Paper 2024/459
Isogeny problems with level structure
, IBM Research Europe, Zürich, Switzerland, EPFL, Lausanne, SwitzerlandAbstract
Given two elliptic curves and the degree of an isogeny between them, finding the isogeny is believed to be a difficult problem---upon which rests the security of nearly any isogeny-based scheme. If, however, to the data above we add information about the behavior of the isogeny on a large enough subgroup, the problem can become easy, as recent cryptanalyses on SIDH have shown. Between the restriction of the isogeny to a full $N$-torsion subgroup and no ''torsion information'' at all lies a spectrum of interesting intermediate problems, raising the question of how easy or hard each of them is. Here we explore modular isogeny problems where the torsion information is masked by the action of a group of $2\times 2$ matrices. We give reductions between these problems, classify them by their difficulty, and link them to security assumptions found in the literature.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- A minor revision of an IACR publication in EUROCRYPT 2024
- Keywords
- IsogeniesPost-quantumSecurity reductions.
- Contact author(s)
-
eurocrypt24 @ defeo lu
tako fouotsa @ epfl ch
lorenz @ yx7 cc - History
- 2024-03-22: approved
- 2024-03-18: received
- See all versions
- Short URL
- https://ia.cr/2024/459
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/459,
author = {Luca De Feo and Tako Boris Fouotsa and Lorenz Panny},
title = {Isogeny problems with level structure},
howpublished = {Cryptology ePrint Archive, Paper 2024/459},
year = {2024},
note = {\url{https://eprint.iacr.org/2024/459}},
url = {https://eprint.iacr.org/2024/459}
}
