Paper 2022/345
On the decisional Diffie-Hellman problem for class group actions on oriented elliptic curves
Abstract
We show how the Weil pairing can be used to evaluate the assigned characters of an imaginary quadratic order $\mathcal{O}$ in an unknown ideal class $[\mathfrak{a}] \in \mathrm{Cl}(\mathcal{O})$ that connects two given $\mathcal{O}$-oriented elliptic curves $(E, \iota)$ and $(E', \iota') = [\mathfrak{a}](E, \iota)$. When specialized to ordinary elliptic curves over finite fields, our method is conceptually simpler and often faster than a recent approach due to Castryck, Sot\'akov\'a and Vercauteren, who rely on the Tate pairing instead. The main implication of our work is that it breaks the decisional Diffie–Hellman problem for practically all oriented elliptic curves that are acted upon by an even-order class group. It can also be used to better handle the worst cases in Wesolowski's recent reduction from the vectorization problem for oriented elliptic curves to the endomorphism ring problem, leading to a method that always works in sub-exponential time.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. ANTS XV -- Research in Number Theory
- Keywords
- decisional Diffie-Hellman isogeny-based cryptography oriented elliptic curves class group action Weil pairing
- Contact author(s)
-
wouter castryck @ esat kuleuven be
houben mr @ gmail com
frederik vercauteren @ esat kuleuven be
benjamin wesolowski @ math u-bordeaux fr - History
- 2022-10-01: last of 2 revisions
- 2022-03-14: received
- See all versions
- Short URL
- https://ia.cr/2022/345
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/345,
author = {Wouter Castryck and Marc Houben and Frederik Vercauteren and Benjamin Wesolowski},
title = {On the decisional Diffie-Hellman problem for class group actions on oriented elliptic curves},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/345},
year = {2022},
url = {https://eprint.iacr.org/2022/345}
}
