Ramanujan Graphs in Cryptography
In this paper we study the security of a proposal for Post-Quantum Cryptography from both a number theoretic and cryptographic perspective. Charles–Goren–Lauter in 2006 proposed two hash functions based on the hardness of finding paths in Ramanujan graphs. One is based on Lubotzky–Phillips–Sarnak (LPS) graphs and the other one is based on Supersingular Isogeny Graphs. A 2008 paper by Petit–Lauter–Quisquater breaks the hash function based on LPS graphs. On the Supersingular Isogeny Graphs proposal, recent work has continued to build cryptographic applications on the hardness of finding isogenies between supersingular elliptic curves. A 2011 paper by De Feo–Jao–Plût proposed a cryptographic system based on Supersingular Isogeny Diffie–Hellman as well as a set of five hard problems. In this paper we show that the security of the SIDH proposal relies on the hardness of the SSIG path-finding problem introduced in Charles et al. (2009). In addition, similarities between the number theoretic ingredients in the LPS and Pizer constructions suggest that the hardness of the path-finding problem in the two graphs may be linked. By viewing both graphs from a number theoretic perspective, we identify the similarities and differences between the Pizer and LPS graphs.
KeywordsPost-Quantum Cryptography Supersingular isogeny graphs Ramanujan graphs
2010 Mathematics Subject ClassificationPrimary: 14G50, 11F70 Secondary: 05C75, 11R52
- 1.Gora Adj, Omran Ahmadi, and Alfred Menezes, On isogeny graphs of supersingular elliptic curves over finite fields, Cryptology ePrint Archive, Report 2018/132, 2018, https://eprint.iacr.org/2018/132.
- 2.Noga Alon, Eigenvalues and expanders, Combinatorica 6 (1986), no. 2, 83–96, Theory of computing (Singer Island, Fla., 1984). MR 875835Google Scholar
- 3.Denis X. Charles, Eyal Z. Goren, and Kristin E. Lauter, Cryptographic hash functions from expander graphs, J. Cryptology 22 (2009), no. 1, 93–113, available at https://eprint.iacr.org/2006/021.pdf. MR 2496385
- 4._________ , Families of Ramanujan graphs and quaternion algebras, Groups and symmetries, CRM Proc. Lecture Notes, vol. 47, Amer. Math. Soc., Providence, RI, 2009, pp. 53–80. MR 2500554Google Scholar
- 5.Gaëtan Chenevier, Lecture notes, 2010, http://gaetan.chenevier.perso.math.cnrs.fr/coursIHP/chenevier_lecture6.pdf, retrieved August 13, 2017.
- 6.Pierre Deligne, Formes modulaires et représentationsl-adiques, Séminaire Bourbaki. Vol. 1968/69, vol. 179, Lecture Notes in Math., no. 355, Springer, Berlin, 1971, pp. 139–172.Google Scholar
- 7._________ , La conjecture de Weil. I, Publications Mathématiques de l’Institut des Hautes Études Scientifiques 43 (1974), no. 1, 273–307.Google Scholar
- 8.Luca De Feo, David Jao, and Jérôme Plût, Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies, J. Math. Cryptol. 8 (2014), no. 3, 209–247. MR 3259113Google Scholar
- 9.Stephen S. Gelbart, Automorphic forms on adele groups, no. 83, Princeton University Press, 1975.Google Scholar
- 10.Yasutaka Ihara, Discrete subgroups of PL(2, k ℘), Algebraic Groups and Discontinuous Subgroups (Proc. Sympos. Pure Math., Boulder, Colo., 1965), Amer. Math. Soc., Providence, R.I., 1966, pp. 272–278. MR 0205952Google Scholar
- 11.David Jao, Stephen D Miller, and Ramarathnam Venkatesan, Do all elliptic curves of the same order have the same difficulty of discrete log?, International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2005, pp. 21–40.Google Scholar
- 12.Wen-Ch’ing Winnie Li, A survey of Ramanujan graphs, Arithmetic, geometry and coding theory (Luminy, 1993), de Gruyter, Berlin, 1996, pp. 127–143. MR 1394930Google Scholar
- 15.Alexander Lubotzky, Discrete groups, expanding graphs and invariant measures, Modern Birkhäuser Classics, Birkhäuser Verlag, Basel, 2010, With an appendix by Jonathan D. Rogawski, Reprint of the 1994 edition. MR 2569682Google Scholar
- 16.Jean-Francois Mestre, La méthode des graphes. Exemples et applications, Proceedings of the International Conference on Class Numbers and Fundamental Units of Algebraic Number Fields (Katata, 1986), Nagoya Univ., Nagoya, 1986, pp. 217–242. MR 891898Google Scholar
- 17.Christophe Petit, Kristin Lauter, and Jean-Jacques Quisquater, Full cryptanalysis of LPS and Morgenstern hash functions, Security and Cryptography for Networks (Berlin, Heidelberg) (Rafail Ostrovsky, Roberto De Prisco, and Ivan Visconti, eds.), Springer Berlin Heidelberg, 2008, pp. 263–277.Google Scholar
- 20._________ , Ramanujan graphs, Computational perspectives on number theory (Chicago, IL, 1995), AMS/IP Stud. Adv. Math., vol. 7, Amer. Math. Soc., Providence, RI, 1998, pp. 159–178. MR 1486836Google Scholar
- 21.Post-Quantum Cryptography Standardization, https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization, Accessed: 2018-04-14.
- 23.Joseph H. Silverman, The arithmetic of elliptic curves, second ed., Graduate Texts in Mathematics, vol. 106, Springer, Berlin–Heidelberg–New York, 2009.Google Scholar
- 24.Jean-Pierre Tillich and Gilles Zémor, Collisions for the LPS expander graph hash function, Advances in Cryptology – EUROCRYPT 2008 (Nigel Smart, ed.), Springer, 2008, pp. 254–269.Google Scholar
- 25.Jacques Vélu, Isogénies entre courbes elliptiques, C. R. Acad. Sci. Paris Sér. A-B 273 (1971), A238–A241. MR 0294345Google Scholar
- 26.Marie-France Vignéras, Arithmétique des algèbres de quaternions, Lecture Notes in Mathematics, vol. 800, Springer, Berlin, 1980. MR 580949Google Scholar
- 27.John Voight, Quaternion algebras, 2018, https://math.dartmouth.edu/~jvoight/quat-book.pdf, retrieved October 20, 2017.