We present Séta (To be pronounced [?e:t?] meaning “walk” in Hungarian.), a new family of public-key encryption schemes with post-quantum security based on isogenies supersingular elliptic curves. It is constructed from trapdoor one-way functions, where the inversion algorithm uses Petit’s so called torsion attacks SIDH to compute an isogeny between curves given endomorphism starting curve and i...

We give a geometric criterion for Dirichlet L-functions associated to cyclic characters over the rational function field ????q(t) vanish at central point s=12. The idea is based on observation that vanishing can be interpreted as existence of map from projective curve character some abelian variety ????q. Using this criterion, we obtain lower bound number cubic whose where q=p4n any prime p?2 m...

Let E be an elliptic curve de ned over a nite eld. Balasubramanian and Koblitz have proved that if the ` roots of unity μ` is not contained in the ground eld, then a eld extension of the ground eld contains μ` if and only if the `-torsion points of E are rational over the same eld extension. We generalize this result to Jacobians of genus two curves. In particular, we show that the Weiland the ...

The classical Kummer construction attaches to an abelian surface a K3 surface. As Shioda and Katsura showed, this construction breaks down for supersingular abelian surfaces in characteristic two. Replacing supersingular abelian surfaces by the selfproduct of the rational cuspidal curve, and the sign involution by suitable infinitesimal group scheme actions, I give the correct Kummer-type const...

We present an attack on SIDH utilising isogenies between polarized products of two supersingular elliptic curves. In the case arbitrary starting curve, our (discovered independently from [8]) has subexponential complexity, thus significantly reducing security and SIKE. When endomorphism ring curve is known, (here derived polynomial-time complexity assuming generalised Riemann hypothesis. Our ap...

For certain security applications, including identity based encryption and short signature schemes, it is useful to have abelian varieties with security parameters that are neither too small nor too large. Supersingular abelian varieties are natural candidates for these applications. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieti...

Let F be a finite extension of Qp. Using the mod p Satake transform, we define what it means for an irreducible admissible smooth representation of an F -split p-adic reductive group over Fp to be supersingular. We then give the classification of irreducible admissible smooth GLn(F )-representations over Fp in terms of supersingular representations. As a consequence we deduce that supersingular...

For certain security applications, including identity based encryption and short signature schemes, it is useful to have abelian varieties with security parameters that are neither too small nor too large. Supersingular abelian varieties are natural candidates for these applications. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieti...