In 2011, Jao and de Feo introduced a key exchange protocol based on isogenies of supersingular elliptic curves. Similar problems had been used previously in a hash function construction by Charles, Goren and Lauter. The talk will survey these systems and the mathematical ideas behind them.
I will then present a very powerful active attack on the supersingular isogeny encryption scheme, based on similar principles to the well-known “small subgroup attack” on DLP protocols. The attack is not prevented by any of the currently proposed “validation protocols”, but it can be avoided by using a relatively expensive countermeasure proposed by Kirkwood et al. I will briefly survey some other recent results. This is all joint work with Christophe Petit, Barak Shani and Yan Bo Ti.