Paper 2019/1329

Drinfeld modules may not be for isogeny based cryptography

Antoine Joux and Anand Kumar Narayanan

Abstract

Elliptic curves play a prominent role in cryptography. For instance, the hardness of the elliptic curve discrete logarithm problem is a foundational assumption in public key cryptography. Drinfeld modules are positive characteristic function field analogues of elliptic curves. It is natural to ponder the existence/security of Drinfeld module analogues of elliptic curve cryptosystems. But the Drinfeld module discrete logarithm problem is easy even on a classical computer. Beyond discrete logarithms, elliptic curve isogeny based cryptosystems have have emerged as candidates for post-quantum cryptography, including supersingular isogeny Diffie-Hellman (SIDH) and commutative supersingular isogeny Diffie-Hellman (CSIDH) protocols. We formulate Drinfeld module analogues of these elliptic curve isogeny based cryptosystems and devise classical polynomial time algorithms to break these Drinfeld analogues catastrophically.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
cryptanalysiselliptic curve cryptosystemnumber theory
Contact author(s)
antoine joux @ m4x org
anand narayanan @ lip6 fr
History
2020-03-20: revised
2019-11-19: received
See all versions
Short URL
https://ia.cr/2019/1329
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1329,
      author = {Antoine Joux and Anand Kumar Narayanan},
      title = {Drinfeld modules may not be for isogeny based cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1329},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1329}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.