Hard Isogeny Problems over RSA Moduli and Groups with Infeasible Inversion

  • Salim Ali AltuğEmail author
  • Yilei Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11922)


We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders.

Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.



The research of Salim Ali Altuğ is supported by the grant DMS-1702176. The research of Yilei Chen was conducted at Boston University supported by the NSF MACS project and NSF grant CNS-1422965.


  1. 1.
    Babai, L.: On lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Barak, B., et al.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001). Scholar
  3. 3.
    Buchmann, J.A., Williams, H.C.: A key-exchange system based on imaginary quadratic fields. J. Cryptology 1(2), 107–118 (1988)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Charles, D.X., Lauter, K.E., Goren, E.Z.: Cryptographic hash functions from expander graphs. J. Cryptology 22(1), 93–113 (2009)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Cohen, H.: A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics. Springer, Heidelberg (1995). Scholar
  6. 6.
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology 10(4), 233–260 (1997)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Couveignes, J.-M.: Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006/291 (2006)Google Scholar
  8. 8.
    Couveignes, J.-M., Morain, F.: Schoof’s algorithm and isogeny cycles. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, pp. 43–58. Springer, Heidelberg (1994). Scholar
  9. 9.
    Cox, D.A.: Primes of the Form \(x^2+ ny^2\): Fermat, Class Field Theory, and Complex Multiplication, vol. 34. Wiley, Hoboken (2011)Google Scholar
  10. 10.
    Demytko, N.: A new elliptic curve based analogue of RSA. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 40–49. Springer, Heidelberg (1994). Scholar
  11. 11.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Elkies, N.D., et al.: Elliptic and modular curves over finite fields and related computational issues. AMS IP Stud. Adv. Math. 7, 21–76 (1998)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Enge, A., Sutherland, A.V.: Class invariants by the CRT method. In: Hanrot, G., Morain, F., Thomé, E. (eds.) ANTS 2010. LNCS, vol. 6197, pp. 142–156. Springer, Heidelberg (2010). Scholar
  14. 14.
    De Feo, L.: Mathematics of isogeny based cryptography. arXiv preprint arXiv:1711.04062 (2017)
  15. 15.
    Fouquet, M., Morain, F.: Isogeny volcanoes and the SEA algorithm. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 276–291. Springer, Heidelberg (2002). Scholar
  16. 16.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS, pp. 40–49. IEEE Computer Society (2013)Google Scholar
  17. 17.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206 (2008)Google Scholar
  18. 18.
    Hohenberger, S.R.: The cryptographic impact of groups with infeasible inversion. Master’s thesis, Massachusetts Institute of Technology (2003)Google Scholar
  19. 19.
    Ionica, S., Joux, A.: Pairing the volcano. Math. Comput. 82(281), 581–603 (2013)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Irrer, J., Lokam, S., Opyrchal, L., Prakash, A.: Infeasible group inversion and broadcast encryption. University of Michigan Electrical Engineering and Computer Science Tech Note CSE-TR-485-04 (2004)Google Scholar
  21. 21.
    Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). Scholar
  22. 22.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Kohel, D.R.: Endomorphism rings of elliptic curves over finite fields. PhD thesis, University of California, Berkeley (1996)Google Scholar
  24. 24.
    Kunihiro, N., Koyama, K.: Equivalence of counting the number of points on elliptic curve over the ring Zn and factoring n. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 47–58. Springer, Heidelberg (1998). Scholar
  25. 25.
    Lay, G.-J., Zimmer, H.G.: Constructing elliptic curves with given group order over large finite fields. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, pp. 250–263. Springer, Heidelberg (1994). Scholar
  26. 26.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Lenstra, H.W.: Factoring integers with elliptic curves. Ann. Math. 126(3), 649–673 (1987)MathSciNetCrossRefGoogle Scholar
  28. 28.
    McCurley, K.S.: Cryptographic key distribution and computation in class groups. IBM Thomas J. Watson Research Division (1988)Google Scholar
  29. 29.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). Scholar
  30. 30.
    Molnar, D.: Homomorphic signature schemes. B.s. thesis, Harvard College (2003)Google Scholar
  31. 31.
    Alexander Rostovtsev and Anton Stolbunov. Public-key cryptosystem based on isogenies. Cryptology ePrint Archive, Report 2006/145 (2006)Google Scholar
  32. 32.
    Schoof, R.: Elliptic curves over finite fields and the computation of square roots mod p. Math. Comput. 44(170), 483–494 (1985)MathSciNetzbMATHGoogle Scholar
  33. 33.
    Schoof, R.: Counting points on elliptic curves over finite fields. J. Théor. Nombres Bordeaux 7(1), 219–254 (1995)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (2009). Scholar
  35. 35.
    Silverman, J.H.: Advanced Topics in the Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 151. Springer, New York (2013). Scholar
  36. 36.
    Sutherland, A.V.: Isogeny kernels and division polynomials. Accessed 03 Sept 2018
  37. 37.
    Sutherland, A.V.: Isogeny volcanoes. Open Book Ser. 1(1), 507–530 (2013)MathSciNetCrossRefGoogle Scholar
  38. 38.
    Tate, J.: Endomorphisms of abelian varieties over finite fields. Inventiones Math. 2(2), 134–144 (1966)MathSciNetCrossRefGoogle Scholar
  39. 39.
    Vélu, J.: Isogénies entre courbes elliptiques. Comptes Rendus de l’Académie des Sciences de Paris 273, 238–241 (1971)MathSciNetzbMATHGoogle Scholar
  40. 40.
    Yamakawa, T., Yamada, S., Hanaoka, G., Kunihiro, N.: Self-bilinear map on unknown order groups from indistinguishability obfuscation and its applications. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 90–107. Springer, Heidelberg (2014). Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Boston UniversityBostonUSA
  2. 2.Visa ResearchPalo AltoUSA

Personalised recommendations