Paper 2023/1268
Finding Orientations of Supersingular Elliptic Curves and Quaternion Orders
Abstract
Orientations of supersingular elliptic curves encode the information of an endomorphism of the curve. Computing the full endomorphism ring is a known hard problem, so one might consider how hard it is to find one such orientation. We prove that access to an oracle which tells if an elliptic curve is $\mathfrak{O}$-orientable for a fixed imaginary quadratic order $\mathfrak{O}$ provides non-trivial information towards computing an endomorphism corresponding to the $\mathfrak{O}$-orientation. We provide explicit algorithms and in-depth complexity analysis. We also consider the question in terms of quaternion algebras. We provide algorithms which compute an embedding of a fixed imaginary quadratic order into a maximal order of the quaternion algebra ramified at $p$ and $\infty$. We provide code implementations in Sagemath which is efficient for finding embeddings of imaginary quadratic orders of discriminants up to $O(p)$, even for cryptographically sized $p$.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint.
- Keywords
- isogeny-based cryptographypublic-key cryptographycryptanalysis
- Contact author(s)
-
s a arpin @ math leidenuniv nl
james clements @ bristol ac uk
pierrick dartois @ u-bordeaux fr
jonathan k eriksen @ ntnu no
p kutas @ bham ac uk
benjamin wesolowski @ math u-bordeaux fr - History
- 2023-08-24: approved
- 2023-08-22: received
- See all versions
- Short URL
- https://ia.cr/2023/1268
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1268,
author = {Sarah Arpin and James Clements and Pierrick Dartois and Jonathan Komada Eriksen and Péter Kutas and Benjamin Wesolowski},
title = {Finding Orientations of Supersingular Elliptic Curves and Quaternion Orders},
howpublished = {Cryptology ePrint Archive, Paper 2023/1268},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/1268}},
url = {https://eprint.iacr.org/2023/1268}
}
