Genus Two Isogeny Cryptography

E. V.  Flynn; Yan Bo Ti

Paper 2019/177

Genus Two Isogeny Cryptography

E. V. Flynn

Yan Bo Ti

Abstract

We study $(ℓ, ℓ)$ -isogeny graphs of principally polarised supersingular abelian surfaces (PPSSAS). The $(ℓ, ℓ)$ -isogeny graph has cycles of small length that can be used to break the collision resistance assumption of the genus two isogeny hash function suggested by Takashima. Algorithms for computing $(2, 2)$ -isogenies on the level of Jacobians and $(3, 3)$ -isogenies on the level of Kummers are used to develop a genus two version of the supersingular isogeny Diffie--Hellman protocol of Jao and de~Feo. The genus two isogeny Diffie--Hellman protocol achieves the same level of security as SIDH but uses a prime with a third of the bit length.

Note: Added errata to fix typos.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Published elsewhere. PQCrypto 2019
Keywords: Post-quantum cryptography Isogeny-based cryptography Cryptanalysis Key exchange Hash function
Contact author(s): yanbo ti @ gmail com
History: 2022-06-08: revised; 2019-02-26: received; See all versions
Short URL: https://ia.cr/2019/177
License: CC BY

BibTeX

@misc{cryptoeprint:2019/177,
      author = {E. V.  Flynn and Yan Bo Ti},
      title = {Genus Two Isogeny Cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/177},
      year = {2019},
      url = {https://eprint.iacr.org/2019/177}
}