Paper 2022/975

An efficient key recovery attack on SIDH (preliminary version)

Wouter Castryck, KU Leuven
Thomas Decru, KU Leuven
Abstract

We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH), based on a "glue-and-split" theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the protocol. Our Magma implementation breaks the instantiation SIKEp434, which aims at security level 1 of the Post-Quantum Cryptography standardization process currently ran by NIST, in about one hour on a single core. This is a preliminary version of a longer article in preparation.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
SIDH isogeny-based cryptography post-quantum cryptography
Contact author(s)
wouter castryck @ esat kuleuven be
thomas decru @ esat kuleuven be
History
2022-08-05: last of 2 revisions
2022-07-30: received
See all versions
Short URL
https://ia.cr/2022/975
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/975,
      author = {Wouter Castryck and Thomas Decru},
      title = {An efficient key recovery attack on SIDH (preliminary version)},
      howpublished = {Cryptology ePrint Archive, Paper 2022/975},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/975}},
      url = {https://eprint.iacr.org/2022/975}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.