Conference item icon

Conference item

On the Security of Supersingular Isogeny Cryptosystems

Abstract:

We study cryptosystems based on supersingular isogenies. This is an active area of research in post-quantum cryptography. Our first contribution is to give a very powerful active attack on the supersingular isogeny encryption scheme. This attack can only be prevented by using a (relatively expensive) countermeasure. Our second contribution is to show that the security of all schemes of this type depends on the difficulty of computing the endomorphism ring of a supersingular elliptic curve. This result gives significant insight into the difficulty of the isogeny problem that underlies the security of these schemes. Our third contribution is to give a reduction that uses partial knowledge of shared keys to determine an entire shared key. This can be used to retrieve the secret key, given information leaked from a side-channel attack on the key exchange protocol. A corollary of this work is the first bit security result for the supersingular isogeny key exchange: Computing any component of the j-invariant is as hard as computing the whole j-invariant.

Our paper therefore provides an improved understanding of the security of these cryptosystems. We stress that our work does not imply that these systems are insecure, or that they should not be used. However, it highlights that implementations of these schemes will need to take account of the risks associated with various active and side-channel attacks.

Publication status:
Published
Peer review status:
Peer reviewed

Actions

Access Document

Files:
Publisher copy:
10.1007/978-3-662-53887-6_3

Authors

More by this author
Institution:
University of Oxford
Division:
MPLS
Department:
Mathematical Institute
Role:
Author



Publisher:
Springer Verlag
Host title:
International Conference on the Theory and Application of Cryptology and Information Security. Advances in Cryptology – ASIACRYPT 2016
Journal:
Advances in Cryptology – ASIACRYPT 2016. ASIACRYPT 2016 More from this journal
Volume:
10031
Pages:
63-91
Series:
Lecture Notes in Computer Science
Publication date:
2016-12-08
Acceptance date:
2016-08-14
DOI:
ISBN:
9783662538876


Keywords:
Pubs id:
pubs:638694
UUID:
uuid:840faec4-382f-44ec-aeac-76bd5962f7cb
Local pid:
pubs:638694
Source identifiers:
638694
Deposit date:
2017-01-06
ARK identifier:

Terms of use


Views and Downloads






If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP