Advertisement

A Quantum Algorithm for Computing Isogenies between Supersingular Elliptic Curves

  • Jean-François Biasse
  • David JaoEmail author
  • Anirudh Sankar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8885)

Abstract

In this paper, we describe a quantum algorithm for computing an isogeny between any two supersingular elliptic curves defined over a given finite field. The complexity of our method is in \(\tilde{O}(p^{1/4})\) where \(p\) is the characteristic of the base field. Our method is an asymptotic improvement over the previous fastest known method which had complexity \(\tilde{O}(p^{1/2})\) (on both classical and quantum computers). We also discuss the cryptographic relevance of our algorithm.

Keywords

Elliptic curve cryptography Quantum safe cryptography Isogenies Supersingular curves 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. the user language. J. Symbolic Comput. 24(3–4), 235–265 (1997)MathSciNetzbMATHCrossRefGoogle Scholar
  2. 2.
    Boyer, M., Brassard, G.: P. Høyer, and A. Tapp. Tight bounds on quantum searching. Fortschritte Der Physik 46, 493–505 (1998)CrossRefGoogle Scholar
  3. 3.
    Bröker, R.: Constructing supersingular elliptic curves. J. Comb. Number Theory 1(3), 269–273 (2009)MathSciNetGoogle Scholar
  4. 4.
    Bröker, R., Charles, D., Lauter, K.: Evaluating Large Degree Isogenies and Applications to Pairing Based Cryptography. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 100–112. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Charles, D., Lauter, K., Goren, E.: Cryptographic hash functions from expander graphs. Jornal of Cryptology 22, 93–113 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    Childs, A., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. Journal of Mathematical Cryptology 8(1), 1–29 (2013)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Couveignes, J.-M.: Hard homgeneous spaces. http://eprint.iacr.org/2006/291
  8. 8.
    Cox, D. A.: Primes of the form \(x^2+n y^2\). John Wiley & Sons (1989)Google Scholar
  9. 9.
    Delfs, C., Galbraith, S.: Computing isogenies between supersingular elliptic curves over \(\mathbb{F}_p\). The Proceedings of the 11th Algorithmic Nnumber Theory Symposium (ANTS XI) (to appear)Google Scholar
  10. 10.
    De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. Journal of Mathematical Cryptology (to appear, 2014). http://eprint.iacr.org/2011/506
  11. 11.
    Galbraith, S.: Constructing isogenies between elliptic curves over finite fields. LMS Journal of Computation and Mathematics 2, 118–138 (1999)Google Scholar
  12. 12.
    Galbraith, S., Stolbunov, A.: Improved algorithm for the isogeny problem for ordinary elliptic curves. Applicable Algebra in Engineering, Communication and Computing 24(2), 107–131 (2013)MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    Grover, L.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, STOC 1996, pp. 212–219. ACM, New York (1996)Google Scholar
  14. 14.
    Littlewood, J.: On the class number of the corpus \(p(\sqrt{k})\). Proc. London Math. Soc. 27, 358–372 (1928)Google Scholar
  15. 15.
    Jao, D., De Feo, L.: Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  16. 16.
    Jao, D., Miller, S.D., Venkatesan, R.: Expander graphs based on GRH with an application to elliptic curve cryptography. J. Number Theory 129(6), 1491–1504 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  17. 17.
    Jao, D., Miller, S.D., Venkatesan, R.: Do All Elliptic Curves of the Same Order Have the Same Difficulty of Discrete Log? In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 21–40. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Jao, D., Soukharev, V.: Isogeny-Based Quantum-Resistant Undeniable Signatures. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 160–179. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  19. 19.
    Kuperberg, G.: A subexponential-time quantum algorithm for the dihedral hidden subgroup problem. SIAM J. Comput. 35(1), 170–188 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  20. 20.
    MAGMA Computational Algebra System. http://magma.maths.usyd.edu.au/
  21. 21.
    Regev, O.: A subexponential time algorithm for the dihedral hidden subgroup problem with polynomial space. arXiv:quant-ph/0406151
  22. 22.
    Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. IACR Cryptology ePrint Archive 2006, 145 (2006)Google Scholar
  23. 23.
    Schoof, R.: Counting points on elliptic curves over finite fields. Journal de théorie des nombres de Bordeaux 7, 219–254 (1995)MathSciNetzbMATHCrossRefGoogle Scholar
  24. 24.
    Seiichiro, T.: Claw finding algorithms using quantum walk. Theoretical Computer Science 410(50), 5285–5297 (2009), Mathematical Foundations of Computer Science (MFCS 2007)Google Scholar
  25. 25.
    Silverman, J.: The arithmetic of elliptic curves, vol. 106. Graduate texts in Mathematics. Springer (1992)Google Scholar
  26. 26.
    Stolbunov, A.: Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Adv. in Math. of Comm. 4(2), 215–235 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  27. 27.
  28. 28.
    Tate, J.: Endomoprhisms of abelian varieties over finite fields. Inventiones Mathematica 2, 134–144 (1966)MathSciNetzbMATHCrossRefGoogle Scholar
  29. 29.
    Vélu, J.: Isogénies entre courbes elliptiques. C. R. Acad. Sci. Paris Sér. A-B, 273, A238–A241 (1971)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Jean-François Biasse
    • 1
  • David Jao
    • 2
    Email author
  • Anirudh Sankar
    • 2
  1. 1.Department of Combinatorics and Optimization, Institute for Quantum ComputingUniversity of WaterlooWaterlooCanada
  2. 2.Department of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada

Personalised recommendations