Skip to main content
SpringerLink
Log in

An Effective Lower Bound on the Number of Orientable Supersingular Elliptic Curves

  • Conference paper
  • First Online:
Selected Areas in Cryptography (SAC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13742))

Included in the following conference series:

  • 12 Accesses

Abstract

In this article, we prove a generic lower bound on the number of \(\mathfrak {O}\)-orientable supersingular curves over \(\mathbb {F}_{p^2}\), i.e. curves that admit an embedding of the quadratic order \(\mathfrak {O}\) inside their endomorphism ring. Prior to this work, the only known effective lower-bound is restricted to small discriminants. Our main result targets the case of fundamental discriminants and we derive a generic bound using the expansion properties of the supersingular isogeny graphs.

Our work is motivated by isogeny-based cryptography and the increasing number of protocols based on \(\mathfrak {O}\)-oriented curves. In particular, our lower bound provides a complexity estimate for the brute-force attack against the new \(\mathfrak {O}\)-uber isogeny problem introduced by De Feo, Delpech de Saint Guilhem, Fouotsa, Kutas, Leroux, Petit, Silva and Wesolowski in their recent article on the SETA encryption scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Arpin, S., Chen, M., Lauter, K.E., Scheidler, R., Stange, K.E., Tran, H.T.N.: Orienteering with one endomorphism. arXiv preprint arXiv:2201.11079 (2022)

  2. Alamati, N., De Feo, L., Montgomery, H., Patranabis, S.: Cryptographic group actions and applications. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 411–439. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_14

    Chapter  Google Scholar 

  3. Brzezinski, J., Eichler, M.: On the imbeddings of imaginary quadratic orders in definite quaternion orders (1992)

    Google Scholar 

  4. Belding, J.V.: Number theoretic algorithms for elliptic curves. University of Maryland, College Park (2008)

    Google Scholar 

  5. Beullens, W., Kleinjung, T., Vercauteren, F.: CSI-FiSh: efficient isogeny based signatures through class group computations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 227–247. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_9

    Chapter  Google Scholar 

  6. Brzezinski, J.: On orders in quaternion algebras. Commun. Algebra 11(5), 501–522 (1983)

    Article  MathSciNet  Google Scholar 

  7. Castryck, W., Decru, T.: An efficient key recovery attack on SIDH (preliminary version). Cryptology ePrint Archive (2022)

    Google Scholar 

  8. Colò, L., Kohel, D.: Orienting supersingular isogeny graphs. Number-Theoretic Methods in Cryptology 2019 (2019)

    Google Scholar 

  9. Charles, D.X., Lauter, K.E., Goren, E.Z.: Cryptographic hash functions from expander graphs. J. Cryptol. 22(1), 93–113 (2009)

    Article  MathSciNet  Google Scholar 

  10. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  11. Couveignes, J.-M.: Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006/291 (2006)

    Google Scholar 

  12. Chenu, M., Smith, B.: Higher-degree supersingular group actions. Math. Cryptol. (2021)

    Google Scholar 

  13. Chari, S., Smertnig, D., Voight, J.: On basic and bass quaternion orders. Proc. Am. Math. Soc. Ser. B 8(2), 11–26 (2021)

    Article  MathSciNet  Google Scholar 

  14. Deuring, M.: Die typen der multiplikatorenringe elliptischer funktionenkörper. Abh. Math. Semin. Univ. Hambg. 14(1), 197–272 (1941)

    Article  Google Scholar 

  15. De Feo, L., et al.: Séta: supersingular encryption from torsion attacks. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 249–278. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_9

    Chapter  Google Scholar 

  16. De Koninck, J.-M., Letendre, P.: New upper bounds for the number of divisors function. arXiv preprint arXiv:1812.09950 (2018)

  17. Dorman, D.R.: Global orders in definite quaternion algebras as endomorphism rings for reduced cm elliptic curves. Théorie des nombres (Quebec, PQ, 1987), pp. 108–116 (1987)

