Cryptology ePrint Archive: Report 2021/706

Cryptanalysis of an oblivious PRF from supersingular isogenies

Andrea Basso and Péter Kutas and Simon-Philipp Merz and Christophe Petit and Antonio Sanso

Abstract: We cryptanalyse the SIDH-based oblivious pseudorandom function from supersingular isogenies proposed at Asiacrypt'20 by Boneh, Kogan and Woo. To this end, we give an attack on an assumption, the auxiliary one-more assumption, that was introduced by Boneh et al. and we show that this leads to an attack on the oblivious PRF itself. The attack breaks the pseudorandomness as it allows adversaries to evaluate the OPRF without further interactions with the server after some initial OPRF evaluations and some offline computations. More specifically, we first propose a polynomial-time attack. Then, we argue it is easy to change the OPRF protocol to include some countermeasures, and present a second subexponential attack that succeeds in the presence of said countermeasures. Both attacks break the security parameters suggested by Boneh et al. Furthermore, we provide a proof of concept implementation as well as some timings of our attack. Finally, we examine the generation of one of the OPRF parameters and argue that a trusted third party is needed to guarantee provable security.

Category / Keywords: cryptographic protocols / isogeny, isogenies, sidh, oprf, cryptanalysis

Date: received 27 May 2021, last revised 27 May 2021

Contact author: AXB1471 at student bham ac uk,kutasp@gmail com,simon-philipp merz 2018@live rhul ac uk,christophe f petit@gmail com,antonio sanso@gmail com

Available format(s): PDF | BibTeX Citation

Version: 20210528:092149 (All versions of this report)

Short URL: ia.cr/2021/706


[ Cryptology ePrint archive ]