An efficient key recovery attack on SIDH
W Castryck, T Decru - Annual International Conference on the Theory and …, 2023 - Springer
We present an efficient key recovery attack on the Supersingular Isogeny Diffie–Hellman
protocol (SIDH). The attack is based on Kani's “reducibility criterion” for isogenies from …
protocol (SIDH). The attack is based on Kani's “reducibility criterion” for isogenies from …
Breaking SIDH in polynomial time
D Robert - Annual International Conference on the Theory and …, 2023 - Springer
Breaking SIDH in Polynomial Time | SpringerLink Skip to main content Advertisement
SpringerLink Account Menu Find a journal Publish with us Track your research Search Cart …
SpringerLink Account Menu Find a journal Publish with us Track your research Search Cart …
A direct key recovery attack on SIDH
L Maino, C Martindale, L Panny, G Pope… - … Conference on the …, 2023 - Springer
We present an attack on SIDH utilising isogenies between polarized products of two
supersingular elliptic curves. In the case of arbitrary starting curve, our attack (discovered …
supersingular elliptic curves. In the case of arbitrary starting curve, our attack (discovered …
SQISign: compact post-quantum signatures from quaternions and isogenies
We introduce a new signature scheme, SQISign,(for Short Quaternion and Isogeny
Signature) from isogeny graphs of supersingular elliptic curves. The signature scheme is …
Signature) from isogeny graphs of supersingular elliptic curves. The signature scheme is …
CSIDH: an efficient post-quantum commutative group action
We propose an efficient commutative group action suitable for non-interactive key exchange
in a post-quantum setting. Our construction follows the layout of the Couveignes–Rostovtsev …
in a post-quantum setting. Our construction follows the layout of the Couveignes–Rostovtsev …
An attack on SIDH with arbitrary starting curve
L Maino, C Martindale - Cryptology ePrint Archive, 2022 - eprint.iacr.org
We present an attack on SIDH which does not require any endomorphism information on the
starting curve. Our attack has subexponential complexity thus significantly reducing the …
starting curve. Our attack has subexponential complexity thus significantly reducing the …
M-SIDH and MD-SIDH: countering SIDH attacks by masking information
The SIDH protocol is an isogeny-based key exchange protocol using supersingular
isogenies, designed by Jao and De Feo in 2011. The protocol underlies the SIKE algorithm …
isogenies, designed by Jao and De Feo in 2011. The protocol underlies the SIKE algorithm …
FESTA: fast encryption from supersingular torsion attacks
A Basso, L Maino, G Pope - International Conference on the Theory and …, 2023 - Springer
We introduce FESTA, an efficient isogeny-based public-key encryption (PKE) protocol based
on a constructive application of the SIDH attacks. At its core, FESTA is based on a novel …
on a constructive application of the SIDH attacks. At its core, FESTA is based on a novel …
Supersingular curves you can trust
Generating a supersingular elliptic curve such that nobody knows its endomorphism ring is a
notoriously hard task, despite several isogeny-based protocols relying on such an object. A …
notoriously hard task, despite several isogeny-based protocols relying on such an object. A …
B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion
C Costello - Advances in Cryptology–ASIACRYPT 2020: 26th …, 2020 - Springer
This paper explores a new way of instantiating isogeny-based cryptography in which parties
can work in both the (p+ 1)(p+ 1)-torsion of a set of supersingular curves and in the (p-1)(p …
can work in both the (p+ 1)(p+ 1)-torsion of a set of supersingular curves and in the (p-1)(p …