Related papers: Hidden Stabilizers, the Isogeny To Endomorphism Ring Problem and the Cryptanalysis of pSIDH

Hidden Stabilizers, the Isogeny To Endomorphism Ring Problem and the Cryptanalysis of pSIDH

URL: http://arxiv.org/abs/2305.19897v1
Date: Wed, 31 May 2023 14:30:32 GMT
Title: Hidden Stabilizers, the Isogeny To Endomorphism Ring Problem and the Cryptanalysis of pSIDH
Authors: Mingjie Chen, Muhammad Imran, G\'abor Ivanyos, P\'eter Kutas, Antonin Leroux, Christophe Petit
Abstract summary: The Isogeny to Endomorphism Ring Problem (IsERP) asks to compute the endomorphism ring of the codomain of an isogeny between supersingular curves. We introduce a new quantum-time algorithm to solve IsERP for isogenies whose degrees are odd and have $O(loglog p)$ many prime factors.
Score: 5.398058794903461
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The Isogeny to Endomorphism Ring Problem (IsERP) asks to compute the endomorphism ring of the codomain of an isogeny between supersingular curves in characteristic $p$ given only a representation for this isogeny, i.e. some data and an algorithm to evaluate this isogeny on any torsion point. This problem plays a central role in isogeny-based cryptography; it underlies the security of pSIDH protocol (ASIACRYPT 2022) and it is at the heart of the recent attacks that broke the SIDH key exchange. Prior to this work, no efficient algorithm was known to solve IsERP for a generic isogeny degree, the hardest case seemingly when the degree is prime. In this paper, we introduce a new quantum polynomial-time algorithm to solve IsERP for isogenies whose degrees are odd and have $O(\log\log p)$ many prime factors. As main technical tools, our algorithm uses a quantum algorithm for computing hidden Borel subgroups, a group action on supersingular isogenies from EUROCRYPT 2021, various algorithms for the Deuring correspondence and a new algorithm to lift arbitrary quaternion order elements modulo an odd integer $N$ with $O(\log\log p)$ many prime factors to powersmooth elements. As a main consequence for cryptography, we obtain a quantum polynomial-time key recovery attack on pSIDH. The technical tools we use may also be of independent interest.

Related papers

An Attack on $p$-adic Lattice Public-key Cryptosystems and Signature Schemes [3.444630356331766]
In this paper, we improve the LVP algorithm in local fields. We utilize this algorithm to attack the above schemes so that we are able to forge any message and decrypt any ciphertext. Although these schemes are broken, this work does not mean that $p$-adic lattices are not suitable in constructing cryptographic primitives.
arXiv Detail & Related papers (2024-09-13T12:31:57Z)
Sum-of-Squares inspired Quantum Metaheuristic for Polynomial Optimization with the Hadamard Test and Approximate Amplitude Constraints [76.53316706600717]
Recently proposed quantum algorithm arXiv:2206.14999 is based on semidefinite programming (SDP) We generalize the SDP-inspired quantum algorithm to sum-of-squares. Our results show that our algorithm is suitable for large problems and approximate the best known classicals.
arXiv Detail & Related papers (2024-08-14T19:04:13Z)
Efficient quantum algorithms for some instances of the semidirect discrete logarithm problem [2.90985742774369]
We show that the SDLP is even easier in some important special cases. We show that SPDH-Sign and similar cryptosystems whose security assumption is based on the presumed hardness of the SDLP are insecure against quantum attacks.
arXiv Detail & Related papers (2023-12-21T16:58:59Z)
Finding dense sub-lattices as low-energy states of a Hamiltonian [1.2183430883527995]
Lattice-based cryptography is one of the most prominent candidates for post-quantum cryptography. Shortest Vector Problem (SVP) is to find the shortest non-zero vector in a given lattice. We study a natural generalization of the SVP known as the $K$-Densest Sub-lattice Problem ($K$-DSP): to find the densest $K$-dimensional sub-lattice of a given lattice.
arXiv Detail & Related papers (2023-09-28T08:48:38Z)
Quantum Complexity for Discrete Logarithms and Related Problems [7.077306859247421]
We establish a generic model of quantum computation for group-theoretic problems, which we call the quantum generic group model. We show the quantum complexity lower bounds and almost matching algorithms of the DL and related problems in this model. variations of Shor's algorithm can take advantage of classical computations to reduce the number of quantum group operations.
arXiv Detail & Related papers (2023-07-06T15:32:50Z)
Homomorphic Encryption of the k=2 Bernstein-Vazirani Algorithm [0.4511923587827301]
We find an application of this scheme to quantum homomorphic encryption (QHE) which is an important cryptographic technology useful for delegated quantum computation. We develop QHE schemes with perfect security, $mathcalF$-homomorphism, no interaction between server and client, and quasi-compactness bounded by $O(M)$ where M is the number of gates $T$ in the circuit.
arXiv Detail & Related papers (2023-03-30T14:49:15Z)
Refined Regret for Adversarial MDPs with Linear Function Approximation [50.00022394876222]
We consider learning in an adversarial Decision Process (MDP) where the loss functions can change arbitrarily over $K$ episodes. This paper provides two algorithms that improve the regret to $tildemathcal O(K2/3)$ in the same setting.
arXiv Detail & Related papers (2023-01-30T14:37:21Z)
Complexity-Theoretic Limitations on Quantum Algorithms for Topological Data Analysis [59.545114016224254]
Quantum algorithms for topological data analysis seem to provide an exponential advantage over the best classical approach. We show that the central task of TDA -- estimating Betti numbers -- is intractable even for quantum computers. We argue that an exponential quantum advantage can be recovered if the input data is given as a specification of simplices.
arXiv Detail & Related papers (2022-09-28T17:53:25Z)
A Variational Quantum Attack for AES-like Symmetric Cryptography [69.80357450216633]
We propose a variational quantum attack algorithm (VQAA) for classical AES-like symmetric cryptography. In the VQAA, the known ciphertext is encoded as the ground state of a Hamiltonian that is constructed through a regular graph.
arXiv Detail & Related papers (2022-05-07T03:15:15Z)
Fuzzy Clustering with Similarity Queries [56.96625809888241]
The fuzzy or soft objective is a popular generalization of the well-known $k$-means problem. We show that by making few queries, the problem becomes easier to solve.
arXiv Detail & Related papers (2021-06-04T02:32:26Z)
A Polynomial Time Algorithm for Learning Halfspaces with Tsybakov Noise [55.45544638410858]
We study the problem of PAC learning homogeneous halfspaces in the presence of Tsybakov noise. Our algorithm learns the true halfspace within any accuracy $epsilon$.
arXiv Detail & Related papers (2020-10-04T22:19:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.