The Pohlig-Hellman method generalized for group structure computation
Journal of Symbolic Computation
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Extending the GHS Weil Descent Attack
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems
ANTS-V Proceedings of the 5th International Symposium on Algorithmic Number Theory
Full Cryptanalysis of LPS and Morgenstern Hash Functions
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Cryptographic Hash Functions from Expander Graphs
Journal of Cryptology
Claw finding algorithms using quantum walk
Theoretical Computer Science
Promised and distributed quantum search
COCOON'05 Proceedings of the 11th annual international conference on Computing and Combinatorics
Hi-index | 0.00 |
We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring. Our work is motivated by the recent development of a subexponential-time quantum algorithm for constructing isogenies between ordinary elliptic curves. In the supersingular case, by contrast, the fastest known quantum attack remains exponential, since the noncommutativity of the endomorphism ring means that the approach used in the ordinary case does not apply. We give a precise formulation of the necessary computational assumption along with a discussion of its validity. In addition, we present implementation results showing that our protocols are multiple orders of magnitude faster than previous isogeny-based cryptosystems over ordinary curves.