seasign compact isogeny signatures from class group
play

SeaSign: Compact isogeny signatures from class group actions Luca De - PowerPoint PPT Presentation

Jun 12, 2023 •290 likes •740 views

SeaSign: Compact isogeny signatures from class group actions Luca De Feo 1 , Steven D. Galbraith 2 1 Universit Paris Saclay UVSQ, France 2 University of Auckland, New Zeland May 23, 2019, Eurocrypt, Darmstadt Slides online at

  1. SeaSign: Compact isogeny signatures from class group actions Luca De Feo 1 , Steven D. Galbraith 2 1 Université Paris Saclay – UVSQ, France 2 University of Auckland, New Zeland May 23, 2019, Eurocrypt, Darmstadt Slides online at https://defeo.lu/docet

  2. Post-quantum isogeny primitives CSIDH (Couveignes 1996; Rostovtsev Stolbunov 2006; Castryck, Lange, SIDH (Jao, De Feo 2011) Martindale, Panny, Renes 2018) Pronounce S–I–D–H; Pronounce Sea–Side; Based on random isogeny walks in the Based on random isogeny walks in the full supersingular graph over ❋ p 2 ; ❋ p -restricted supersingular isogeny Basis for the NIST KEM candidate graph; SIKE; Straightforward generalization of Better asymptotic quantum security; Diffie–Hellman; Short keys, slow. More “natural” security assumption; Shorter keys, slower. L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 2 / 14

  3. Post-quantum isogeny primitives CSIDH (Couveignes 1996; Rostovtsev Stolbunov 2006; Castryck, Lange, SIDH (Jao, De Feo 2011) Martindale, Panny, Renes 2018) Pronounce S–I–D–H; Pronounce Sea–Side; Based on random isogeny walks in the Based on random isogeny walks in the full supersingular graph over ❋ p 2 ; ❋ p -restricted supersingular isogeny Basis for the NIST KEM candidate graph; SIKE; Straightforward generalization of Better asymptotic quantum security; Diffie–Hellman; Short keys, slow. More “natural” security assumption; Crappy signatures (slow, large). Shorter keys, slower. Not this talk. L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 2 / 14

  4. Post-quantum isogeny primitives CSIDH (Couveignes 1996; Rostovtsev Stolbunov 2006; Castryck, Lange, SIDH (Jao, De Feo 2011) Martindale, Panny, Renes 2018) Pronounce S–I–D–H; Pronounce Sea–Side; Based on random isogeny walks in the Based on random isogeny walks in the full supersingular graph over ❋ p 2 ; ❋ p -restricted supersingular isogeny Basis for the NIST KEM candidate graph; SIKE; Straightforward generalization of Better asymptotic quantum security; Diffie–Hellman; Short keys, slow. More “natural” security assumption; Crappy signatures (slow, large). Shorter keys, slower. Not this talk. Also crappy signatures, but different! This talk. L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 2 / 14

