Failing to hash into supersingular isogeny graphs
- URL: http://arxiv.org/abs/2205.00135v3
- Date: Wed, 8 May 2024 18:59:08 GMT
- Title: Failing to hash into supersingular isogeny graphs
- Authors: Jeremy Booher, Ross Bowden, Javad Doliskani, Tako Boris Fouotsa, Steven D. Galbraith, Sabrina Kunzweiler, Simon-Philipp Merz, Christophe Petit, Benjamin Smith, Katherine E. Stange, Yan Bo Ti, Christelle Vincent, José Felipe Voloch, Charlotte Weitkämper, Lukas Zobernig,
- Abstract summary: An important cryptographic open problem is to produce, without a trusted authority, concrete examples of "hard supersingular curves"
We document a number of failed attempts to solve this problem, in the hope that we may spur further research, and shed light on the challenges and obstacles to this endeavour.
- Score: 4.57147786707036
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: An important open problem in supersingular isogeny-based cryptography is to produce, without a trusted authority, concrete examples of "hard supersingular curves" that is, equations for supersingular curves for which computing the endomorphism ring is as difficult as it is for random supersingular curves. A related open problem is to produce a hash function to the vertices of the supersingular $\ell$-isogeny graph which does not reveal the endomorphism ring, or a path to a curve of known endomorphism ring. Such a hash function would open up interesting cryptographic applications. In this paper, we document a number of (thus far) failed attempts to solve this problem, in the hope that we may spur further research, and shed light on the challenges and obstacles to this endeavour. The mathematical approaches contained in this article include: (i) iterative root-finding for the supersingular polynomial; (ii) gcd's of specialized modular polynomials; (iii) using division polynomials to create small systems of equations; (iv) taking random walks in the isogeny graph of abelian surfaces; and (v) using quantum random walks.
Related papers
- Computing Isomorphisms between Products of Supersingular Elliptic Curves [0.9467360130705919]
Deligne-Ogus-Shioda theorem guarantees the existence of isomorphisms between products of supersingular elliptic curves over finite fields.
We present methods for explicitly computing these isomorphisms in time, given the rings of the curves involved.
arXiv Detail & Related papers (2025-03-27T14:26:31Z) - CayleyPy RL: Pathfinding and Reinforcement Learning on Cayley Graphs [0.0]
This paper is the second in a series of studies on developing efficient artificial intelligence-based approaches to pathfinding on large graphs.
We present a novel combination of a reinforcement learning approach with a more direct diffusion distance approach from the first paper.
We provide strong support for the OEIS-A186783 conjecture that the diameter is equal to n(n-1)/2 by machine learning and mathematical methods.
arXiv Detail & Related papers (2025-02-25T21:53:41Z) - Unconditional foundations for supersingular isogeny-based cryptography [5.01069065110753]
We prove that the supersingular isogeny problem (Isogeny) is equivalent to the worst ring problem (EndRing) and maximal order problem (MaxOrder)
For cryptographic applications, one requires computational problems to be hard on average for random instances.
We extend this result to prove that if any of the above-mentionned classical problems is hard in the case, then all of them are hard on average.
arXiv Detail & Related papers (2025-02-24T09:46:03Z) - Minors solve the elliptic curve discrete logarithm problem [0.0]
This paper explores ways to solve the elliptic curve discrete logarithm problem.
It follows our earlier work, where we tried to solve this problem by finding a zero minor in a matrix over the same finite field on which the elliptic curve is defined.
arXiv Detail & Related papers (2023-10-06T10:05:25Z) - The supersingular endomorphism ring problem given one endomorphism [5.01069065110753]
We prove that the endomorphism ring of E can be computed in classical time.
We also prove that the action of smooth ideals on elliptic curves can be computed in time.
arXiv Detail & Related papers (2023-09-21T09:22:43Z) - The supersingular Endomorphism Ring and One Endomorphism problems are equivalent [5.01069065110753]
The endomorphism ring problem is equivalent to the problem of computing arbitrary isogenies between supersingular elliptic curves.
We introduce a flexible framework for the study of isogeny graphs with additional information.
arXiv Detail & Related papers (2023-09-19T08:47:12Z) - Discrete Quantum Walks on the Symmetric Group [0.0]
In quantum walks, the propagation is governed by quantum mechanical rules; generalizing random walks to the quantum setting.
In this paper we investigate the discrete time coined quantum walk (DTCQW) model using tools from non-commutative Fourier analysis.
Specifically, we are interested in characterizing the DTCQW on Cayley graphs generated by the symmetric group ($sym$) with appropriate generating sets.
arXiv Detail & Related papers (2022-03-28T23:48:08Z) - Decimation technique for open quantum systems: a case study with
driven-dissipative bosonic chains [62.997667081978825]
Unavoidable coupling of quantum systems to external degrees of freedom leads to dissipative (non-unitary) dynamics.
We introduce a method to deal with these systems based on the calculation of (dissipative) lattice Green's function.
We illustrate the power of this method with several examples of driven-dissipative bosonic chains of increasing complexity.
arXiv Detail & Related papers (2022-02-15T19:00:09Z) - Lattice-Based Methods Surpass Sum-of-Squares in Clustering [98.46302040220395]
Clustering is a fundamental primitive in unsupervised learning.
Recent work has established lower bounds against the class of low-degree methods.
We show that, perhaps surprisingly, this particular clustering model textitdoes not exhibit a statistical-to-computational gap.
arXiv Detail & Related papers (2021-12-07T18:50:17Z) - Complexity of Supersymmetric Systems and the Cohomology Problem [0.0]
We consider the complexity of the local Hamiltonian problem in the context of fermionic Hamiltonians with $mathcal N=2 $ supersymmetry.
Our main motivation for studying this is the fact that the ground state energy of a supersymmetric system is exactly zero if and only if a certain cohomology group is nontrivial.
arXiv Detail & Related papers (2021-06-30T18:00:01Z) - Online Dense Subgraph Discovery via Blurred-Graph Feedback [87.9850024070244]
We introduce a novel learning problem for dense subgraph discovery.
We first propose a edge-time algorithm that obtains a nearly-optimal solution with high probability.
We then design a more scalable algorithm with a theoretical guarantee.
arXiv Detail & Related papers (2020-06-24T11:37:33Z) - Hardness of Random Optimization Problems for Boolean Circuits,
Low-Degree Polynomials, and Langevin Dynamics [78.46689176407936]
We show that families of algorithms fail to produce nearly optimal solutions with high probability.
For the case of Boolean circuits, our results improve the state-of-the-art bounds known in circuit complexity theory.
arXiv Detail & Related papers (2020-04-25T05:45:59Z) - Semiparametric Nonlinear Bipartite Graph Representation Learning with
Provable Guarantees [106.91654068632882]
We consider the bipartite graph and formalize its representation learning problem as a statistical estimation problem of parameters in a semiparametric exponential family distribution.
We show that the proposed objective is strongly convex in a neighborhood around the ground truth, so that a gradient descent-based method achieves linear convergence rate.
Our estimator is robust to any model misspecification within the exponential family, which is validated in extensive experiments.
arXiv Detail & Related papers (2020-03-02T16:40:36Z) - On estimating the entropy of shallow circuit outputs [49.1574468325115]
Estimating the entropy of probability distributions and quantum states is a fundamental task in information processing.
We show that entropy estimation for distributions or states produced by either log-depth circuits or constant-depth circuits with gates of bounded fan-in and unbounded fan-out is at least as hard as the Learning with Errors problem.
arXiv Detail & Related papers (2020-02-27T15:32:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.