Abstract
In this paper we study the security of a proposal for Post-Quantum Cryptography from both a number theoretic and cryptographic perspective. Charles–Goren–Lauter in 2006 proposed two hash functions based on the hardness of finding paths in Ramanujan graphs. One is based on Lubotzky–Phillips–Sarnak (LPS) graphs and the other one is based on Supersingular Isogeny Graphs. A 2008 paper by Petit–Lauter–Quisquater breaks the hash function based on LPS graphs. On the Supersingular Isogeny Graphs proposal, recent work has continued to build cryptographic applications on the hardness of finding isogenies between supersingular elliptic curves. A 2011 paper by De Feo–Jao–Plût proposed a cryptographic system based on Supersingular Isogeny Diffie–Hellman as well as a set of five hard problems. In this paper we show that the security of the SIDH proposal relies on the hardness of the SSIG path-finding problem introduced in Charles et al. (2009). In addition, similarities between the number theoretic ingredients in the LPS and Pizer constructions suggest that the hardness of the path-finding problem in the two graphs may be linked. By viewing both graphs from a number theoretic perspective, we identify the similarities and differences between the Pizer and LPS graphs.
Brooke Feigon was partially supported by National Security Agency grant H98230-16-1-0017 and PSC-CUNY.
Maike Massierer was partially supported by Australian Research Council grant DP150101689.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
A similar construction exists for a more general \(\mathcal {O} .\) However, to relate the resulting graph to supersingular isogeny graphs, we require \(\mathcal {O}\) to be maximal.
- 2.
If p is not a square modulo l, then the constructions described below result in bipartite Ramanujan graphs with twice as many vertices.
- 3.
That is, the adjacency relation defined above is symmetric.
- 4.
The definition here agrees with the choices in [14] as well as \(\Gamma (N)=\ker (G^{\prime }({\mathbb {Z}}[l^{-1}])\rightarrow G^{\prime }({\mathbb {Z}}[l^{-1}]/N{\mathbb {Z}}[l^{-1}]))\) in [15]. Here G ′ = B ×∕Z(B ×) as a \({\mathbb {Q}}\)-algebraic group. Note however that by (10) the center Z(B ×(R)) for \(R={\mathbb {Z}}[l^{-1}]/N{\mathbb {Z}}[l^{-1}],\ N=2M\) may not be spanned by \(1+N{\mathbb {Z}}[l^{-1}].\) In fact from (10) B ×(R) is commutative for M = 1 and for M = p we have Z(B ×(R)) = Z ⊕ [p]i + [p]j + [p]k. However the image of 〈S〉 in B ×(R) is trivial if M = 1 and intersects the center in Z when M = p.
- 5.
In fact, since at every split place v we have \(B^{\times }({{\mathbb {Q}}_v}) \cong {\mathrm {GL}}_2({{\mathbb {Q}}_v})\) with the reduced norm on B × corresponding to the determinant on GL2 [26, p. 3] this is the “same argument at all but finitely many places.”
References
Gora Adj, Omran Ahmadi, and Alfred Menezes, On isogeny graphs of supersingular elliptic curves over finite fields, Cryptology ePrint Archive, Report 2018/132, 2018, https://eprint.iacr.org/2018/132.
Noga Alon, Eigenvalues and expanders, Combinatorica 6 (1986), no. 2, 83–96, Theory of computing (Singer Island, Fla., 1984). MR 875835
Denis X. Charles, Eyal Z. Goren, and Kristin E. Lauter, Cryptographic hash functions from expander graphs, J. Cryptology 22 (2009), no. 1, 93–113, available at https://eprint.iacr.org/2006/021.pdf. MR 2496385
_________ , Families of Ramanujan graphs and quaternion algebras, Groups and symmetries, CRM Proc. Lecture Notes, vol. 47, Amer. Math. Soc., Providence, RI, 2009, pp. 53–80. MR 2500554
Gaëtan Chenevier, Lecture notes, 2010, http://gaetan.chenevier.perso.math.cnrs.fr/coursIHP/chenevier_lecture6.pdf, retrieved August 13, 2017.
Pierre Deligne, Formes modulaires et représentationsl-adiques, Séminaire Bourbaki. Vol. 1968/69, vol. 179, Lecture Notes in Math., no. 355, Springer, Berlin, 1971, pp. 139–172.
_________ , La conjecture de Weil. I, Publications Mathématiques de l’Institut des Hautes Études Scientifiques 43 (1974), no. 1, 273–307.
