Paper 2021/1421
Revisiting Meet-in-the-Middle Cryptanalysis of SIDH/SIKE with Application to the $IKEp182 Challenge
, CryptoExperts (France)Abstract
This work focuses on concrete cryptanalysis of the isogeny-based cryptosystems SIDH/SIKE under realistic memory/storage constraints. More precisely, we are solving the problem of finding an isogeny of a given smooth degree between two given supersingular elliptic curves. Recent works by Adj et al. (SAC 2018), Costello et al. (PKC 2020), Longa et al. (CRYPTO 2021) suggest that parallel "memoryless" golden collision search by van Oorschot-Wiener (JoC 1999) is the best realistic approach for the problem. We show instead that the classic meet-in-the-middle attack is still competitive due to its very low computational overhead, at least on small parameters. As a concrete application, we apply the meet-in-the-middle attack with optimizations to the $IKEp182 challenge posed by Microsoft Research. The attack was executed on a cluster and required less than 10 core-years and 256TiB of high-performance network storage (GPFS). Different trade-offs allow execution of the attack with similar time complexity and reduced storage requirements of only about 70TiB.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Minor revision. SAC 2022
- Keywords
- IsogeniesCryptanalysisSIDHSIKEMeet-in-the-MiddleSet intersection
- Contact author(s)
- aleksei @ affine group
- History
- 2023-10-21: revised
- 2021-10-24: received
- See all versions
- Short URL
- https://ia.cr/2021/1421
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1421,
author = {Aleksei Udovenko and Giuseppe Vitto},
title = {Revisiting Meet-in-the-Middle Cryptanalysis of SIDH/SIKE with Application to the $IKEp182 Challenge},
howpublished = {Cryptology ePrint Archive, Paper 2021/1421},
year = {2021},
note = {\url{https://eprint.iacr.org/2021/1421}},
url = {https://eprint.iacr.org/2021/1421}
}
