An efficient key recovery attack on SIDH
W Castryck, T Decru - Annual International Conference on the Theory and …, 2023 - Springer
We present an efficient key recovery attack on the Supersingular Isogeny Diffie–Hellman
protocol (SIDH). The attack is based on Kani's “reducibility criterion” for isogenies from …
protocol (SIDH). The attack is based on Kani's “reducibility criterion” for isogenies from …
Breaking SIDH in polynomial time
D Robert - Annual International Conference on the Theory and …, 2023 - Springer
Breaking SIDH in Polynomial Time | SpringerLink Skip to main content Advertisement
SpringerLink Account Menu Find a journal Publish with us Track your research Search Cart …
SpringerLink Account Menu Find a journal Publish with us Track your research Search Cart …
A direct key recovery attack on SIDH
L Maino, C Martindale, L Panny, G Pope… - … Conference on the …, 2023 - Springer
We present an attack on SIDH utilising isogenies between polarized products of two
supersingular elliptic curves. In the case of arbitrary starting curve, our attack (discovered …
supersingular elliptic curves. In the case of arbitrary starting curve, our attack (discovered …
[PDF][PDF] An efficient key recovery attack on SIDH (preliminary version).
W Castryck, T Decru - IACR Cryptol. ePrint Arch., 2022 - esat.kuleuven.be
We present an efficient key recovery attack on the Supersingular Isogeny Diffie–Hellman
protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the …
protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the …
SQISign: compact post-quantum signatures from quaternions and isogenies
We introduce a new signature scheme, SQISign,(for Short Quaternion and Isogeny
Signature) from isogeny graphs of supersingular elliptic curves. The signature scheme is …
Signature) from isogeny graphs of supersingular elliptic curves. The signature scheme is …
[PDF][PDF] Status report on the third round of the NIST post-quantum cryptography standardization process
G Alagic, G Alagic, D Apon, D Cooper, Q Dang, T Dang… - 2022 - tsapps.nist.gov
Abstract The National Institute of Standards and Technology is in the process of selecting
publickey cryptographic algorithms through a public, competition-like process. The new …
publickey cryptographic algorithms through a public, competition-like process. The new …
An attack on SIDH with arbitrary starting curve
L Maino, C Martindale - Cryptology ePrint Archive, 2022 - eprint.iacr.org
We present an attack on SIDH which does not require any endomorphism information on the
starting curve. Our attack has subexponential complexity thus significantly reducing the …
starting curve. Our attack has subexponential complexity thus significantly reducing the …
M-SIDH and MD-SIDH: countering SIDH attacks by masking information
The SIDH protocol is an isogeny-based key exchange protocol using supersingular
isogenies, designed by Jao and De Feo in 2011. The protocol underlies the SIKE algorithm …
isogenies, designed by Jao and De Feo in 2011. The protocol underlies the SIKE algorithm …
FESTA: fast encryption from supersingular torsion attacks
A Basso, L Maino, G Pope - International Conference on the Theory and …, 2023 - Springer
We introduce FESTA, an efficient isogeny-based public-key encryption (PKE) protocol based
on a constructive application of the SIDH attacks. At its core, FESTA is based on a novel …
on a constructive application of the SIDH attacks. At its core, FESTA is based on a novel …
SCALLOP: scaling the CSI-FiSh
We present SCALLOP: SCALable isogeny action based on Oriented supersingular curves
with Prime conductor, a new group action based on isogenies of supersingular curves …
with Prime conductor, a new group action based on isogenies of supersingular curves …