Paper 2023/640

A Direct Key Recovery Attack on SIDH

Luciano Maino, University of Bristol
Chloe Martindale, University of Bristol
Lorenz Panny, Academia Sinica
Giacomo Pope, NCC Group, University of Bristol
Benjamin Wesolowski, University of Bordeaux, French Institute for Research in Computer Science and Automation, École Normale Supérieure de Lyon
Abstract

We present an attack on SIDH utilising isogenies between polarized products of two supersingular elliptic curves. In the case of arbitrary starting curve, our attack (discovered independently from [CD22]) has subexponential complexity, thus significantly reducing the security of SIDH and SIKE. When the endomorphism ring of the starting curve is known, our attack (here derived from [CD22]) has polynomial-time complexity assuming the generalised Riemann hypothesis. Our attack applies to any isogeny-based cryptosystem that publishes the images of points under the secret isogeny, for example SÉTA and B-SIDH. It does not apply to CSIDH, CSI-FiSh, or SQISign.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in EUROCRYPT 2023
DOI
10.1007/978-3-031-30589-4_16
Keywords
SIDHElliptic CurveIsogenyCryptanalysis
Contact author(s)
luciano maino @ bristol ac uk
chloe martindale @ bristol ac uk
lorenz @ yx7 cc
giacomo pope @ nccgroup com
benjamin wesolowski @ math u-bordeaux fr
History
2023-05-08: approved
2023-05-05: received
See all versions
Short URL
https://ia.cr/2023/640
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/640,
      author = {Luciano Maino and Chloe Martindale and Lorenz Panny and Giacomo Pope and Benjamin Wesolowski},
      title = {A Direct Key Recovery Attack on SIDH},
      howpublished = {Cryptology ePrint Archive, Paper 2023/640},
      year = {2023},
      doi = {10.1007/978-3-031-30589-4_16},
      note = {\url{https://eprint.iacr.org/2023/640}},
      url = {https://eprint.iacr.org/2023/640}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.