How to not break SIDH

Chloe Martindale, Lorenz Panny

Research output: Contribution to conferenceConference Paperpeer-review


We give a number of approaches which, to a newcomer, may seem like natural ways to attack the SIDH/SIKE protocol, and explain why each of these approaches seems to fail, at least with the specific setup and parameters of SIKE. Our aim is to save some time for others who are looking to assess the security of SIDH/SIKE. We include methods that fail to attack the pure isogeny problem, namely: looking at the Fp-subgraph, lifting to characteristic zero, and using Weil restrictions. We also include methods that fail to make use of the public 2-power and 3-power torsion points, namely: interpolation techniques, any purely group-theoretic approaches, and constructing an endomorphism à la Petit to exploit the auxiliary points, but with balanced parameters.
Original languageEnglish
Publication statusPublished - 2019
EventCFAIL 2019 - Columbia University, New York, United States
Duration: 31 May 20192 Jun 2019


ConferenceCFAIL 2019
Country/TerritoryUnited States
CityNew York


Dive into the research topics of 'How to not break SIDH'. Together they form a unique fingerprint.

Cite this