Abstract
We revisit the problem of finding two consecutive B-smooth integers by giving an optimised implementation of the Conrey-Holmstrom-McLaughlin “smooth neighbors” algorithm. While this algorithm is not guaranteed to return the complete set of B-smooth neighbors, in practice it returns a very close approximation to the complete set but does so in a tiny fraction of the time of its exhaustive counterparts. We exploit this algorithm to find record-sized solutions to the pure twin smooth problem, and subsequently to produce instances of cryptographic parameters whose corresponding isogeny degrees are significantly smoother than prior works. Our methods seem well-suited to finding parameters for the SQISign signature scheme, especially for instantiations looking to minimise the cost of signature generation. We give a number of examples, among which are the first parameter sets geared towards efficient SQISign instantiations at NIST’s security levels III and V.
Supported by EPSRC grant EP/S022503/1.
Supported by the German Federal Ministry of Education and Research (BMBF) under the project QuantumRISC (ID 16KIS1039).
Supported by EPSRC grant EP/R513350/1.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
SQISign is instantiated over large primes p such that \(p^2-1\) is divisible by a large, B-smooth factor. If, for example, we find B-smooth twins r and \(r+1\) whose sum is a prime \(p=2r+1\), then \(p^2-1\) is immediately B-smooth.
- 2.
The initial SQISign requirements [16] had \(T \approx p^{3/2}\), but \(T_{1879}\) corresponds to the new requirements.
- 3.
Another alternative is to include both positive and negative values in the inital set \(S^(0)\). Observe that in this case, it does not matter whether one uses \((rs + 1)/(s - r)\) or \((rs - 1)/(s + r)\), as \((rs + 1)/(s - r) = -(s(-r) + 1)/(s + (-r)))\).
- 4.
That satisfy some mild conditions outside of just requiring \(p^2-1\) to be smooth.
References
Banks, W.D., Shparlinski, I.E.: Integers with a large smooth divisor. arXiv preprint math/0601460 (2006)
Basso, A., Fouotsa, T.B.: New sidh countermeasures for a more efficient key exchange. Cryptology ePrint Archive, Paper 2023/791 (2023). https://eprint.iacr.org/2023/791
Basso, A., Maino, L., Pope, G.: FESTA: fast encryption from supersingular torsion attacks. Cryptology ePrint Archive, Paper 2023/660 (2023). https://eprint.iacr.org/2023/660
Bernstein, D.J., De Feo, L., Leroux, A., Smith, B.: Faster computation of isogenies of large prime degree. Open Book Series 4(1), 39–55 (2020)
Bingmann, T.: TLX: collection of sophisticated C++ data structures, algorithms, and miscellaneous helpers (2018). https://panthema.net/tlx. Accessed 7 Oct 2020
Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. In: EUROCRYPT. LNCS, vol. 14008, pp. 423–447. Springer (2023)
Conrey, J.B., Holmstrom, M.A.: Smooth values of quadratic polynomials. Exp. Math. 30(4), 447–452 (2021)
Conrey, J.B., Holmstrom, M.A., McLaughlin, T.L.: Smooth neighbors. Exp. Math. 22(2), 195–202 (2013)
Costello, C.: B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 440–463. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_15
Costello, C., Meyer, M., Naehrig, M.: Sieving for twin smooth integers with solutions to the prouhet-tarry-escott problem. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 272–301. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_10
Dartois, P., Leroux, A., Robert, D., Wesolowski, B.: SQISignHD: New dimensions in cryptography. Cryptology ePrint Archive, Paper 2023/436 (2023). https://eprint.iacr.org/2023/436
de Bruijn, N.G.: On the number of positive integers \(\le \) x and free of prime factors \(> y\), ii. Indag. Math. 38, 239–247 (1966)
De Feo, L., Delpech de Saint Guilhem, C., Fouotsa, T.B., Kutas, P., Leroux, A., Petit, C., Silva, J., Wesolowski, B.: Séta: supersingular encryption from torsion attacks. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 249–278. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_9
Dickman, K.: On the frequency of numbers containing prime factors of a certain relative magnitude. Arkiv for matematik, astronomi och fysik 22(10), A-10 (1930)
Komada Eriksen, J., Panny, L., Sotáková, J., Veroni, M.: Deuring for the people: Supersingular elliptic curves with prescribed endomorphism ring in general characteristic. Cryptology ePrint Archive (2023)
De Feo, L., Kohel, D., Leroux, A., Petit, C., Wesolowski, B.: SQISign: Compact Post-quantum Signatures from Quaternions and Isogenies. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 64–93. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_3
De Feo, L., Leroux, A., Longa, P., Wesolowski, B.: New algorithms for the deuring correspondence - towards practical and secure sqisign signatures. In: EUROCRYPT, vol. 14008, pp. 659–690. Springer (2023)
T. B. Fouotsa, T. Moriya, and C. Petit. M-SIDH and MD-SIDH: Countering sidh attacks by masking information. In: EUROCRYPT, vol. 14008, pp. 282–309. Springer (2023). doi: https://doi.org/10.1007/978-3-031-30589-4_10
Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2
Lehmer, D.H.: On a problem of Störmer. Ill. J. Math. 8(1), 57–79 (1964)
Luca, F., Najman, F.: On the largest prime factor of \(x^2\)-1. Math. Comput. 80(273), 429–435 (2011)
Maino, L., Martindale, C., Panny, L., Pope, G., Wesolowski, B.: A direct key recovery attack on SIDH. In: EUROCRYPT. LNCS, vol. 14008, pp. 448–471. Springer (2023). https://doi.org/10.1007/978-3-031-30589-4_16
Robert, D.: Breaking SIDH in polynomial time. In: EUROCRYPT. LNCS, vol. 14008, pp. 472–503. Springer (2023). https://doi.org/10.1007/978-3-031-30589-4_17
Størmer, C.: Quelques théorèmes sur l’équation de Pell \(x^2-dy^2=\pm 1\) et leurs applications. Christiania Videnskabens Selskabs Skrifter, Math. Nat. Kl (2), 48 (1897)
Tenenbaum, G.: Integers with a large friable component. Acta Arith 124, 287–291 (2006)
Tenenbaum, G.: Introduction to analytic and probabilistic number theory, volume 163. American Mathematical Soc. (2015)
The National Institute of Standards and Technology (NIST). Submission requirements and evaluation criteria for the post-quantum cryptography standardization process, December 2016
The National Institute of Standards and Technology (NIST). Call for additional digital signature schemes for the post-quantum cryptography standardization process, October 2022
Acknowledgements
We thank Joost Renes for several helpful discussions about the CHM algorithm, and Luca De Feo for helpful comments on SQISign prime requirements during the preparation of this work as well as the anonymous reviewers for their constructive feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Bruno, G. et al. (2023). Cryptographic Smooth Neighbors. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology – ASIACRYPT 2023. ASIACRYPT 2023. Lecture Notes in Computer Science, vol 14444. Springer, Singapore. https://doi.org/10.1007/978-981-99-8739-9_7
Download citation
DOI: https://doi.org/10.1007/978-981-99-8739-9_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8738-2
Online ISBN: 978-981-99-8739-9
eBook Packages: Computer ScienceComputer Science (R0)