Cryptology ePrint Archive: Report 2019/950

Another look at some isogeny hardness assumptions

Simon-Philipp Merz and Romy Minko and Christophe Petit

Abstract: The security proofs for isogeny-based undeniable signature schemes have been based primarily on two isogeny hardness assumptions: that the One-Sided Modified SSCDH problem and the One-More SSCDH problem are hard to solve. We challenge the validity of these assumptions, showing that both the decisional and computational variants of these problems can be solved in polynomial time. We further demonstrate an attack, applicable to two undeniable signature schemes, one of which was proposed at PQCrypto 2014, which allows an adversary to forge signatures in $2^{4\lambda/5}$ steps on a classical computer. This is an improvement over the expected classical security of $2^{\lambda}$, where $\lambda$ is the chosen security parameter.

Category / Keywords: public-key cryptography / post-quantum cryptography, isogeny-based cryptography, cryptanalysis

Date: received 21 Aug 2019, last revised 23 Aug 2019

Contact author: simon-philipp merz 2018 at rhul ac uk

Available format(s): PDF | BibTeX Citation

Version: 20190823:124951 (All versions of this report)

Short URL: ia.cr/2019/950


[ Cryptology ePrint archive ]