development Team (2011), http://www.sagemath.org
Stolbunov, A.: Reductionist security arguments for public-key cryptographic schemes based on group action. In: Mjølsnes, S.F. (ed.) Norsk informasjonssikkerhetskonferanse (NISK), pp. 97–109 (2009)
Stolbunov, A.: Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Adv. Math. Commun. 4(2), 215–235 (2010)
Tani, S.: Claw Finding Algorithms Using Quantum Walk. arXiv:0708.2584 (March 2008)
Tate, J.: Endomorphisms of abelian varieties over finite fields. Invent. Math. 2, 134–144 (1966)
Teske, E.: The Pohlig-Hellman method generalized for group structure computation. Journal of Symbolic Computation 27(6), 521–534 (1999)
The PARI Group, Bordeaux. PARI/GP, version 2.4.3 (2008) http://pari.math.u-bordeaux.fr/
Vélu, J.: Isogénies entre courbes elliptiques. C. R. Acad. Sci. Paris Sér. A-B 273, A238–A241 (1971)
Zhang, S.: Promised and Distributed Quantum Search. In: Wang, L. (ed.) COCOON 2005. LNCS, vol. 3595, pp. 430–439. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jao, D., De Feo, L. (2011). Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies. In: Yang, BY. (eds) Post-Quantum Cryptography. PQCrypto 2011. Lecture Notes in Computer Science, vol 7071. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25405-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-25405-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25404-8
Online ISBN: 978-3-642-25405-5
eBook Packages: Computer ScienceComputer Science (R0)