International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: On the Isogeny Problem with Torsion Point Information

Authors:
Tako Boris Fouotsa , University of Roma Tre
Péter Kutas , University of Birmingham and Eötvös Loránd University
Simon-Philipp Merz , Royal Holloway, University of London
Yan Bo Ti , DSO Singapore
Download:
Search ePrint
Search Google
Conference: PKC 2022
Abstract: It has recently been rigorously proven (and was previously known under certain heuristics) that the general supersingular isogeny problem reduces to the supersingular endomorphism ring computation problem. However, in order to attack SIDH-type schemes, one requires a particular isogeny which is usually not returned by the general reduction. At Asiacrypt 2016, Galbraith, Petit, Shani and Ti presented a polynomial-time reduction of the problem of finding the secret isogeny in SIDH to the problem of computing the endomorphism ring of a supersingular elliptic curve. Their method exploits the fact that secret isogenies in SIDH are of degree approximately $p^{1/2}$. The method does not extend to other SIDH-type schemes, where secret isogenies of larger degree are used and this condition is not fulfilled. We present a more general reduction algorithm that generalises to all SIDH-type schemes. The main idea of our algorithm is to exploit available torsion point images together with the KLPT algorithm to obtain a linear system of equations over a certain residue class ring. We show that this system will have a unique solution that can be lifted to the integers if some mild conditions on the parameters are satisfied. This lift then yields the secret isogeny. One consequence of this work is that the choice of the prime $p$ in \mbox{B-SIDH} is tight.
Video from PKC 2022
BibTeX
@inproceedings{pkc-2022-31688,
  title={On the Isogeny Problem with Torsion Point Information},
  publisher={Springer-Verlag},
  author={Tako Boris Fouotsa and Péter Kutas and Simon-Philipp Merz and Yan Bo Ti},
  year=2022
}