# Another Look at Some Isogeny Hardness Assumptions

- 8 Downloads

## Abstract

The security proofs for isogeny-based undeniable signature schemes have been based primarily on the assumptions that the One-Sided Modified SSCDH problem and the One-More SSCDH problem are intractable. We challenge the validity of these assumptions, showing that both the decisional and computational variants of these problems can be solved in polynomial time. We further demonstrate an attack, applicable to two undeniable signature schemes, one of which was proposed at PQCrypto 2014. The attack allows to forge signatures in \(2^{4\lambda /5}\) steps on a classical computer. This is an improvement over the expected classical security of \(2^{\lambda }\), where \(\lambda \) denotes the chosen security parameter.

## Keywords

Elliptic curves Isogenies Undeniable signatures## Notes

### Acknowledgements

We thank David Jao for his comments on a preliminary version of this paper. Moreover, we thank Neal Koblitz and Alfred Menezes for their inspiring work [13, 14]. The work of all three authors was supported by the EPSRC and the UK government as part of the grants EP/P009301/1, EP/P00881X/1 and EP/S01361X/1 for the first, second and third author respectively.

## References

- 1.Azarderakhsh, R., et al.: Supersingular isogeny key encapsulation. Submission to the NIST Post-Quantum Standardization Project (2017)Google Scholar
- 2.Bernstein, D.J.: Cost analysis of hash collisions: will quantum computers make sharcs obsolete. In: SHARCS, vol. 9, p. 105 (2009)Google Scholar
- 3.Brassard, G., Hoyer, P., Tapp, A.: Quantum algorithm for the collision problem. arXiv preprint quant-ph/9705002 (1997)Google Scholar
- 4.Charles, D.X., Lauter, K.E., Goren, E.Z.: Cryptographic hash functions from expander graphs. J. Cryptol.
**22**(1), 93–113 (2009)MathSciNetCrossRefGoogle Scholar - 5.Chaum, D., Van Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_20CrossRefGoogle Scholar
- 6.Costache, A., Feigon, B., Lauter, K., Massierer, M., Puskás, A.: Ramanujan graphs in cryptography. arXiv preprint arXiv:1806.05709 (2018)
- 7.Couveignes, J.M., Jean Marc Couveignes: Hard homogeneous spaces. IACR Cryptology ePrint Archive, 2006:291 (2006)Google Scholar
- 8.Damgård, I., Pedersen, T.: New convertible undeniable signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 372–386. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_32CrossRefGoogle Scholar
- 9.De Feo, L.: Mathematics of isogeny based cryptography. arXiv preprint arXiv:1711.04062 (2017)
- 10.Galbraith, S.D., Vercauteren, F.: Computational problems in supersingular elliptic curve isogenies. Quantum Inf. Process.
**17**(10), 265 (2018)MathSciNetCrossRefGoogle Scholar - 11.Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2CrossRefzbMATHGoogle Scholar
- 12.Jao, D., Soukharev, V.: Isogeny-based quantum-resistant undeniable signatures. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 160–179. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11659-4_10CrossRefzbMATHGoogle Scholar
- 13.Koblitz, N., Menezes, A.: Another look at “provable security". IACR Cryptology ePrint Archive, 2004:152 (2004)Google Scholar
- 14.Koblitz, N., Menezes, A.: Critical perspectives on provable security: fifteen years of “another look" papers. Adv. Math. Commun.
**13**(4), 517–558 (2019)MathSciNetCrossRefGoogle Scholar - 15.Kohel, D.: Endomorphism rings of elliptic curves over finite fields. Ph.D. thesis, University of California, Berkeley (1996)Google Scholar
- 16.Kohel, D., Lauter, K., Petit, C., Tignol, J.-P.: On the quaternion \(\ell \)- isogeny path problem. LMS J. Comput. Math.
**17**(A), 418–432 (2014)MathSciNetCrossRefGoogle Scholar - 17.Kurosawa, K., Furukawa, J.: Universally composable undeniable signature. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 524–535. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70583-3_43CrossRefGoogle Scholar
- 18.National Institute for Standards and Technology (NIST). Post-quantum crypto standardization (2016). https://csrc.nist.gov/projects/post-quantum-cryptography
- 19.Petit, C.: Faster algorithms for isogeny problems using torsion point images. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 330–353. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_12CrossRefGoogle Scholar
- 20.Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. IACR Cryptology ePrint Archive, 2006:145 (2006)Google Scholar
- 21.Silverman, J.H.: The Arithmetic of Elliptic Curves, vol. 106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 22.Seshadri Srinath, M., Chandrasekaran, V.: Isogeny-based quantum-resistant undeniable blind signature scheme. Int. J. Netw. Secur.
**20**(1), 9–18 (2018)Google Scholar