An Effective Lower Bound on the Number of Orientable Supersingular Elliptic Curves

Antonin Leroux

Paper 2022/357

An Effective Lower Bound on the Number of Orientable Supersingular Elliptic Curves

Antonin Leroux, Direction Générale de l'Armement,, Inria Saclay - Île-de-France Research Centre, Computer Science Laboratory of the École Polytechnique

Abstract

In this article, we prove a generic lower bound on the number of $O$ -orientable supersingular curves over $F_{p^{2}}$ , i.e curves that admit an embedding of the quadratic order $O$ inside their endomorphism ring. Prior to this work, the only known effective lower-bound is restricted to small discriminants. Our main result targets the case of fundamental discriminants and we derive a generic bound using the expansion properties of the supersingular isogeny graphs. Our work is motivated by isogeny-based cryptography and the increasing number of protocols based on $O$ -oriented curves. In particular, our lower bound provides a complexity estimate for the brute-force attack against the new -uber isogeny problem introduced by De Feo, Delpech de Saint Guilhem, Fouotsa, Kutas, Leroux, Petit, Silva and Wesolowski in their recent article on the SETA encryption scheme.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Published elsewhere. SAC 2022
Keywords: isogeny based cryptography quaternion orders quadratic orders
Contact author(s): antonin leroux @ polytechnique org
History: 2022-09-13: last of 3 revisions; 2022-03-18: received; See all versions
Short URL: https://ia.cr/2022/357
License: CC BY

BibTeX

@misc{cryptoeprint:2022/357,
      author = {Antonin Leroux},
      title = {An Effective Lower Bound on the Number of Orientable Supersingular Elliptic Curves},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/357},
      year = {2022},
      url = {https://eprint.iacr.org/2022/357}
}