Luca De Feo, David Jao, and Jérôme Plût, Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies, J. Math. Cryptol. 8 (2014), no. 3, 209–247. MR 3259113
Stephen S. Gelbart, Automorphic forms on adele groups, no. 83, Princeton University Press, 1975.
Yasutaka Ihara, Discrete subgroups of PL(2, k ℘), Algebraic Groups and Discontinuous Subgroups (Proc. Sympos. Pure Math., Boulder, Colo., 1965), Amer. Math. Soc., Providence, R.I., 1966, pp. 272–278. MR 0205952
David Jao, Stephen D Miller, and Ramarathnam Venkatesan, Do all elliptic curves of the same order have the same difficulty of discrete log?, International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2005, pp. 21–40.
Wen-Ch’ing Winnie Li, A survey of Ramanujan graphs, Arithmetic, geometry and coding theory (Luminy, 1993), de Gruyter, Berlin, 1996, pp. 127–143. MR 1394930
Eyal Lubetzky and Yuval Peres, Cutoff on all Ramanujan graphs, Geometric and Functional Analysis 26 (2016), no. 4, 1190–1216.
Alexander Lubotzky, Richard L. Phillips, and Peter Sarnak, Ramanujan graphs, Combinatorica 8 (1988), no. 3, 261–277. MR 963118 (89m:05099)
Alexander Lubotzky, Discrete groups, expanding graphs and invariant measures, Modern Birkhäuser Classics, Birkhäuser Verlag, Basel, 2010, With an appendix by Jonathan D. Rogawski, Reprint of the 1994 edition. MR 2569682
Jean-Francois Mestre, La méthode des graphes. Exemples et applications, Proceedings of the International Conference on Class Numbers and Fundamental Units of Algebraic Number Fields (Katata, 1986), Nagoya Univ., Nagoya, 1986, pp. 217–242. MR 891898
Christophe Petit, Kristin Lauter, and Jean-Jacques Quisquater, Full cryptanalysis of LPS and Morgenstern hash functions, Security and Cryptography for Networks (Berlin, Heidelberg) (Rafail Ostrovsky, Roberto De Prisco, and Ivan Visconti, eds.), Springer Berlin Heidelberg, 2008, pp. 263–277.
Arnold Pizer, The representability of modular forms by theta series, Journal of the Mathematical Society of Japan 28 (1976), no. 4, 689–698.
_________ , An algorithm for computing modular forms on Γ0(N), Journal of Algebra 64 (1980), no. 2, 340–390.
_________ , Ramanujan graphs, Computational perspectives on number theory (Chicago, IL, 1995), AMS/IP Stud. Adv. Math., vol. 7, Amer. Math. Soc., Providence, RI, 1998, pp. 159–178. MR 1486836
Post-Quantum Cryptography Standardization, https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization, Accessed: 2018-04-14.
Naser T. Sardari, Diameter of Ramanujan graphs and random Cayley graphs, (2018). Combinatorica, 1–20. https://doi.org/10.1007/s00493-017-3605-0
Joseph H. Silverman, The arithmetic of elliptic curves, second ed., Graduate Texts in Mathematics, vol. 106, Springer, Berlin–Heidelberg–New York, 2009.
Jean-Pierre Tillich and Gilles Zémor, Collisions for the LPS expander graph hash function, Advances in Cryptology – EUROCRYPT 2008 (Nigel Smart, ed.), Springer, 2008, pp. 254–269.
Jacques Vélu, Isogénies entre courbes elliptiques, C. R. Acad. Sci. Paris Sér. A-B 273 (1971), A238–A241. MR 0294345
Marie-France Vignéras, Arithmétique des algèbres de quaternions, Lecture Notes in Mathematics, vol. 800, Springer, Berlin, 1980. MR 580949
John Voight, Quaternion algebras, 2018, https://math.dartmouth.edu/~jvoight/quat-book.pdf, retrieved October 20, 2017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 The Author(s) and The Association for Women in Mathematics
About this paper
Cite this paper
Costache, A., Feigon, B., Lauter, K., Massierer, M., Puskás, A. (2019). Ramanujan Graphs in Cryptography. In: Balakrishnan, J., Folsom, A., Lalín, M., Manes, M. (eds) Research Directions in Number Theory. Association for Women in Mathematics Series, vol 19. Springer, Cham. https://doi.org/10.1007/978-3-030-19478-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-19478-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19477-2
Online ISBN: 978-3-030-19478-9
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)