Faster Cryptographic Hash Function From Supersingular Isogeny Graphs
نویسندگان
چکیده
We propose a variant of the CGL hash [5] that is significantly faster than the original algorithm, and prove that it is preimage and collision resistant. For n = log p where p is the characteristic of the finite field, the performance ratio between CGL and the new proposal is (2n + 104.8)/(1.8 logn + 12.6). Assuming the best quantum preimage attack on the hash has complexityO(p 1 4 ), we attain a concrete speed-up for a 256-bit quantum preimage security level by a factor 70.35. For a 384-bit quantum preimage security level, the speed-up is by a factor 100.36.
منابع مشابه
Hard and Easy Problems for Supersingular Isogeny Graphs
We consider the endomorphism ring computation problem for supersingular elliptic curves, constructive versions of Deuring’s correspondence, and the security of Charles-Goren-Lauter’s cryptographic hash function. We show that constructing Deuring’s correspondence is easy in one direction and equivalent to the endomorphism ring computation problem in the other direction. We also provide a collisi...
متن کاملComputational problems in supersingular elliptic curve isogenies
We give a brief survey of elliptic curve isogenies and the computational problems relevant for supersingular isogeny crypto. Supersingular isogeny cryptography is attracting attention due to the fact that there are no quantum attacks known against it that are significantly faster than classical attacks. However, the underlying computational problems have not been sufficiently studied by quantum...
متن کاملOn the Hardness of Computing Endomorphism Rings of Supersingular Elliptic Curves
Cryptosystems based on supersingular isogenies have been proposed recently for use in post-quantum cryptography. Three problems have emerged related to their hardness: computing an isogeny between two curves, computing the endomorphism ring of a curve, and computing a maximal order associated to it. While some of these problems are believed to be polynomial-time equivalent based on heuristics, ...
متن کاملLoop-Abort Faults on Supersingular Isogeny Cryptosystems
Cryptographic schemes based on supersingular isogenies have become an active area of research in the field of post-quantum cryptography. We investigate the resistance of these cryptosystems to fault injection attacks. It appears that the iterative structure of the secret isogeny computation renders these schemes vulnerable to loop-abort attacks. Loop-abort faults allow to perform a full key rec...
متن کاملZeta Function and Cryptographic Exponent of Supersingular Curves of Genus 2
We compute in a direct (not algorithmic) way the zeta function of all supersingular curves of genus 2 over a finite field k, with many geometric automorphisms. We display these computations in an appendix where we select a family of representatives of all these curves up to k-isomorphism and we exhibit equations and the zeta function of all their k/k-twists. As an application we obtain a direct...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017