Another Look at Some Isogeny Hardness Assumptions

  • Simon-Philipp MerzEmail author
  • Romy Minko
  • Christophe Petit
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12006)


The security proofs for isogeny-based undeniable signature schemes have been based primarily on the assumptions that the One-Sided Modified SSCDH problem and the One-More SSCDH problem are intractable. We challenge the validity of these assumptions, showing that both the decisional and computational variants of these problems can be solved in polynomial time. We further demonstrate an attack, applicable to two undeniable signature schemes, one of which was proposed at PQCrypto 2014. The attack allows to forge signatures in \(2^{4\lambda /5}\) steps on a classical computer. This is an improvement over the expected classical security of \(2^{\lambda }\), where \(\lambda \) denotes the chosen security parameter.


Elliptic curves Isogenies Undeniable signatures 



We thank David Jao for his comments on a preliminary version of this paper. Moreover, we thank Neal Koblitz and Alfred Menezes for their inspiring work [13, 14]. The work of all three authors was supported by the EPSRC and the UK government as part of the grants EP/P009301/1, EP/P00881X/1 and EP/S01361X/1 for the first, second and third author respectively.


  1. 1.
    Azarderakhsh, R., et al.: Supersingular isogeny key encapsulation. Submission to the NIST Post-Quantum Standardization Project (2017)Google Scholar
  2. 2.
    Bernstein, D.J.: Cost analysis of hash collisions: will quantum computers make sharcs obsolete. In: SHARCS, vol. 9, p. 105 (2009)Google Scholar
  3. 3.
    Brassard, G., Hoyer, P., Tapp, A.: Quantum algorithm for the collision problem. arXiv preprint quant-ph/9705002 (1997)Google Scholar
  4. 4.
    Charles, D.X., Lauter, K.E., Goren, E.Z.: Cryptographic hash functions from expander graphs. J. Cryptol. 22(1), 93–113 (2009)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Chaum, D., Van Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, New York (1990). Scholar
  6. 6.
    Costache, A., Feigon, B., Lauter, K., Massierer, M., Puskás, A.: Ramanujan graphs in cryptography. arXiv preprint arXiv:1806.05709 (2018)
  7. 7.
    Couveignes, J.M., Jean Marc Couveignes: Hard homogeneous spaces. IACR Cryptology ePrint Archive, 2006:291 (2006)Google Scholar
  8. 8.
    Damgård, I., Pedersen, T.: New convertible undeniable signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 372–386. Springer, Heidelberg (1996). Scholar
  9. 9.
    De Feo, L.: Mathematics of isogeny based cryptography. arXiv preprint arXiv:1711.04062 (2017)
  10. 10.
    Galbraith, S.D., Vercauteren, F.: Computational problems in supersingular elliptic curve isogenies. Quantum Inf. Process. 17(10), 265 (2018)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). Scholar
  12. 12.
    Jao, D., Soukharev, V.: Isogeny-based quantum-resistant undeniable signatures. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 160–179. Springer, Cham (2014). Scholar
  13. 13.
    Koblitz, N., Menezes, A.: Another look at “provable security". IACR Cryptology ePrint Archive, 2004:152 (2004)Google Scholar
  14. 14.
    Koblitz, N., Menezes, A.: Critical perspectives on provable security: fifteen years of “another look" papers. Adv. Math. Commun. 13(4), 517–558 (2019)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Kohel, D.: Endomorphism rings of elliptic curves over finite fields. Ph.D. thesis, University of California, Berkeley (1996)Google Scholar
  16. 16.
    Kohel, D., Lauter, K., Petit, C., Tignol, J.-P.: On the quaternion \(\ell \)- isogeny path problem. LMS J. Comput. Math. 17(A), 418–432 (2014)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Kurosawa, K., Furukawa, J.: Universally composable undeniable signature. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 524–535. Springer, Heidelberg (2008). Scholar
  18. 18.
    National Institute for Standards and Technology (NIST). Post-quantum crypto standardization (2016).
  19. 19.
    Petit, C.: Faster algorithms for isogeny problems using torsion point images. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 330–353. Springer, Cham (2017). Scholar
  20. 20.
    Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. IACR Cryptology ePrint Archive, 2006:145 (2006)Google Scholar
  21. 21.
    Silverman, J.H.: The Arithmetic of Elliptic Curves, vol. 106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Seshadri Srinath, M., Chandrasekaran, V.: Isogeny-based quantum-resistant undeniable blind signature scheme. Int. J. Netw. Secur. 20(1), 9–18 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Simon-Philipp Merz
    • 1
    Email author
  • Romy Minko
    • 2
  • Christophe Petit
    • 3
  1. 1.Royal Holloway, University of LondonEghamEngland
  2. 2.University of OxfordOxfordEngland
  3. 3.University of BirminghamBirminghamEngland

Personalised recommendations