Paper 2023/1229

Two Remarks on Torsion-Point Attacks in Isogeny-Based Cryptography

Francesco Sica, Florida Atlantic University
Abstract

We fix an omission in [Petit17] on torsion point attacks of isogeny-based cryptosystems akin to SIDH, also reprised in [dQuehen-etal21]. In these works, their authors represent certain integers using a norm equation to derive a secret isogeny. However, this derivation uses as a crucial ingredient ([Petit17] Section 4.3), which we show to be incorrect. We then state sufficient conditions allowing to prove a modified version this lemma. A further idea of parametrizing solutions of the norm equation will show that these conditions can be fulfilled under the same heuristics of these previous works. Our contribution is a theoretical one. It doesn't invalidate the attack, which works as well in practice, but gives a correct mathematical justification for it. We also simplify the argument of Theorem 3 in [dQuehen-etal21] to show that the requirement that $m$ be small is unnecessary.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Post-quantum cryptographyelliptic curve cryptographyisogenies
Contact author(s)
sicaf @ fau edu
History
2023-08-15: approved
2023-08-13: received
See all versions
Short URL
https://ia.cr/2023/1229
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1229,
      author = {Francesco Sica},
      title = {Two Remarks on Torsion-Point Attacks in Isogeny-Based Cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1229},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1229}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.