## Cryptology ePrint Archive: Report 2019/1244

A Note on a Static SIDH Protocol

Samuel Dobson and Trey Li and Lukas Zobernig

Abstract: It is well known, due to the adaptive attack by Galbraith, Petit, Shani, and Ti (GPST), that plain SIDH is insecure in the static setting. Recently, Kayacan's preprint "A Note on the Static-Static Key Agreement Protocol from Supersingular Isogenies", ePrint 2019/815, presented two possible fixes. Protocol A (also known as 2-SIDH, a low-degree instantiation of the more general k-SIDH) has been broken by Dobson, Galbraith, LeGrow, Ti, and Zobernig. In this short note we will show how to break Protocol B in one oracle query per private key bit and $O(1)$ local complexity.

Category / Keywords: public-key cryptography / cryptanalysis, supersingular isogeny Diffie-Hellman