On the security of supersingular isogeny cryptosystems


Wednesday, 2 November, 2016 - 14:00


RC-4082, The Red Centre, UNSW Kensington


School of Mathematics and Statistics
In 2011, Jao and de Feo introduced a key exchange protocol based on isogenies of supersingular elliptic curves. Similar problems had been used previously in a hash function construction by Charles, Goren and Lauter. The talk will survey these systems and the mathematical ideas behind them.
A very powerful active attack on the supersingular isogeny encryption scheme, based on similar principles to the well-known "small subgroup attack" on DLP protocols, will be presented. The attack is not prevented by any of the currently proposed "validation protocols", but it can be avoided by using a relatively expensive countermeasure proposed by Kirkwood et al. Some other recent results will also briefly be surveyed. This is all joint work with Christophe Petit, Barak Shani and Yan Bo Ti.


Steven Galbraith is a Professor at the University of Auckland.