On the supersingular GPST attack
The main attack against static-key supersingular isogeny Diffie–Hellman (SIDH) is the Galbraith–Petit–Shani–Ti (GPST) attack, which also prevents the application of SIDH to other constructions such as non-interactive key-exchange. In this paper, we identify and study a specific assumption on which t...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
De Gruyter
2021-09-01
|
| Series: | Journal of Mathematical Cryptology |
| Subjects: | |
| Online Access: | https://doi.org/10.1515/jmc-2021-0020 |
| id |
doaj-6cd44119188b496ea8c3e6a069561d3e |
|---|---|
| record_format |
Article |
| spelling |
doaj-6cd44119188b496ea8c3e6a069561d3e2021-10-03T07:42:35ZengDe GruyterJournal of Mathematical Cryptology1862-29842021-09-01161141910.1515/jmc-2021-0020On the supersingular GPST attackBasso Andrea0Pazuki Fabien1Centre for Cyber Security and Privacy, School of Computer Science, University of Birmingham, Birmingham, UKDepartment of Mathematical Sciences, University of Copenhagen, Universitetsparken 5, DK-2100 Copenhagen, DenmarkThe main attack against static-key supersingular isogeny Diffie–Hellman (SIDH) is the Galbraith–Petit–Shani–Ti (GPST) attack, which also prevents the application of SIDH to other constructions such as non-interactive key-exchange. In this paper, we identify and study a specific assumption on which the GPST attack relies that does not necessarily hold in all circumstances. We show that in some circumstances the attack fails to recover part of the secret key. We also characterize the conditions necessary for the attack to fail and show that it rarely happens in real cases. We give a link with collisions in the Charles-Goren-Lauter (CGL) hash function.https://doi.org/10.1515/jmc-2021-0020isogeniessupersingular elliptic curvesmodular invariants14h5214k0211t7194a6081p9465p25 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Basso Andrea Pazuki Fabien |
| spellingShingle |
Basso Andrea Pazuki Fabien On the supersingular GPST attack Journal of Mathematical Cryptology isogenies supersingular elliptic curves modular invariants 14h52 14k02 11t71 94a60 81p94 65p25 |
| author_facet |
Basso Andrea Pazuki Fabien |
| author_sort |
Basso Andrea |
| title |
On the supersingular GPST attack |
| title_short |
On the supersingular GPST attack |
| title_full |
On the supersingular GPST attack |
| title_fullStr |
On the supersingular GPST attack |
| title_full_unstemmed |
On the supersingular GPST attack |
| title_sort |
on the supersingular gpst attack |
| publisher |
De Gruyter |
| series |
Journal of Mathematical Cryptology |
| issn |
1862-2984 |
| publishDate |
2021-09-01 |
| description |
The main attack against static-key supersingular isogeny Diffie–Hellman (SIDH) is the Galbraith–Petit–Shani–Ti (GPST) attack, which also prevents the application of SIDH to other constructions such as non-interactive key-exchange. In this paper, we identify and study a specific assumption on which the GPST attack relies that does not necessarily hold in all circumstances. We show that in some circumstances the attack fails to recover part of the secret key. We also characterize the conditions necessary for the attack to fail and show that it rarely happens in real cases. We give a link with collisions in the Charles-Goren-Lauter (CGL) hash function. |
| topic |
isogenies supersingular elliptic curves modular invariants 14h52 14k02 11t71 94a60 81p94 65p25 |
| url |
https://doi.org/10.1515/jmc-2021-0020 |
| work_keys_str_mv |
AT bassoandrea onthesupersingulargpstattack AT pazukifabien onthesupersingulargpstattack |
| _version_ |
1716846040391352320 |