Abstract
Supersingular isogeny Diffie-Hellman key exchange protocol (SIDH) is the most concerned isogeny-based protocol resisting quantum attacks, and in 2019 Flynn and Ti implemented a dimension two version (G2SIDH). However, at EUROCRYPT’23, Castryck and Decru, Maino et al., and Robert proposed efficient attacks against SIDH. Moreover, Robert extended his attacks to high-dimensional SIDH in theory.
In this paper, we, for the first time, find that the uniqueness of isogeny decomposition and computing intermediate isogeny through kernel only hold for one class of high-dimensional isogenies. Besides, we prove a counting formula about isogenies between general abelian varieties. Based on these theoretic results, we present complete steps of parameter tweaks in attacks against high-dimensional SIDH, and analyze the efficiency of each tweak. In particular, for Flynn and Ti’s G2SIDH, we construct two attack algorithms that can recover the secret key in polynomial time. Our paper demonstrates the differences between isogenies in dimension one and higher dimensions, and illustrates that all high-dimensional SIDH protocols are insecure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albrecht, M.R., et al.: Classic Mceliece (2022). https://classic.mceliece.org
Azarderakhsh, R., et al.: Supersingular isogeny key encapsulation (2020). http://sike.org
Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 423–447. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_15
Costello, C., Hisil, H.: A simple and compact algorithm for SIDH with arbitrary degree isogenies. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 303–329. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_11
Cox, D.A.: Primes of the Form x2+ ny2: Fermat, Class Field Theory, and Complex Multiplication with Solutions, vol. 387. American Mathematical Society (2022). https://dacox.people.amherst.edu/primes.html
Dudley, U.: A Guide to Elementary Number Theory. Mathematical Association of America (2009). https://doi.org/10.5948/UPO9780883859186
Flynn, E.V., Ti, Y.B.: Genus two isogeny cryptography. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 286–306. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_16
Galbraith, S.D., Petit, C., Shani, B., Ti, Y.B.: On the security of supersingular isogeny cryptosystems. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 63–91. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_3
Galbraith, S.D., Petit, C., Silva, J.: Identification protocols and signature schemes based on supersingular isogeny problems. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 3–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_1
Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2
De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209–247 (2014). https://doi.org/10.1515/jmc-2012-0015
Kani, E.: The number of curves of genus two with elliptic differentials. Journal für die reine und angewandte Mathematik 485, 93–122 (1997). https://doi.org/10.1515/crll.1997.485.93
Lubicz, D., Robert, D.: Fast change of level and applications to isogenies. Res. Number Theory 9(1), 7 (2022). https://doi.org/10.1007/s40993-022-00407-9
Maino, L., Martindale, C., Panny, L., Pope, G., Wesolowski, B.: A direct key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, pp. 448–471. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_16
Milne, J.S.: Abelian varieties. In: Cornell, G., Silverman, J.H. (eds.) Arithmetic Geometry, pp. 103–150. Springer, New York (1986). https://doi.org/10.1007/978-1-4613-8655-1_5
Mumford, D., Ramanujam, C.P., Manin, J.I.: Abelian Varieties, vol. 5. Oxford University Press, Oxford (1974)
Petit, C.: Faster algorithms for isogeny problems using torsion point images. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 330–353. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_12
de Quehen, V., et al.: Improved torsion-point attacks on SIDH variants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 432–470. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_15
Robert, D.: Breaking SIDH in polynomial time. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 472–503. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_17
Schwabe, P., et al.: Cryptographic suite for algebraic lattices (2019). https://pq-crystals.org
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999). https://doi.org/10.1137/S0036144598347011
Takashima, K.: Efficient algorithms for isogeny sequences and their cryptographic applications. In: Takagi, T., Wakayama, M., Tanaka, K., Kunihiro, N., Kimoto, K., Duong, D.H. (eds.) Mathematical Modelling for Next-Generation Cryptography. MI, vol. 29, pp. 97–114. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-5065-7_6
Tani, S.: Claw finding algorithms using quantum walk. Theor. Comput. Sci. 410(50), 5285–5297 (2009). https://doi.org/10.1016/j.tcs.2009.08.030
Ti, Y.B.: Fault attack on supersingular isogeny cryptosystems. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 107–122. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_7
Zarhin, J.G.: A remark on endomorphisms of abelian varieties over function fields of finite characteristic. Math. USSR-Izvestiya 8(3), 477 (1974). https://doi.org/10.1070/IM1974v008n03ABEH002115
Acknowledgements
The authors are grateful to the anonymous reviewers for their invaluable comments. This work was supported by the National Natural Science Foundation of China under Grants Nos. 62072011 and 61672059, and National Key R &D Program of China under Grant No. 2022YFB2703000.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Algorithms
A Algorithms
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhou, G., Xu, M. (2023). A Polynomial-Time Attack on G2SIDH. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_6
Download citation
DOI: https://doi.org/10.1007/978-981-99-7356-9_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7355-2
Online ISBN: 978-981-99-7356-9
eBook Packages: Computer ScienceComputer Science (R0)