Paper 2024/1796
Isogeny interpolation and the computation of isogenies from higher dimensional representations
Abstract
The Supersingular Isogeny Diffie-Hellman (SIDH) scheme is a public key cryptosystem that was submitted to the National Institute of Standards and Technology's competition for the standardization of post-quantum cryptography protocols. The private key in SIDH consists of an isogeny whose degree is a prime power. In July 2022, Castryck and Decru discovered an attack that completely breaks the scheme by recovering Bob's secret key, using isogenies between higher dimensional abelian varieties to interpolate and reconstruct the isogenies comprising the SIDH private key. The original attack applies in theory to any prime power degree, but the implementation accompanying the original attack required one of the SIDH keys involved in a key exchange to have degree equal to a power of $2$. An implementation of the power of $3$ case was published subsequently by Decru and Kunzweiler. However, despite the passage of several years, nobody has published any implementations for prime powers other than $2$ or $3$, and for good reason --- the necessary higher dimensional isogeny computations rapidly become more complicated as the base prime increases. In this paper, we provide for the first time a fully general isogeny interpolation implementation that works for any choice of base prime, and provide timing benchmarks for various combinations of SIDH base prime pairs. We remark that the technique of isogeny interpolation now has constructive applications as well as destructive applications, and that our methods may open the door to increased flexibility in constructing isogeny-based digital signatures and cryptosystems.
Note: We are aware that other posted preprints, such as ePrint:2024/1519 and arXiv:2409.14819, also provide implementations of (N,N)-isogenies for N > 3. At the time our article was submitted for publication, these preprints were not yet posted, leading us to believe that our implementation was the first. We have chosen to leave our abstract text as-is, along with this clarifying note.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. Minor revision. Indocrypt 2024
- DOI
- 10.1007/978-3-031-80311-6_8
- Keywords
- isogeny interpolationisogeny evaluationabelian varieties
- Contact author(s)
-
djao @ uwaterloo ca
jmlaflam @ uwaterloo ca - History
- 2024-12-19: last of 2 revisions
- 2024-11-03: received
- See all versions
- Short URL
- https://ia.cr/2024/1796
- License
-
CC BY-SA
BibTeX
@misc{cryptoeprint:2024/1796, author = {David Jao and Jeanne Laflamme}, title = {Isogeny interpolation and the computation of isogenies from higher dimensional representations}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1796}, year = {2024}, doi = {10.1007/978-3-031-80311-6_8}, url = {https://eprint.iacr.org/2024/1796} }