    Google Scholar 

  18. Eisenträger, K., Hallgren, S., Leonardi, C., Morrison, T., Park, J.: Computing endomorphism rings of supersingular elliptic curves and connections to path-finding in isogeny graphs. Open Book Ser. 4(1), 215–232 (2020)

    Article  MathSciNet  Google Scholar 

  19. Eichler, M.: Untersuchungen in der zahlentheorie der rationalen quaternionenalgebren (1936)

    Google Scholar 

  20. Iwaniec, H., Kowalski, E.: Analytic Number Theory, vol. 53. American Mathematical Society (2021)

    Google Scholar 

  21. Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2

    Chapter  Google Scholar 

  22. Kaneko, M.: Supersingular \(j\)-invariants as singular moduli\(\text{mod} \, p\) (1989)

    Google Scholar 

  23. Kohel, D.: Endomorphism rings of elliptic curves over finite fields. Ph.D. thesis, University of California at Berkeley (1996)

    Google Scholar 

  24. Love, J., Boneh, D.: Supersingular curves with small noninteger endomorphisms. Open Book Ser. 4(1), 7–22 (2020)

    Article  MathSciNet  Google Scholar 

  25. Littlewood, J.E.: On the class-number of the corpus p ( \(\sqrt{- k}\)). Proc. London Math. Soc. 2(1), 358–372 (1928)

    Article  MathSciNet  Google Scholar 

  26. Lauter, K., Viray, B.: On singular moduli for arbitrary discriminants. Int. Math. Res. Not. 2015(19), 9206–9250 (2015)

    Article  MathSciNet  Google Scholar 

  27. Maino, L., Martindale, C.: An attack on SIDH with arbitrary starting curve. Cryptology ePrint Archive (2022)

    Google Scholar 

  28. Onuki, H.: On oriented supersingular elliptic curves. Finite Fields Appl. 69, 101777 (2021)

    Article  MathSciNet  Google Scholar 

  29. de Quehen, V., et al.: Improved torsion-point attacks on SIDH variants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 432–470. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_15

    Chapter  Google Scholar 

  30. Robert, D.: Breaking SIDH in polynomial time. Cryptology ePrint Archive (2022)

    Google Scholar 

  31. Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. Cryptology ePrint Archive, Report 2006/145 (2006)

    Google Scholar 

  32. Voight, J.: Quaternion Algebras. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-56694-4

    Book  Google Scholar 

  33. Wesolowski, B.: Orientations and the supersingular endomorphism ring problem. Cryptology ePrint Archive, Report 2021/1583 (2021). https://ia.cr/2021/1583

  34. Wigert, C.S.: Sur l’ordre de grandeur du nombre des diviseurs d’un entier. Almqvist & Wiksell (1907)

    Google Scholar 

  35. Zagier, D., Gross, B.: On singular moduli. J. Fur Die Reine Angewandte Math. 191–220, 1985 (1985)

    Google Scholar 

Download references

Acknowledgements.

We are very grateful to John Voight for some crucial comments regarding the results in Sect. 3.2 and Proposition 9 in particular. We would also like to thank Luca De Feo and some anonymous reviewers for useful comments on an earlier version of this work.

Author information

Authors and Affiliations

  1. DGA, Paris, France

    Antonin Leroux

  2. LIX, CNRS, Ecole Polytechnique, Institut Polytechnique de Paris, Palaiseau, France

    Antonin Leroux

  3. INRIA, Paris, France

    Antonin Leroux

Authors
  1. Antonin Leroux
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Antonin Leroux .

Editor information

Editors and Affiliations

  1. Inria and École Polytechnique, Institut Polytechnique de Paris, Palaiseau, France

    Benjamin Smith

  2. Electrical and Computer Engineering, University of Windsor, Windsor, ON, Canada

    Huapeng Wu

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Leroux, A. (2024). An Effective Lower Bound on the Number of Orientable Supersingular Elliptic Curves. In: Smith, B., Wu, H. (eds) Selected Areas in Cryptography. SAC 2022. Lecture Notes in Computer Science, vol 13742. Springer, Cham. https://doi.org/10.1007/978-3-031-58411-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-58411-4_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-58410-7

  • Online ISBN: 978-3-031-58411-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation