Abstract
In this paper, we introduce a polynomial-time algorithm to compute a connecting O-ideal between two supersingular elliptic curves over Fp with common Fp-endomorphism ring O, given a description of their full endomorphism rings. This algorithm provides a reduction of the security of the CSIDH cryptosystem to the problem of computing endomorphism rings of supersingular elliptic curves. A similar reduction for SIDH appeared at Asiacrypt 2016, but relies on totally different techniques. Furthermore, we also show that any supersingular elliptic curve constructed using the complex-multiplication method can be located precisely in the supersingular isogeny graph by explicitly deriving a path to a known base curve. This result prohibits the use of such curves as a building block for a hash function into the supersingular isogeny graph.
Author supplied keywords
Cite
CITATION STYLE
Castryck, W., Panny, L., & Vercauteren, F. (2020). Rational Isogenies from Irrational Endomorphisms. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12106 LNCS, pp. 523–548). Springer. https://doi.org/10.1007/978-3-030-45724-2_18
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
