A New Adaptive Attack on SIDH
نویسندگان
چکیده
The SIDH key exchange is the main building block of SIKE, only isogeny based scheme involved in NIST standardization process. In 2016, Galbraith et al. presented an adaptive attack on SIDH. this attack, a malicious party manipulates torsion points his public order to recover honest party’s static secret key, when having access oracle. 2017, Petit designed passive (which was improved by de Quehen 2020) that exploits point information available endomorphism ring starting curve known. paper, firstly, we generalize attacks Secondly, introduce new vector SIDH-type schemes. Our uses oracle action larger subgroups. This leads unbalanced instance for which can be recovered polynomial time using generalized attacks. different from GPST and constitutes cryptanalytic tool cryptography. result proves are relevant (Disclaimer: applicable schemes only, not SIKE.) parameters setting. We suggest some primes discuss countermeasures.
منابع مشابه
A new attack on malaria.
n engl j med 358;23 www.nejm.org june 5, 2008 2425 foundation called on scientists and health officials to join in a global effort to eradicate malaria, an infection that kills more than a million people each year, most of them infants and children. Mention of the big “E word” has sparked a spirited debate about whether eradication will ever be possible, even as enthusiasm and funding build for...
متن کاملA new attack on the KMOVcryptosystem
In this paper, we analyze the security of the KMOV public key cryptosystem. KMOV is based on elliptic curves over the ring Zn where n = pq is the product of two large unknown primes of equal bit-size. We consider KMOV with a public key (n, e) where the exponent e satisfies an equation ex− (p + 1)(q + 1)y = z, with unknown parameters x, y, z. Using Diophantine approximations and lattice reductio...
متن کاملA New Related Message Attack on RSA
Coppersmith, Franklin, Patarin, and Reiter have shown that given two RSA cryptograms xemodN; and (ax + b)emodN for any known constants a; b 2 ZN one can compute x in O(e log e) ZN -operations with some positive error probability. We show that given e cryptograms ci (ax + b i)emodN; i = 0; 1; :::e 1; for any known constants a; b 2 ZN ; where gcd(a;N) = gcd(b;N) = gcd(e!; N) = 1; one can determin...
متن کاملA New Attack on 6-Round IDEA
IDEA is a 64-bit block cipher with 128-bit keys introduced by Lai and Massey in 1991. IDEA is one of the most widely used block ciphers, due to its inclusion in several cryptographic packages, such as PGP. Since its introduction in 1991, IDEA has withstood extensive cryptanalytic effort, but no attack was found on the full (8.5-round) variant of the cipher. In this paper we present the first kn...
متن کاملAn adaptive attack on Wiesner's quantum money
Unlike classical money, which is hard to forge for practical reasons (e.g. producing paper with a certain property), quantum money is attractive because its security might be based on the no-cloning theorem. The first quantum money scheme was introduced by Wiesner circa 1970. Although more sophisticated quantum money schemes were proposed, Wiesner’s scheme remained appealing because it is both ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2022
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-030-95312-6_14