Hidden Stabilizers, the Isogeny To Endomorphism Ring Problem and the
Cryptanalysis of pSIDH
- URL: http://arxiv.org/abs/2305.19897v1
- Date: Wed, 31 May 2023 14:30:32 GMT
- Title: Hidden Stabilizers, the Isogeny To Endomorphism Ring Problem and the
Cryptanalysis of pSIDH
- Authors: Mingjie Chen, Muhammad Imran, G\'abor Ivanyos, P\'eter Kutas, Antonin
Leroux, Christophe Petit
- Abstract summary: The Isogeny to Endomorphism Ring Problem (IsERP) asks to compute the endomorphism ring of the codomain of an isogeny between supersingular curves.
We introduce a new quantum-time algorithm to solve IsERP for isogenies whose degrees are odd and have $O(loglog p)$ many prime factors.
- Score: 5.398058794903461
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The Isogeny to Endomorphism Ring Problem (IsERP) asks to compute the
endomorphism ring of the codomain of an isogeny between supersingular curves in
characteristic $p$ given only a representation for this isogeny, i.e. some data
and an algorithm to evaluate this isogeny on any torsion point. This problem
plays a central role in isogeny-based cryptography; it underlies the security
of pSIDH protocol (ASIACRYPT 2022) and it is at the heart of the recent attacks
that broke the SIDH key exchange. Prior to this work, no efficient algorithm
was known to solve IsERP for a generic isogeny degree, the hardest case
seemingly when the degree is prime.
In this paper, we introduce a new quantum polynomial-time algorithm to solve
IsERP for isogenies whose degrees are odd and have $O(\log\log p)$ many prime
factors. As main technical tools, our algorithm uses a quantum algorithm for
computing hidden Borel subgroups, a group action on supersingular isogenies
from EUROCRYPT 2021, various algorithms for the Deuring correspondence and a
new algorithm to lift arbitrary quaternion order elements modulo an odd integer
$N$ with $O(\log\log p)$ many prime factors to powersmooth elements.
As a main consequence for cryptography, we obtain a quantum polynomial-time
key recovery attack on pSIDH. The technical tools we use may also be of
independent interest.
Related papers
- Efficient quantum algorithms for some instances of the semidirect
discrete logarithm problem [2.90985742774369]
We show that the SDLP is even easier in some important special cases.
We show that SPDH-Sign and similar cryptosystems whose security assumption is based on the presumed hardness of the SDLP are insecure against quantum attacks.
arXiv Detail & Related papers (2023-12-21T16:58:59Z) - On finding dense sub-lattices as low energy states of a quantum
Hamiltonian [1.3070944530614654]
Lattice-based cryptography is one of the most prominent candidates for post-quantum cryptography.
Shortest Vector Problem (SVP) is to find the shortest non-zero vector in a given lattice.
We study a natural generalization of the SVP known as the $K$-Densest Sub-lattice Problem ($K$-DSP): to find the densest $K$-dimensional sub-lattice of a given lattice.
arXiv Detail & Related papers (2023-09-28T08:48:38Z) - Quantum Complexity for Discrete Logarithms and Related Problems [9.092600296992922]
We establish a generic model of quantum computation for group-theoretic problems, which we call the quantum generic group model.
We show the quantum complexity lower bounds and almost matching algorithms of the DL and related problems in this model.
variations of Shor's algorithm can take advantage of classical computations to reduce the number of quantum group operations.
arXiv Detail & Related papers (2023-07-06T15:32:50Z) - Homomorphic Encryption of the k=2 Bernstein-Vazirani Algorithm [0.4511923587827301]
We find an application of this scheme to quantum homomorphic encryption (QHE) which is an important cryptographic technology useful for delegated quantum computation.
We develop QHE schemes with perfect security, $mathcalF$-homomorphism, no interaction between server and client, and quasi-compactness bounded by $O(M)$ where M is the number of gates $T$ in the circuit.
arXiv Detail & Related papers (2023-03-30T14:49:15Z) - Detection-Recovery Gap for Planted Dense Cycles [72.4451045270967]
We consider a model where a dense cycle with expected bandwidth $n tau$ and edge density $p$ is planted in an ErdHos-R'enyi graph $G(n,q)$.
We characterize the computational thresholds for the associated detection and recovery problems for the class of low-degree algorithms.
arXiv Detail & Related papers (2023-02-13T22:51:07Z) - Refined Regret for Adversarial MDPs with Linear Function Approximation [50.00022394876222]
We consider learning in an adversarial Decision Process (MDP) where the loss functions can change arbitrarily over $K$ episodes.
This paper provides two algorithms that improve the regret to $tildemathcal O(K2/3)$ in the same setting.
arXiv Detail & Related papers (2023-01-30T14:37:21Z) - Complexity-Theoretic Limitations on Quantum Algorithms for Topological
Data Analysis [59.545114016224254]
Quantum algorithms for topological data analysis seem to provide an exponential advantage over the best classical approach.
We show that the central task of TDA -- estimating Betti numbers -- is intractable even for quantum computers.
We argue that an exponential quantum advantage can be recovered if the input data is given as a specification of simplices.
arXiv Detail & Related papers (2022-09-28T17:53:25Z) - A Variational Quantum Attack for AES-like Symmetric Cryptography [69.80357450216633]
We propose a variational quantum attack algorithm (VQAA) for classical AES-like symmetric cryptography.
In the VQAA, the known ciphertext is encoded as the ground state of a Hamiltonian that is constructed through a regular graph.
arXiv Detail & Related papers (2022-05-07T03:15:15Z) - Fuzzy Clustering with Similarity Queries [56.96625809888241]
The fuzzy or soft objective is a popular generalization of the well-known $k$-means problem.
We show that by making few queries, the problem becomes easier to solve.
arXiv Detail & Related papers (2021-06-04T02:32:26Z) - A Polynomial Time Algorithm for Learning Halfspaces with Tsybakov Noise [55.45544638410858]
We study the problem of PAC learning homogeneous halfspaces in the presence of Tsybakov noise.
Our algorithm learns the true halfspace within any accuracy $epsilon$.
arXiv Detail & Related papers (2020-10-04T22:19:06Z) - Number Partitioning with Grover's Algorithm in Central Spin Systems [0.0]
We propose a Grover search for solutions to a class of NP-complete decision problems known as subset sum problems.
Each problem instance is encoded in the couplings of a set of qubits to a central spin or boson, which enables a realization of the oracle without knowledge of the solution.
arXiv Detail & Related papers (2020-09-11T17:31:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.