Paper 2019/177

Genus Two Isogeny Cryptography

E. V. Flynn
Yan Bo Ti
Abstract

We study $(\ell,\ell)$-isogeny graphs of principally polarised supersingular abelian surfaces (PPSSAS). The $(\ell,\ell)$-isogeny graph has cycles of small length that can be used to break the collision resistance assumption of the genus two isogeny hash function suggested by Takashima. Algorithms for computing $(2,2)$-isogenies on the level of Jacobians and $(3,3)$-isogenies on the level of Kummers are used to develop a genus two version of the supersingular isogeny Diffie--Hellman protocol of Jao and de~Feo. The genus two isogeny Diffie--Hellman protocol achieves the same level of security as SIDH but uses a prime with a third of the bit length.

Note: Added errata to fix typos.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. PQCrypto 2019
Keywords
Post-quantum cryptography Isogeny-based cryptography Cryptanalysis Key exchange Hash function
Contact author(s)
yanbo ti @ gmail com
History
2022-06-08: revised
2019-02-26: received
See all versions
Short URL
https://ia.cr/2019/177
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/177,
      author = {E. V.  Flynn and Yan Bo Ti},
      title = {Genus Two Isogeny Cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/177},
      year = {2019},
      url = {https://eprint.iacr.org/2019/177}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.