Rational isogenies from irrational endomorphisms
Annual International Conference on the Theory and Applications of …, 2020•Springer
In this paper, we introduce a polynomial-time algorithm to compute a connecting O O-ideal
between two supersingular elliptic curves over F _p F p with common F _p F p-
endomorphism ring OO, given a description of their full endomorphism rings. This algorithm
provides a reduction of the security of the CSIDH cryptosystem to the problem of computing
endomorphism rings of supersingular elliptic curves. A similar reduction for SIDH appeared
at Asiacrypt 2016, but relies on totally different techniques. Furthermore, we also show that …
between two supersingular elliptic curves over F _p F p with common F _p F p-
endomorphism ring OO, given a description of their full endomorphism rings. This algorithm
provides a reduction of the security of the CSIDH cryptosystem to the problem of computing
endomorphism rings of supersingular elliptic curves. A similar reduction for SIDH appeared
at Asiacrypt 2016, but relies on totally different techniques. Furthermore, we also show that …
Abstract
In this paper, we introduce a polynomial-time algorithm to compute a connecting -ideal between two supersingular elliptic curves over with common -endomorphism ring , given a description of their full endomorphism rings. This algorithm provides a reduction of the security of the CSIDH cryptosystem to the problem of computing endomorphism rings of supersingular elliptic curves. A similar reduction for SIDH appeared at Asiacrypt 2016, but relies on totally different techniques. Furthermore, we also show that any supersingular elliptic curve constructed using the complex-multiplication method can be located precisely in the supersingular isogeny graph by explicitly deriving a path to a known base curve. This result prohibits the use of such curves as a building block for a hash function into the supersingular isogeny graph.
Springer
Showing the best result for this search. See all results