Cryptology ePrint Archive: Report 2019/1329

Drinfeld modules are not for isogeny based cryptography

Antoine Joux and Anand Kumar Narayanan

Abstract: Elliptic curves play a prominent role in cryptography. For instance, the hardness of the elliptic curve discrete logarithm problem is a foundational assumption in public key cryptography. Drinfeld modules are positive characteristic function field analogues of elliptic curves. It is natural to ponder the existence/security of Drinfeld module analogues of elliptic curve cryptosystems. But the Drinfeld module discrete logarithm problem is easy even on a classical computer. Beyond discrete logarithms, elliptic curve isogeny based cryptosystems have have emerged as candidates for post-quantum cryptography, including supersingular isogeny Diffie-Hellman (SIDH) and commutative supersingular isogeny Diffie-Hellman (CSIDH) protocols. We formulate Drinfeld module analogues of these elliptic curve isogeny based cryptosystems and devise classical polynomial time algorithms to break these Drinfeld analogues catastrophically.

Category / Keywords: public-key cryptography / cryptanalysis, elliptic curve cryptosystem, number theory

Date: received 19 Nov 2019, last revised 19 Nov 2019

Contact author: antoine joux at m4x org,anand narayanan@lip6 fr

Available format(s): PDF | BibTeX Citation

Version: 20191119:140145 (All versions of this report)

Short URL: ia.cr/2019/1329


[ Cryptology ePrint archive ]