  5. ■ ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ ✷ � What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 E 4 E 2 E 5 E 1 E 6 E 12 E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  6. ■ ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ ✷ What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 A group action by an abelian group G ; E 4 E 2 g E 5 E 1 E 6 E 12 g � 1 E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  7. ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ ■ � What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 A group action by an abelian group G ; E 4 E 2 Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: E 5 E 1 E 6 E 12 E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  8. ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ � What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 A group action by an abelian group G ; E 4 E 2 Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: E 5 E 1 ■ degree 2, E 6 E 12 E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  9. ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ � What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 A group action by an abelian group G ; E 4 E 2 Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: E 5 E 1 ■ degree 2, degree 3, E 6 E 12 E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  10. ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ � What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 A group action by an abelian group G ; E 4 E 2 Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: E 5 E 1 ■ degree 2, degree 3, degree 5, ... E 6 E 12 E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  11. ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ � What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 A group action by an abelian group G ; E 4 E 2 Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: E 5 E 1 ■ degree 2, degree 3, degree 5, ... Graph structure isomorphic to a Cayley graph; E 6 E 12 E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  12. ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ � What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 A group action by an abelian group G ; E 4 E 2 Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: E 5 E 1 ■ degree 2, degree 3, degree 5, ... Graph structure isomorphic to a Cayley graph; Good algorithm to do random walks in the graph. E 6 E 12 E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  13. � ❂ ✁ ✁ ✁ ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E 3 A group action by an abelian group G ; E 4 E 2 Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: E 5 E 1 ■ degree 2, degree 3, degree 5, ... Graph structure isomorphic to a Cayley graph; Good algorithm to do random walks in the graph. E 6 E 12 Key exchange: E 7 E 11 E 8 E 10 E 9 L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  14. � ❂ ✁ ✁ ✁ ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E A A group action by an abelian group G ; Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: ■ degree 2, degree 3, degree 5, ... Graph structure isomorphic to a Cayley graph; Good algorithm to do random walks in the graph. Key exchange: Alice picks secret a ❂ g a 2 2 g a 3 3 g a 5 5 ✁ ✁ ✁ , L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  15. � ❂ ✄ ❂ ✄ ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E A A group action by an abelian group G ; Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: ■ degree 2, degree 3, degree 5, ... Graph structure isomorphic to a Cayley graph; Good algorithm to do random walks in the graph. E B Key exchange: Alice picks secret a ❂ g a 2 2 g a 3 3 g a 5 5 ✁ ✁ ✁ , Bob picks secret b ❂ g b 2 2 g b 3 3 g b 5 5 ✁ ✁ ✁ , L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  16. � ❂ ✭ ✮ ✄ ❂ ✄ ❂ ✄ What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E A A group action by an abelian group G ; Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: ■ degree 2, degree 3, degree 5, ... Graph structure isomorphic to a Cayley graph; Good algorithm to do random walks in the graph. E B Key exchange: Alice picks secret a ❂ g a 2 2 g a 3 3 g a 5 5 ✁ ✁ ✁ , Bob picks secret b ❂ g b 2 2 g b 3 3 g b 5 5 ✁ ✁ ✁ , They exchange E A ❂ a ✄ E 1 and E B ❂ b ✄ E 1 , L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

  17. � What is CSIDH? A set of supersingular elliptic curves over ❋ p ; E A A group action by an abelian group G ; Only efficient to evaluate the action of some small degree generators g ✷ G , e.g.: ■ degree 2, degree 3, degree 5, ... Graph structure isomorphic to a Cayley graph; Good algorithm to do random walks in the graph. E B Key exchange: Alice picks secret a ❂ g a 2 2 g a 3 3 g a 5 5 ✁ ✁ ✁ , Bob picks secret b ❂ g b 2 2 g b 3 3 g b 5 5 ✁ ✁ ✁ , They exchange E A ❂ a ✄ E 1 and E B ❂ b ✄ E 1 , E AB Shared secret is E AB ❂ ✭ ab ✮ ✄ E 1 ❂ a ✄ E B ❂ b ✄ E A . L. De Feo, S. Galbraith (UVSQ, UniAuckland) SeaSign: isogeny signatures Eurocrypt 2019 — https://defeo.lu/docet 3 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens

CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens

CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens Thorsten Kleinjung Frederik Vercauteren imec - COSIC December 3, 2019 Introduction : CSIDH [Castryck et al.] 1/34 Take the supersingular elliptic

1.2k views • 86 slides
1V Compact Class-AB CMOS Log Filters X. Redondo and F. Serra-Graells Circuits and Systems Group

1V Compact Class-AB CMOS Log Filters X. Redondo and F. Serra-Graells Circuits and Systems Group

ISCAS05 1V Compact Class-AB CMOS Log Filters Intro Class-A Class-AB Example Conclusions 1/23 1V Compact Class-AB CMOS Log Filters X. Redondo and F. Serra-Graells Circuits and Systems Group Institut de Microelectrnica de Barcelona

527 views • 23 slides
Ozawas class S for locally compact groups and unique prime factorization of group von Neumann

Ozawas class S for locally compact groups and unique prime factorization of group von Neumann

Ozawas class S for locally compact groups and unique prime factorization of group von Neumann algebras Tobe Deprez Skyline Communications IPAM, Lake arrowhead, 2019 Tobe Deprez Class S for locally compact groups 1 / 27 Group von Neumann

468 views • 35 slides
Gravitational wave signatures of exotic compact objects Elisa Maggio Sapienza University of Rome

Gravitational wave signatures of exotic compact objects Elisa Maggio Sapienza University of Rome

Cortona Young 27-29 May 2020 Gravitational wave signatures of exotic compact objects Elisa Maggio Sapienza University of Rome Outline Gravitational waves as probes of strong gravity Exotic compact objects Ergoregion

246 views • 22 slides
Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties Signatures Signatures with various functionality/properties Constructions come in different flavors (well sample each flavor): Signatures

1.55k views • 131 slides
Compact Multi-Signatures for Smaller Blockchains Dan Boneh 1 , Manu Drijvers 2 , Gregory Neven 2 1

Compact Multi-Signatures for Smaller Blockchains Dan Boneh 1 , Manu Drijvers 2 , Gregory Neven 2 1

Compact Multi-Signatures for Smaller Blockchains Dan Boneh 1 , Manu Drijvers 2 , Gregory Neven 2 1 Stanford University 2 DFINITY Bitcoin Blockchain and transactions Input 1 Output 1 Witness Input 2 Output 2 Witness Pointer to previous

372 views • 16 slides
Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And Putting It All Together Lecture 12 Digital Signatures Digital Signatures Syntax: KeyGen, Sign SK and Verify VK . Security: Same experiment as MAC s,

1.72k views • 142 slides
Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe

Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe

Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe Petit ECC 2019 3 December 1 / 50 Motivation Isogeny based cryptography Another Look at Provable Security Neal Koblitz Dept. of

780 views • 61 slides
Structure of Volcano of -isogeny applied to Couveigness algorithm Luca De Feo, Cyril

Structure of Volcano of -isogeny applied to Couveigness algorithm Luca De Feo, Cyril

Reminder on elliptic curves Endomorphism ring Volcano of -isogeny and Frobenius endomorphism -adic tower Structure of Volcano of -isogeny applied to Couveigness algorithm Luca De Feo, Cyril Hugounenq, Jerome Plut, Eric Schost

472 views • 28 slides
Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Motivation Research Question Results Conclusion Notes Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from Standard Signatures Siamak Shahandashti 1 Rei Safavi-Naini 2 1 SCSSE & CCISR, Uni

465 views • 46 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
Faster Isogeny-Based Compressed Key Agreement Gustavo H. M. Zanon, Marcos A. Simplicio Jr,

Faster Isogeny-Based Compressed Key Agreement Gustavo H. M. Zanon, Marcos A. Simplicio Jr,

Faster Isogeny-Based Compressed Key Agreement Gustavo H. M. Zanon, Marcos A. Simplicio Jr, Geovandro C. C. F. Pereira , Javad Doliskani, and Paulo S. L. M. Barreto. 1 REVI EW : SI DH AND COMPRESSED KEYS 2 Isogeny-based Crypto n SIDH:

856 views • 81 slides
Group automorphisms: a dynamical point of view Can you describe the space of compact group

Group automorphisms: a dynamical point of view Can you describe the space of compact group

Group automorphisms: a dynamical point of view Can you describe the space of compact group automorphisms modulo dynamical equivalences? Tom Ward (UEA) April 2012, Mimar Sinan Fine Arts University, Istanbul The setting A continuous group

255 views • 23 slides
Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven

Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven

Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven University of Technology 20 & 21 July 2020 DiffieHellman key exchange 76 Public parameters: a finite group G (traditionally F p , today

1.65k views • 118 slides
Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils

Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils

Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils Fleischhacker Johannes Krupp Giulio Malavolta Jonas Schneider Dominique Schr oder Mark Simkin March 7, 2016 Sanitizable Signatures

577 views • 46 slides
Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019 Mathematical foundations of asymmetric cryptography Aussois, Savoie Slides online at https://defeo.lu/docet/ Overview Isogeny graphs 1 Elliptic Curves

