Paper 2022/1667

Applying Castryck-Decru Attack on the Masked Torsion Point Images SIDH variant

Jesús-Javier Chi-Domínguez, Technology Innovation Institute
Abstract

This paper illustrates that masking the torsion point images does not guarantee Castryck-Decru attack does not apply. Our experiments over SIDH primes hint that any square root concerning the Weil pairing on the masked public key helps to recover Bob's private key via the Castryck-Decru attack.

Note: We summarize below all changes (in chronological ordering) from the initial version to the most recent version: Changes according to Benjamin Wesolowski, Luca De Feo, and Peter Kutas for their discussion; Clarify that any of the four sqrt works to recover the secret isogeny (for SIDH primes); Add a brief description of the Catryck-Decru's Attack; Extend discussion concerning the reduction to the square roots of the unity subgroup; Include additional code to test new observations over CSIDH-like primes (particular shape of the kernels); Fix a few margins and typos in the Appendices;

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
CryptanalysisCastryck-Decru AttackIsogeny-based cryptographyMasked-SIDH
Contact author(s)
jesus dominguez @ tii ae
History
2023-01-03: last of 4 revisions
2022-11-30: received
See all versions
Short URL
https://ia.cr/2022/1667
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/1667,
      author = {Jesús-Javier Chi-Domínguez},
      title = {Applying Castryck-Decru Attack on the Masked Torsion Point Images SIDH variant},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1667},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1667}},
      url = {https://eprint.iacr.org/2022/1667}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.