isogeny based cryptography a quantum safe alternative
play

Isogeny-based cryptography, a quantum-safe alternative Annamaria - PowerPoint PPT Presentation

May 11, 2023 •301 likes •499 views

Isogeny-based cryptography, a quantum-safe alternative Annamaria Iezzi University of South Florida FWIMD - February 9, 2019 The key exchange problem ALICE and BELLE, communicating over a public channel, want to agree on a common secret

  1. Isogeny-based cryptography, a quantum-safe alternative Annamaria Iezzi University of South Florida FWIMD - February 9, 2019

  2. The key exchange problem ALICE and BELLE, communicating over a public channel, want to agree on a common secret without making it available to EVE. 2/17

  3. Di ffi e-Hellman Key Exchange (1976) G = < g > a finite cyclic group Discrete Logarithm Problem (DLP): Given g a find a . 3/17

  4. Which group? Original protocol Di ffi e-Hellman (1976) ✓ Z ◆ × G = = < g > p Z DLP : Given g a mod p , find 0 < a < p � 1. 4/17

  5. Which group? Elliptic-Curve Di ffi e-Hellman (ECDH) Koblitz and Miller (1985) E : elliptic curve over F q Q P G = E ( F q ) , P 2 G DLP P + Q Given Q = aP , find 0 < a < ord ( P ). y 2 = x 3 � 2 x + 2 5/17

  6. Towards the quantum computing era... 1994 - Peter Shor’s quantum polynomial-time for integer factorization. ? y extends to ? Resolution of the DLP in all finite groups. ? ? y All the currently deployed public key infrastructure will IBM’s 50-qubit quantum computer March 2, 2018 need to be replaced. Credit: IBM Research Flickr 6/17

  7. How serious is the threat? August 2015 NSA announced that it is planning to transition “in the not too distant future” to a new cipher suite that is resistant to quantum attacks. November 2017 NIST Post-Quantum Cryptography Competition: “process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms”. 7/17

  8. What are the quantum-safe alternatives? Lattice-based cryptography 25 candidates (Round one) ! 12 candidates (Round two) Code-based cryptography 17 candidates (Round one) ! 7 candidates (Round two) Multivariate cryptography 10 candidates (Round one) ! 4 candidates (Round two) Hash-based cryptography 2 candidates (Round one) ! 1 candidates (Round two) Isogeny-based cryptography 1 candidate (Round one) ! 1 candidates (Round two) Other 5 candidates (Round one) ! 1 candidates (Round two) 8/17

  9. Recall We look for cryptosystems which are not based on any discrete logarithm problem 9/17

  10. Hard-Homogeneous Spaces (Couveignes, 97) G a group , X a set , an action G ⇥ X ! X ( g , x ) 7! g ⇤ x such that 8 x , x 0 2 X , 9 ! g 2 G such that g ⇤ x = x 0 . “Easy” operation (e.g. polynomial time): given g 2 G and x 2 X , compute g ⇤ x . “Hard” operation (e.g. not polynomial time): given x , x 0 2 X , find g 2 G such that g ⇤ x = x 0 . If G is Abelian ! commutative group action ! ! key exchange based on HHS. 10/17

  11. Key exchange based on HHS public parameter : x 0 2 X Problem: Given a ⇤ x 0 find a . 11/17

  12. Elliptic curves and isogenies E, an elliptic curve defined over F q : E : y 2 = ax 3 + bx + c , 4 a 3 + 27 b 2 6 = 0 a , b 2 F q , ϕ , an isogeny (non-constant rational map and group homomorphism): ϕ : E 0 E � ! ⇣ ⌘ g 1 ( x , y ) , f 2 ( x , y ) f 1 ( x , y ) ( x , y ) 7! g 2 ( x , y ) O := End( E ) , the ring of endomorphisms of E . 12/17

