Cryptology ePrint Archive: Report 2022/357

An Effective Lower Bound on the Number of Orientable Supersingular Elliptic Curves

Antonin Leroux

Abstract: In this article, we prove a generic lower bound on the number of $\mathfrak{O}$-\textit{orientable} supersingular curves over $\FF_{p^2}$, i.e curves that admit an embedding of the quadratic order $\mathfrak{O}$ inside their endomorphism ring. Prior to this work, the only known effective lower-bound is restricted to small discriminants. Our main result targets the case of fundamental discriminants and we derive a generic bound using the expansion properties of the supersingular isogeny graphs. Our work is motivated by isogeny-based cryptography and the increasing number of protocols based on $\mathfrak{O}$-oriented curves. In particular, our lower bound provides a complexity estimate for the brute-force attack against the new $\mathfrak{O}$-uber isogeny problem introduced by De Feo, Delpech de Saint Guilhem, Fouotsa, Kutas, Leroux, Petit, Silva and Wesolowski in their recent article on the SETA encryption scheme.

Category / Keywords: public-key cryptography / isogeny based cryptography, quaternion orders, quadratic orders

Date: received 15 Mar 2022

Contact author: antonin leroux at polytechnique org

Available format(s): PDF | BibTeX Citation

Version: 20220318:094549 (All versions of this report)

Short URL: ia.cr/2022/357