On the Security of Supersingular Isogeny CryptosystemsReportar como inadecuado




On the Security of Supersingular Isogeny Cryptosystems - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

Reference: Galbraith, SD, Petit, Christophe, Shani, B et al., (2016). On the Security of Supersingular Isogeny Cryptosystems. International Conference on the Theory and Application of Cryptology and Information Security. Advances in Cryptology – ASIACRYPT 2016, 10031, 63-91.Citable link to this page:

 

On the Security of Supersingular Isogeny Cryptosystems Subtitle: Volume 10031 of the book series Lecture Notes in Computer Science (LNCS)

Abstract: We study cryptosystems based on supersingular isogenies. This is an active area of research in post-quantum cryptography. Our first contribution is to give a very powerful active attack on the supersingular isogeny encryption scheme. This attack can only be prevented by using a (relatively expensive) countermeasure. Our second contribution is to show that the security of all schemes of this type depends on the difficulty of computing the endomorphism ring of a supersingular elliptic curve. This result gives significant insight into the difficulty of the isogeny problem that underlies the security of these schemes. Our third contribution is to give a reduction that uses partial knowledge of shared keys to determine an entire shared key. This can be used to retrieve the secret key, given information leaked from a side-channel attack on the key exchange protocol. A corollary of this work is the first bit security result for the supersingular isogeny key exchange: Computing any component of the j-invariant is as hard as computing the whole j-invariant.Our paper therefore provides an improved understanding of the security of these cryptosystems. We stress that our work does not imply that these systems are insecure, or that they should not be used. However, it highlights that implementations of these schemes will need to take account of the risks associated with various active and side-channel attacks.

Publication status:PublishedPeer Review status:Peer reviewedPeer Review status:Accepted ManuscriptDate of acceptance:14 August 2016Notes:© International Association for Cryptologic Research 2016. Published by Springer Verlag. This is the author accepted manuscript following peer review version of the article. The final version is available online from Springer Verlag at: 10.1007/978-3-662-53887-6_3Notes:This paper was presented at: 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4-8, 2016

Bibliographic Details

Publisher: Springer Verlag

Publisher Website: http://link.springer.com/

Host: International Conference on the Theory and Application of Cryptology and Information Security. Advances in Cryptology – ASIACRYPT 2016see more from them

Publication Website: http://link.springer.com/book/10.1007/978-3-662-53887-6

Volume: 10031

Issue Date: 2016-12-08

pages:63-91Identifiers

Doi: https://doi.org/10.1007/978-3-662-53887-6_3

Isbn: 978-3-662-53886-9

Isbn: 978-3-662-53887-6

Uuid: uuid:840faec4-382f-44ec-aeac-76bd5962f7cb

Urn: uri:840faec4-382f-44ec-aeac-76bd5962f7cb

Pubs-id: pubs:638694 Item Description

Type: conference-proceeding; Keywords: isogenies supersingular elliptic curves

Relationships





Autor: Galbraith, SD - - - Petit, Christophe - Oxford, MPLS, Mathematical Institute fundingGovernment Communications HQ - - - Shani, B -

Fuente: https://ora.ox.ac.uk/objects/uuid:840faec4-382f-44ec-aeac-76bd5962f7cb



DESCARGAR PDF




Documentos relacionados