  13. A commutative group action O an order in an imaginary quadratic field Set X : isomorphism classes E of elliptic curves having the same endomorphism ring O . Group G: ideal class group of O G = Cl( O ) = I ( O ) P ( O ) = { [ a ] : a is an ideal of O} , G is a finite abelian group. G acts on X: ϕ a : E 1 ! E 2 [ a ] ⇤ E 1 = E 2 with deg( ϕ a ) = N ( a ) 13/17

  14. Random walks on the isogeny graph 14/18

  15. Examples Couveignes - 1997 Rostovtsev and Stolbounov - 2006 and 2010 De Feo, Kie ff er, Smith - 2018 CSIDH - 2018 15/18

  16. The underlying mathematical problem The security of these cryptosystems relies on the following “hard” mathematical problem: Let E 1 and E 2 two elliptic curves defined over a finite field such that there exists a imaginary quadratic order O which satisfies: O ∼ = End( E i ) , i = 1 , 2 . Problem : Find an isogeny [ a ] ∈ Cl( O ) such that φ : E 1 → E 2 [ a ] ∗ E 1 = E 2 . 16/18

  17. How to tackle the problem? Problem : Given E 1 and E 2 , find [ a ] ∈ Cl( O ) such that [ a ] ∗ E 1 = E 2 . Limit the number of tries in Cl( O ): → Hidden Shift Problem Compute e ffi ciently [ a ] ∗ E 1 : → Factor [ a ] in a “short” product N := | Cl( O ) | ⇣ √ Biasse, I., Jacobson (2018): ⌘ O log( N ) Time: 2 ⇣ √ ⌘ O log( N ) Quantum memory: 2 17/18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 18, 2019

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 18, 2019

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 18, 2019 Simula UiB, Bergen Slides online at https://defeo.lu/docet Why isogenies? Six families still in NIST post-quantum competition: Lattices 9

2k views • 172 slides
Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 28, 2019

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 28, 2019

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 28, 2019 NTNU, Trondheim Slides online at https://defeo.lu/docet Why isogenies? Six families still in NIST post-quantum competition: Lattices 9 encryption

1.95k views • 160 slides
Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics &amp; Optimization

Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics &amp; Optimization

Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics &amp; Optimization Centre for Applied Cryptographic Research June 17, 2016 CENTRE FOR APPLIED CRYPTOGRAPHIC RESEARCH (CACR) Motivation: Post-Quantum Cryptography

355 views • 16 slides
isogeny-based cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 8,

isogeny-based cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 8,

An introduction to supersingular isogeny-based cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 8, 2017 ibenik , Croatia T owards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

1.46k views • 51 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Advances in isogeny-based cryptography Benjamin Smith Inria + Laboratoire dInformatique de

Advances in isogeny-based cryptography Benjamin Smith Inria + Laboratoire dInformatique de

Advances in isogeny-based cryptography Benjamin Smith Inria + Laboratoire dInformatique de lcole polytechnique (LIX) 1 Arithmetic of low-dimensional abelian varieties // ICERM // 6/6/19 Elliptic curve cryptography 1 Breaking keypairs

821 views • 57 slides
20 years of isogeny-based cryptography Luca De Feo feat. Jean Kieffer, Benjamin Smith

20 years of isogeny-based cryptography Luca De Feo feat. Jean Kieffer, Benjamin Smith

20 years of isogeny-based cryptography Luca De Feo feat. Jean Kieffer, Benjamin Smith Universit Paris Saclay, UVSQ &amp; Inria November 14, 2017, Elliptic Curve Cryptography, Nijmegen Slides online at http://defeo.lu/docet/ Overview

1.07k views • 84 slides
Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice

Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice

Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice outwits Eve, by Samuel Lomonaco Jr. and Quantum Computing by Andr Bertiaume. The Classical World - Bits either 0 or 1. - Bits can be copied.

639 views • 11 slides
Constructing Canonical Strategies For Parallel Implementation Of Isogeny Based Cryptography Aaron

Constructing Canonical Strategies For Parallel Implementation Of Isogeny Based Cryptography Aaron

Constructing Canonical Strategies For Parallel Implementation Of Isogeny Based Cryptography Aaron Hutchinson and Koray Karabina Florida Atlantic University INDOCRYPT 2018 Acknowledgment: This research was supported by the Army Research Office

288 views • 18 slides
Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven

Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven

Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven University of Technology 20 &amp; 21 July 2020 DiffieHellman key exchange 76 Public parameters: a finite group G (traditionally F p , today

1.65k views • 118 slides
Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019 Mathematical foundations of asymmetric cryptography Aussois, Savoie Slides online at https://defeo.lu/docet/ Overview Isogeny graphs 1 Elliptic Curves

1.96k views • 156 slides
An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017

An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017

An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017 Nijmegen, The Netherlands W. Castryck (GIF): Elliptic curves are dead: long live elliptic curves https://www.esat.kuleuven.be/cosic/?p=7404

1.07k views • 78 slides
Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information (and generate

455 views • 19 slides
Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ July 29 August 29,

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ July 29 August 29,

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ July 29 August 29, 2019 Cryptography meets Graph Theory Wrzburg, Franken, Germany Luca De Feo (U Paris Saclay) Isogeny graphs in cryptography Jul 29Aug 2,

1.99k views • 174 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe

Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe

Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe Petit ECC 2019 3 December 1 / 50 Motivation Isogeny based cryptography Another Look at Provable Security Neal Koblitz Dept. of

780 views • 61 slides
15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline

15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline

15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline Introduction: terminology, cryptanalysis, security Private-Key Algorithms: Rijndael, DES Number Theory Groups Public-Key Algorithms: RSA, ElGamal,

525 views • 26 slides
On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields Robert Granger

On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields Robert Granger

Motivation - Exotic Security Assumptions in Cryptography Main Algorithm and Results Oracle-assisted Static DHP for binary curves On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields Robert Granger

1.32k views • 105 slides
Discrete Log Problem Discrete Log Problem Given a prime number p Z * x

Discrete Log Problem Discrete Log Problem Given a prime number p Z * x

Discrete Log Problem Discrete Log Problem Given a prime number p Z * x (mod p ) Given a prime number p , Z p , (mod p ) finding x is called the discrete logarithm problem Not every discrete

640 views • 11 slides
The Early Days of RSA -- History and Lessons Ronald L. Rivest MIT Lab for Computer Science ACM

The Early Days of RSA -- History and Lessons Ronald L. Rivest MIT Lab for Computer Science ACM

The Early Days of RSA -- History and Lessons Ronald L. Rivest MIT Lab for Computer Science ACM Turing Award Lecture Lessons Learned Try to solve real-world problems using computer science theory and number theory.

806 views • 22 slides
Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to

Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to

Note: Log = logarithm, not Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to Cryptography 1 References Symmetric and Asymmetric Cryptosystems Public-Key Cryptosystems Based on the Discrete

436 views • 9 slides
Crypto Fundamentals Dr. Mohammed Shafiul Alam Khan Assistant Professor Institute of Information

Crypto Fundamentals Dr. Mohammed Shafiul Alam Khan Assistant Professor Institute of Information

Crypto Fundamentals Dr. Mohammed Shafiul Alam Khan Assistant Professor Institute of Information Technology (IIT), University of Dhaka (DU) shafiul@du.ac.bd December 10, 2017 M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 1 / 31

596 views • 32 slides
A survey of Key Management for Secure Group Communication Sandro Rafaeli and David Hutchison

A survey of Key Management for Secure Group Communication Sandro Rafaeli and David Hutchison

A survey of Key Management for Secure Group Communication Sandro Rafaeli and David Hutchison Presented By: Anil Bazaz CS6204, Spring 2005 Intro: Group Communication Uses IP multicast to transmit data Does not limit access to data No

543 views • 19 slides
Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China)

Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China)

Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China) KU Leuven ESAT/COSIC (Belgium) frederik.vercauteren@gmail.com 23 August 2016 Frederik Vercauteren Elliptic Curve Isogeny Based Cryptosystems 23

839 views • 52 slides

More recommend