Skip to main content
SpringerLink
Log in

A Polynomial-Time Attack on G2SIDH

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14252))

Included in the following conference series:

  • 664 Accesses

Abstract

Supersingular isogeny Diffie-Hellman key exchange protocol (SIDH) is the most concerned isogeny-based protocol resisting quantum attacks, and in 2019 Flynn and Ti implemented a dimension two version (G2SIDH). However, at EUROCRYPT’23, Castryck and Decru, Maino et al., and Robert proposed efficient attacks against SIDH. Moreover, Robert extended his attacks to high-dimensional SIDH in theory.

In this paper, we, for the first time, find that the uniqueness of isogeny decomposition and computing intermediate isogeny through kernel only hold for one class of high-dimensional isogenies. Besides, we prove a counting formula about isogenies between general abelian varieties. Based on these theoretic results, we present complete steps of parameter tweaks in attacks against high-dimensional SIDH, and analyze the efficiency of each tweak. In particular, for Flynn and Ti’s G2SIDH, we construct two attack algorithms that can recover the secret key in polynomial time. Our paper demonstrates the differences between isogenies in dimension one and higher dimensions, and illustrates that all high-dimensional SIDH protocols are insecure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Albrecht, M.R., et al.: Classic Mceliece (2022). https://classic.mceliece.org

  2. Azarderakhsh, R., et al.: Supersingular isogeny key encapsulation (2020). http://sike.org

  3. Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 423–447. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_15

    Chapter  Google Scholar 

  4. Costello, C., Hisil, H.: A simple and compact algorithm for SIDH with arbitrary degree isogenies. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 303–329. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_11

    Chapter  Google Scholar 

  5. Cox, D.A.: Primes of the Form x2+ ny2: Fermat, Class Field Theory, and Complex Multiplication with Solutions, vol. 387. American Mathematical Society (2022). https://dacox.people.amherst.edu/primes.html

  6. Dudley, U.: A Guide to Elementary Number Theory. Mathematical Association of America (2009). https://doi.org/10.5948/UPO9780883859186

  7. Flynn, E.V., Ti, Y.B.: Genus two isogeny cryptography. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 286–306. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_16

    Chapter  MATH  Google Scholar 

  8. Galbraith, S.D., Petit, C., Shani, B., Ti, Y.B.: On the security of supersingular isogeny cryptosystems. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 63–91. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_3

    Chapter  Google Scholar 

  9. Galbraith, S.D., Petit, C., Silva, J.: Identification protocols and signature schemes based on supersingular isogeny problems. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 3–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_1

    Chapter  Google Scholar 

  10. Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2

    Chapter  MATH  Google Scholar 

  11. De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209–247 (2014). https://doi.org/10.1515/jmc-2012-0015

  12. Kani, E.: The number of curves of genus two with elliptic differentials. Journal für die reine und angewandte Mathematik 485, 93–122 (1997). https://doi.org/10.1515/crll.1997.485.93

    Article  MathSciNet  MATH  Google Scholar 

  13. Lubicz, D., Robert, D.: Fast change of level and applications to isogenies. Res. Number Theory 9(1), 7 (2022). https://doi.org/10.1007/s40993-022-00407-9

    Article  MathSciNet  MATH  Google Scholar 

  14. Maino, L., Martindale, C., Panny, L., Pope, G., Wesolowski, B.: A direct key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, pp. 448–471. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_16

    Chapter  Google Scholar 

  15. Milne, J.S.: Abelian varieties. In: Cornell, G., Silverman, J.H. (eds.) Arithmetic Geometry, pp. 103–150. Springer, New York (1986). https://doi.org/10.1007/978-1-4613-8655-1_5

    Chapter  Google Scholar 

  16. Mumford, D., Ramanujam, C.P., Manin, J.I.: Abelian Varieties, vol. 5. Oxford University Press, Oxford (1974)

    Google Scholar 

  17. Petit, C.: Faster algorithms for isogeny problems using torsion point images. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 330–353. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_12

    Chapter  Google Scholar 

  18. de Quehen, V., et al.: Improved torsion-point attacks on SIDH variants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 432–470. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_15

    Chapter  Google Scholar 

  19. Robert, D.: Breaking SIDH in polynomial time. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 472–503. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_17

    Chapter  Google Scholar 

  20. Schwabe, P., et al.: Cryptographic suite for algebraic lattices (2019). https://pq-crystals.org

  21. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999). https://doi.org/10.1137/S0036144598347011

    Article  MathSciNet  MATH  Google Scholar 

  22. Takashima, K.: Efficient algorithms for isogeny sequences and their cryptographic applications. In: Takagi, T., Wakayama, M., Tanaka, K., Kunihiro, N., Kimoto, K., Duong, D.H. (eds.) Mathematical Modelling for Next-Generation Cryptography. MI, vol. 29, pp. 97–114. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-5065-7_6

    Chapter  Google Scholar 

  23. Tani, S.: Claw finding algorithms using quantum walk. Theor. Comput. Sci. 410(50), 5285–5297 (2009). https://doi.org/10.1016/j.tcs.2009.08.030

    Article  MathSciNet  MATH  Google Scholar 

  24. Ti, Y.B.: Fault attack on supersingular isogeny cryptosystems. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 107–122. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_7

    Chapter  Google Scholar 

  25. Zarhin, J.G.: A remark on endomorphisms of abelian varieties over function fields of finite characteristic. Math. USSR-Izvestiya 8(3), 477 (1974). https://doi.org/10.1070/IM1974v008n03ABEH002115

    Article  Google Scholar 

Download references

Acknowledgements

The authors are grateful to the anonymous reviewers for their invaluable comments. This work was supported by the National Natural Science Foundation of China under Grants Nos. 62072011 and 61672059, and National Key R &D Program of China under Grant No. 2022YFB2703000.

Author information

Authors and Affiliations

  1. School of Mathematical Sciences, Peking University, Beijing, China

    Guoqing Zhou & Maozhi Xu

Authors
  1. Guoqing Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maozhi Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maozhi Xu .

Editor information

Editors and Affiliations

  1. Nankai University, Tianjin, China

    Ding Wang

  2. Columbia University, New York, NY, USA

    Moti Yung

  3. Nankai University, Tianjin, China

    Zheli Liu

  4. Xidian University, Xi’an, China

    Xiaofeng Chen

A Algorithms

A Algorithms

figure g
figure h

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhou, G., Xu, M. (2023). A Polynomial-Time Attack on G2SIDH. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7356-9_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7355-2

  • Online ISBN: 978-981-99-7356-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation