Paper 2024/1776
An efficient collision attack on Castryck-Decru-Smith’s hash function
Abstract
In 2020, Castryck-Decru-Smith constructed a hash function, using the (2,2)-isogeny graph of superspecial principally polarized abelian surfaces. In their construction, the initial surface was chosen from vertices very "close" to the square of a supersingular elliptic curve with a known endomorphism ring. In this paper, we introduce an algorithm for detecting a collision on their hash function. Under some heuristic assumptions, the time complexity and space complexity of our algorithm are estimated to be $\widetilde{O}(p^{3/10})$ which are smaller than the complexity $\widetilde{O}(p^{3/2})$ the authors claimed to be necessary to detect a collision, where $p$ is the characteristic of the base field. In particular case where $p$ has a special form, then both the time and space complexities of our algorithm are polynomial in $\log{p}$. We implemented our algorithm in Magma, and succeeded in detecting a collision in 17 hours (using 64 parallel computations) under a parameter setting which the authors had claimed to be 384-bit secure.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Hash functionIsogeny-based cryptographySuperspecial abelian surfaceKani's lemma
- Contact author(s)
-
ryo-ohashi @ g ecc u-tokyo ac jp
hiroshi-onuki @ g ecc u-tokyo ac jp - History
- 2024-11-01: approved
- 2024-10-31: received
- See all versions
- Short URL
- https://ia.cr/2024/1776
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1776, author = {Ryo Ohashi and Hiroshi Onuki}, title = {An efficient collision attack on Castryck-Decru-Smith’s hash function}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1776}, year = {2024}, url = {https://eprint.iacr.org/2024/1776} }