Paper 2019/558

How to not break SIDH

Chloe Martindale and Lorenz Panny

Abstract

We give a number of approaches which, to a newcomer, may seem like natural ways to attack the SIDH/SIKE protocol, and explain why each of these approaches seems to fail, at least with the specific setup and parameters of SIKE. Our aim is to save some time for others who are looking to assess the security of SIDH/SIKE. We include methods that fail to attack the pure isogeny problem, namely: looking at the $\mathbb F_p$-subgraph, lifting to characteristic zero, and using Weil restrictions. We also include methods that fail to make use of the public 2-power and 3-power torsion points, namely: interpolation techniques, any purely group-theoretic approaches, and constructing an endomorphism à la Petit to exploit the auxiliary points, but with balanced parameters.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. CFAIL 2019
Keywords
isogeniesSIDHcryptanalysisnegative results
Contact author(s)
chloemartindale @ gmail com
l s panny @ tue nl
History
2019-05-25: received
Short URL
https://ia.cr/2019/558
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/558,
      author = {Chloe Martindale and Lorenz Panny},
      title = {How to not break {SIDH}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/558},
      year = {2019},
      url = {https://eprint.iacr.org/2019/558}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.