1.96k views • 156 slides
PHILEMON philemon 1 Paul, a prisoner of Christ Jesus, and Timothy our brother: To Philemon 2 to

PHILEMON philemon 1 Paul, a prisoner of Christ Jesus, and Timothy our brother: To Philemon 2 to

PHILEMON philemon 1 Paul, a prisoner of Christ Jesus, and Timothy our brother: To Philemon 2 to Apphia our sister,to our dear friend and coworker, Archippus our 3 Grace to fellow soldier, and to the church that meets in your home. you and

343 views • 12 slides
June 26, 2019 Webinar Information This webinar will be recorded and emailed to you to share with

June 26, 2019 Webinar Information This webinar will be recorded and emailed to you to share with

June 26, 2019 Webinar Information This webinar will be recorded and emailed to you to share with others on your team, as well as posted on the Florida Rural Hospital Webinar dashboard. Handouts are available for download in the Handouts pane

515 views • 18 slides
A pivotal year for Generalized Parton Distributions Pivotal year for GPDs J. Ball, G. Charles,

A pivotal year for Generalized Parton Distributions Pivotal year for GPDs J. Ball, G. Charles,

A pivotal year for Generalized Parton Distributions Pivotal year for GPDs J. Ball, G. Charles, B. Moreno, H. Moutarde, F. Sabati e, 2011 situation S. Procureur GPDs and DVCS Leading twist, leading order Irfu/SPhN, CEA-Saclay Selected

757 views • 41 slides
Poli%cs, Percep%ons & Public Policy -or- Rhetoric and Reality in Solving Alaskas Fiscal

Poli%cs, Percep%ons & Public Policy -or- Rhetoric and Reality in Solving Alaskas Fiscal

Poli%cs, Percep%ons & Public Policy -or- Rhetoric and Reality in Solving Alaskas Fiscal Challenge Mike Navarre Kenai Peninsula Borough Mayor September 1, 2015 QUESTIONS TO PONDER Does Alaska Have a Budget Crisis? Is it an

857 views • 36 slides
Theoretical Computer Science (Bridging Course) Regular Languages Gian Diego Tipaldi Topics

Theoretical Computer Science (Bridging Course) Regular Languages Gian Diego Tipaldi Topics

Theoretical Computer Science (Bridging Course) Regular Languages Gian Diego Tipaldi Topics Covered Regular languages Deterministic finite automata Nondeterministic finite automata Closure Regular expressions Non-regular

1.44k views • 106 slides
EE817/IS893 CryptographyEngineeringand Cryptocurrency YongdaeKim

EE817/IS893 CryptographyEngineeringand Cryptocurrency YongdaeKim

EE817/IS893 CryptographyEngineeringand Cryptocurrency YongdaeKim AdminStuff q Mar13midnight:Homework1submission q

558 views • 52 slides
Kilonova/Macronova Emission from Compact Binary Mergers Masaomi Tanaka (Na$onal Astronomical

Kilonova/Macronova Emission from Compact Binary Mergers Masaomi Tanaka (Na$onal Astronomical

Kilonova/Macronova Emission from Compact Binary Mergers Masaomi Tanaka (Na$onal Astronomical Observatory of Japan) 1 deg ~ 100 galaxies / 1 deg 2 (< 200 Mpc) SDSS 10 deg h:p://www.ligo.org/detec$ons.php Localiza:on ~ 600 deg 2 (~< 10

776 views • 44 slides
w T* *\*4 Sa""** cv$Jto*- B h" c-co@ 4 A a-J- o"L rw- X Wao' l* l*,/

w T* *\*4 Sa""** cv$Jto*- B h" c-co@ 4 A a-J- o"L rw- X Wao' l* l*,/

1ar{n +hL hat6 + toveY a. Itta6i',,6 A 9,'k-l geqpat,ce- Xl cat(aJ' tn A foriHve "u^\-e3e' L.l e . a.t- In-St t{ Y \" &r.olhev sooA tT! --' c'vct '\ A Consac"hre- [e^anh; \^Xx' Leh,:oew eacl' fu'I n ,\at...,LJ -

465 views • 15 slides

More recommend