Hard Isogeny Problems over RSA Moduli and Groups with Infeasible Inversion
We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.
The research of Salim Ali Altuğ is supported by the grant DMS-1702176. The research of Yilei Chen was conducted at Boston University supported by the NSF MACS project and NSF grant CNS-1422965.
- 7.Couveignes, J.-M.: Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006/291 (2006)Google Scholar
- 9.Cox, D.A.: Primes of the Form \(x^2+ ny^2\): Fermat, Class Field Theory, and Complex Multiplication, vol. 34. Wiley, Hoboken (2011)Google Scholar
- 14.De Feo, L.: Mathematics of isogeny based cryptography. arXiv preprint arXiv:1711.04062 (2017)
- 16.Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS, pp. 40–49. IEEE Computer Society (2013)Google Scholar
- 17.Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206 (2008)Google Scholar
- 18.Hohenberger, S.R.: The cryptographic impact of groups with infeasible inversion. Master’s thesis, Massachusetts Institute of Technology (2003)Google Scholar
- 20.Irrer, J., Lokam, S., Opyrchal, L., Prakash, A.: Infeasible group inversion and broadcast encryption. University of Michigan Electrical Engineering and Computer Science Tech Note CSE-TR-485-04 (2004)Google Scholar
- 23.Kohel, D.R.: Endomorphism rings of elliptic curves over finite fields. PhD thesis, University of California, Berkeley (1996)Google Scholar
- 28.McCurley, K.S.: Cryptographic key distribution and computation in class groups. IBM Thomas J. Watson Research Division (1988)Google Scholar
- 30.Molnar, D.: Homomorphic signature schemes. B.s. thesis, Harvard College (2003)Google Scholar
- 31.Alexander Rostovtsev and Anton Stolbunov. Public-key cryptosystem based on isogenies. Cryptology ePrint Archive, Report 2006/145 (2006)Google Scholar
- 36.Sutherland, A.V.: Isogeny kernels and division polynomials. https://ocw.mit.edu/courses/mathematics/18-783-elliptic-curves-spring-2017/lecture-notes/MIT18_783S17_lec6.pdf. Accessed 03 Sept 2018
- 40.Yamakawa, T., Yamada, S., Hanaoka, G., Kunihiro, N.: Self-bilinear map on unknown order groups from indistinguishability obfuscation and its applications. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 90–107. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_6CrossRefGoogle Scholar