Paper 2017/774

Computational problems in supersingular elliptic curve isogenies

Steven D. Galbraith and Frederik Vercauteren


We present an overview of supersingular isogeny cryptography and how it fits into the broad theme of post-quantum public key crypto. The paper also gives a brief tutorial of elliptic curve isogenies and the computational problems relevant for supersingular isogeny crypto. Supersingular isogeny crypto is attracting attention due to the fact that the best attacks, both classical and quantum, require exponential time. However, the underlying computational problems have not been sufficiently studied by quantum algorithm researchers, especially since there are significant mathematical preliminaries needed to fully understand isogeny crypto. The main goal of the paper is to advertise various related computational problems, and to explain the relationships between them, in a way that is accessible to experts in quantum algorithms. This is a post-peer-review, pre-copyedit version of an article to be published as a "perspective paper" in the journal Quantum Information Processing.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Minor revision. Quantum Information Processing
Contact author(s)
s galbraith @ auckland ac nz
2018-08-29: last of 2 revisions
2017-08-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Steven D.  Galbraith and Frederik Vercauteren},
      title = {Computational problems in supersingular elliptic curve isogenies},
      howpublished = {Cryptology ePrint Archive, Paper 2017/774},
      year = {2017},
      doi = {10.1007/s11128-018-2023-6},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.