How to not break SIDH

Chloe Martindale; Lorenz Panny

How to not break SIDH

Department of Computer Science

Research output: Contribution to conference › Conference Paper › peer-review

Abstract

We give a number of approaches which, to a newcomer, may seem like natural ways to attack the SIDH/SIKE protocol, and explain why each of these approaches seems to fail, at least with the specific setup and parameters of SIKE. Our aim is to save some time for others who are looking to assess the security of SIDH/SIKE. We include methods that fail to attack the pure isogeny problem, namely: looking at the Fp-subgraph, lifting to characteristic zero, and using Weil restrictions. We also include methods that fail to make use of the public 2-power and 3-power torsion points, namely: interpolation techniques, any purely group-theoretic approaches, and constructing an endomorphism à la Petit to exploit the auxiliary points, but with balanced parameters.

Original language	English
Publication status	Published - 2019
Event	CFAIL 2019 - Columbia University, New York, United States Duration: 31 May 2019 → 2 Jun 2019

Conference

Conference	CFAIL 2019
Country/Territory	United States
City	New York
Period	31/05/19 → 2/06/19

Handle.net

Persistent link

Cite this

@conference{5f2e15b4f72c4b8aac3114ac521ded28,

title = "How to not break SIDH",

abstract = "We give a number of approaches which, to a newcomer, may seem like natural ways to attack the SIDH/SIKE protocol, and explain why each of these approaches seems to fail, at least with the specific setup and parameters of SIKE. Our aim is to save some time for others who are looking to assess the security of SIDH/SIKE. We include methods that fail to attack the pure isogeny problem, namely: looking at the Fp-subgraph, lifting to characteristic zero, and using Weil restrictions. We also include methods that fail to make use of the public 2-power and 3-power torsion points, namely: interpolation techniques, any purely group-theoretic approaches, and constructing an endomorphism {\`a} la Petit to exploit the auxiliary points, but with balanced parameters.",

author = "Chloe Martindale and Lorenz Panny",

year = "2019",

language = "English",

note = "CFAIL 2019 ; Conference date: 31-05-2019 Through 02-06-2019",

}

TY - CONF

T1 - How to not break SIDH

AU - Martindale, Chloe

AU - Panny, Lorenz

PY - 2019

Y1 - 2019

N2 - We give a number of approaches which, to a newcomer, may seem like natural ways to attack the SIDH/SIKE protocol, and explain why each of these approaches seems to fail, at least with the specific setup and parameters of SIKE. Our aim is to save some time for others who are looking to assess the security of SIDH/SIKE. We include methods that fail to attack the pure isogeny problem, namely: looking at the Fp-subgraph, lifting to characteristic zero, and using Weil restrictions. We also include methods that fail to make use of the public 2-power and 3-power torsion points, namely: interpolation techniques, any purely group-theoretic approaches, and constructing an endomorphism à la Petit to exploit the auxiliary points, but with balanced parameters.

AB - We give a number of approaches which, to a newcomer, may seem like natural ways to attack the SIDH/SIKE protocol, and explain why each of these approaches seems to fail, at least with the specific setup and parameters of SIKE. Our aim is to save some time for others who are looking to assess the security of SIDH/SIKE. We include methods that fail to attack the pure isogeny problem, namely: looking at the Fp-subgraph, lifting to characteristic zero, and using Weil restrictions. We also include methods that fail to make use of the public 2-power and 3-power torsion points, namely: interpolation techniques, any purely group-theoretic approaches, and constructing an endomorphism à la Petit to exploit the auxiliary points, but with balanced parameters.

M3 - Conference Paper

T2 - CFAIL 2019

Y2 - 31 May 2019 through 2 June 2019

ER -

How to not break SIDH

Abstract

Conference

Handle.net

Fingerprint

Cite this