Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies
We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring. Our work is motivated by the recent development of a subexponential-time quantum algorithm for constructing isogenies between ordinary elliptic curves. In the supersingular case, by contrast, the fastest known quantum attack remains exponential, since the noncommutativity of the endomorphism ring means that the approach used in the ordinary case does not apply. We give a precise formulation of the necessary computational assumption along with a discussion of its validity. In addition, we present implementation results showing that our protocols are multiple orders of magnitude faster than previous isogeny-based cryptosystems over ordinary curves.
Keywordselliptic curves isogenies quantum-resistant public-key cryptosystems
Unable to display preview. Download preview PDF.
- 5.Childs, A., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time (2010), http://arxiv.org/abs/1012.4019/
- 6.Couveignes, J.: Hard homogeneous spaces (2006), http://eprint.iacr.org/2006/291/
- 9.Galbraith, S., Stolbunov, A.: Improved algorithm for the isogeny problem for ordinary elliptic curves (2011), http://arxiv.org/abs/1105.6331/
- 11.Lagarias, J., Odlyzko, A.: Effective versions of the Chebotarev density theorem. In: Proc. Sympos. on Algebraic Number Fields: L-functions and Galois Properties, Univ. Durham, Durham, 1975, pp. 409–464. Academic Press, London (1977)Google Scholar
- 14.Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies (2006), http://eprint.iacr.org/2006/145/
- 15.Silverman, J.: The arithmetic of elliptic curves. Graduate Texts in Mathematics, vol. 106. Springer, New York (1992); Corrected reprint of the 1986 originalGoogle Scholar
- 17.Stein, W., et al.: Sage Mathematics Software (Version 4.6.2). The Sage Development Team (2011), http://www.sagemath.org
- 18.Stolbunov, A.: Reductionist security arguments for public-key cryptographic schemes based on group action. In: Mjølsnes, S.F. (ed.) Norsk informasjonssikkerhetskonferanse (NISK), pp. 97–109 (2009)Google Scholar
- 20.Tani, S.: Claw Finding Algorithms Using Quantum Walk. arXiv:0708.2584 (March 2008)Google Scholar
- 23.The PARI Group, Bordeaux. PARI/GP, version 2.4.3 (2008) http://pari.math.u-bordeaux.fr/