TY - GEN
T1 - A Direct Key Recovery Attack on SIDH
AU - Maino, Luciano
AU - Martindale, Chloe
AU - Panny, Lorenz
AU - Pope, Giacomo
AU - Wesolowski, Benjamin
N1 - Publisher Copyright:
© 2023, International Association for Cryptologic Research.
PY - 2023
Y1 - 2023
N2 - We present an attack on SIDH utilising isogenies between polarized products of two supersingular elliptic curves. In the case of arbitrary starting curve, our attack (discovered independently from [8]) has subexponential complexity, thus significantly reducing the security of SIDH and SIKE. When the endomorphism ring of the starting curve is known, our attack (here derived from [8]) has polynomial-time complexity assuming the generalised Riemann hypothesis. Our attack applies to any isogeny-based cryptosystem that publishes the images of points under the secret isogeny, for example Séta [13] and B-SIDH [11]. It does not apply to CSIDH [9], CSI-FiSh [3], or SQISign [14].
AB - We present an attack on SIDH utilising isogenies between polarized products of two supersingular elliptic curves. In the case of arbitrary starting curve, our attack (discovered independently from [8]) has subexponential complexity, thus significantly reducing the security of SIDH and SIKE. When the endomorphism ring of the starting curve is known, our attack (here derived from [8]) has polynomial-time complexity assuming the generalised Riemann hypothesis. Our attack applies to any isogeny-based cryptosystem that publishes the images of points under the secret isogeny, for example Séta [13] and B-SIDH [11]. It does not apply to CSIDH [9], CSI-FiSh [3], or SQISign [14].
KW - Cryptanalysis
KW - Elliptic curve
KW - Isogeny
KW - SIDH
UR - http://www.scopus.com/inward/record.url?scp=85160864472&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-30589-4_16
DO - 10.1007/978-3-031-30589-4_16
M3 - Conference contribution
AN - SCOPUS:85160864472
SN - 9783031305887
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 448
EP - 471
BT - Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Hazay, Carmit
A2 - Stam, Martijn
PB - Springer Science and Business Media Deutschland GmbH
T2 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2023
Y2 - 23 April 2023 through 27 April 2023
ER -