Paper 2023/984

Generating Supersingular Elliptic Curves over $\mathbb{F}_p$ with Unknown Endomorphism Ring

Youcef Mokrani, University of Waterloo
David Jao, University of Waterloo
Abstract

A number of supersingular isogeny based cryptographic protocols require the endomorphism ring of the initial elliptic curve to be either unknown or random in order to be secure. To instantiate these protocols, Basso et al. recently proposed a secure multiparty protocol that generates supersingular elliptic curves defined over $\mathbb{F}_{p^2}$ of unknown endomorphism ring as long as at least one party acts honestly. However, there are many protocols that specifically require curves defined over $\mathbb{F}_p$, for which the Basso et al. protocol cannot be used. Also, the simple solution of using a signature scheme such as CSI-FiSh or SeaSign for proof of knowledge either requires extensive precomputation of large ideal class groups or is too slow for everyday applications. In this paper, we present CSIDH-SCG, a new multiparty protocol that generates curves of unknown endomorphism ring defined over $\mathbb{F}_p$. This protocol relies on CSIDH-IP, a new CSIDH based proof of knowledge. We also present CSIDH-CR, a multiparty algorithm that be used in conjunction with CSIDH-SCG to generate a random curve over $\mathbb{F}_p$ while still keeping the endomorphism ring unknown.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. INDOCRYPT 2023
DOI
10.1007/978-3-031-56232-7_8
Keywords
elliptic curvessupersingular curvesCSIDHmultiparty computation
Contact author(s)
ymokrani @ uwaterloo ca
djao @ uwaterloo ca
History
2024-05-21: last of 2 revisions
2023-06-23: received
See all versions
Short URL
https://ia.cr/2023/984
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX

@misc{cryptoeprint:2023/984,
      author = {Youcef Mokrani and David Jao},
      title = {Generating Supersingular Elliptic Curves over $\mathbb{F}_p$ with Unknown Endomorphism Ring},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/984},
      year = {2023},
      doi = {10.1007/978-3-031-56232-7_8},
      url = {https://eprint.iacr.org/2023/984}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.