On the Security of Supersingular Isogeny Cryptosystems

06.09.2016, 10:00 – 11:30

2016/09/06 10:00-11:30

Speaker: Steven Galbraith | Location: Hochschulstraße 10 (S2|02), Piloty Building, Room A120, Darmstadt

Organizer: CROSSING


In 2011, Jao and de Feo introduced a key exchange protocol based on isogenies of supersingular elliptic curves. Similar problems had been used previously in a hash function construction by Charles, Goren and Lauter. The talk will survey these systems and the mathematical ideas behind them.

I will then present a very powerful active attack on the supersingular isogeny encryption scheme, based on similar principles to the well-known “small subgroup attack” on DLP protocols. The attack is not prevented by any of the currently proposed “validation protocols”, but it can be avoided by using a relatively expensive countermeasure proposed by Kirkwood et al. I will briefly survey some other recent results. This is all joint work with Christophe Petit, Barak Shani and Yan Bo Ti.

Short Bio

Website of Steven Galbraith.