Paper 2019/890
Extending the Adaptive Attack to 2-SIDH
Samuel Dobson and Steven D. Galbraith and Jason LeGrow and Yan Bo Ti and Lukas Zobernig
Abstract
In this note, we present a polynomial time and memory adaptive attack on the 2-SIDH protocol. The 2-SIDH protocol is a special instance of the countermeasure proposed by Azarderakhsh, Jao and Leonardi to perform isogeny-based key exchange with static keys in the presence of an adaptive attack. This countermeasure has also been recently explicitly proposed by Kayacan. Our attack extends the adaptive attack by Galbraith, Petit, Shani and Ti (GPST) by recovering a static secret using malformed points. The extension of GPST is non-trivial and requires learning more information. In particular, the attack needs to recover intermediate elliptic curves in the isogeny path, and points on them. We will use this extra information to show how the attacker recover the secret isogeny path from a partial path.
Note: Updated GIT URL
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- cryptanalysissupersingular isogeny Diffie-Hellman
- Contact author(s)
- dobsonsa68 @ gmail com,s galbraith @ auckland ac nz,jlegrow @ waterloo ca,yanbo ti @ gmail com,lukas zobernig @ gmail com
- History
- 2020-09-05: last of 4 revisions
- 2019-08-05: received
- See all versions
- Short URL
- https://ia.cr/2019/890
- License
-
CC BY