On random sampling of supersingular elliptic curves

IF 1 3区数学 Q1 MATHEMATICS

Annali di Matematica Pura ed Applicata Pub Date : 2024-12-02 DOI:10.1007/s10231-024-01528-x

Marzio Mula, Nadir Murru, Federico Pintore

{"title":"On random sampling of supersingular elliptic curves","authors":"Marzio Mula, Nadir Murru, Federico Pintore","doi":"10.1007/s10231-024-01528-x","DOIUrl":null,"url":null,"abstract":"<div><p>We consider the problem of sampling random supersingular elliptic curves over finite fields of cryptographic size (SRS problem). The currently best-known method combines the reduction of a suitable complex multiplication (CM) elliptic curve and a random walk over some supersingular isogeny graph. Unfortunately, this method is not suitable when the endomorphism ring of the generated curve needs to be hidden, like in some cryptographic applications. This motivates a stricter version of the SRS problem, requiring that the sampling algorithm gives no information about the endomorphism ring of the output curve (cSRS problem). In this work we formally define the SRS and cSRS problems, which are both of theoretical interest. We discuss the relevance of the two problems for cryptographic applications, and we provide a self-contained survey of the known approaches to solve them. Those for the cSRS problem have exponential complexity in the characteristic of the base finite field (since they require computing and finding roots of polynomials of large degree), leaving the problem open. In the second part of the paper, we propose and analyse some alternative techniques—based either on the Hasse invariant or division polynomials—and we explain the reasons why they do not readily lead to efficient cSRS algorithms, but they may open promising research directions.</p></div>","PeriodicalId":8265,"journal":{"name":"Annali di Matematica Pura ed Applicata","volume":"204 3","pages":"1293 - 1335"},"PeriodicalIF":1.0000,"publicationDate":"2024-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10231-024-01528-x.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annali di Matematica Pura ed Applicata","FirstCategoryId":"100","ListUrlMain":"https://link.springer.com/article/10.1007/s10231-024-01528-x","RegionNum":3,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"MATHEMATICS","Score":null,"Total":0}

引用次数: 0

Abstract

We consider the problem of sampling random supersingular elliptic curves over finite fields of cryptographic size (SRS problem). The currently best-known method combines the reduction of a suitable complex multiplication (CM) elliptic curve and a random walk over some supersingular isogeny graph. Unfortunately, this method is not suitable when the endomorphism ring of the generated curve needs to be hidden, like in some cryptographic applications. This motivates a stricter version of the SRS problem, requiring that the sampling algorithm gives no information about the endomorphism ring of the output curve (cSRS problem). In this work we formally define the SRS and cSRS problems, which are both of theoretical interest. We discuss the relevance of the two problems for cryptographic applications, and we provide a self-contained survey of the known approaches to solve them. Those for the cSRS problem have exponential complexity in the characteristic of the base finite field (since they require computing and finding roots of polynomials of large degree), leaving the problem open. In the second part of the paper, we propose and analyse some alternative techniques—based either on the Hasse invariant or division polynomials—and we explain the reasons why they do not readily lead to efficient cSRS algorithms, but they may open promising research directions.

查看原文本刊更多论文

超奇异椭圆曲线的随机抽样

研究有限域上随机超奇异椭圆曲线的抽样问题（SRS问题）。目前最著名的方法是将合适的复乘法（CM）椭圆曲线的约简与在超奇异等根图上的随机漫步相结合。不幸的是，当需要隐藏生成曲线的自同态环时，如在某些密码学应用中，这种方法不适用。这激发了SRS问题更严格的版本，要求采样算法不提供关于输出曲线的自同态环的信息（cSRS问题）。在这项工作中，我们正式定义了SRS和cSRS问题，这两个问题都是理论兴趣。我们讨论了这两个问题在密码学应用中的相关性，并提供了解决它们的已知方法的独立调查。那些cSRS问题在基有限域的特征上具有指数复杂度（因为它们需要计算和寻找大次多项式的根），使问题处于开放状态。在本文的第二部分，我们提出并分析了一些基于Hasse不变多项式或除法多项式的替代技术，并解释了它们不容易导致高效cSRS算法的原因，但它们可能开辟有前途的研究方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Annali di Matematica Pura ed Applicata 数学-数学

CiteScore

2.10

自引率

10.00%

发文量

审稿时长

>12 weeks

期刊介绍： This journal, the oldest scientific periodical in Italy, was originally edited by Barnaba Tortolini and Francesco Brioschi and has appeared since 1850. Nowadays it is managed by a nonprofit organization, the Fondazione Annali di Matematica Pura ed Applicata, c.o. Dipartimento di Matematica "U. Dini", viale Morgagni 67A, 50134 Firenze, Italy, e-mail annali@math.unifi.it). A board of Italian university professors governs the Fondazione and appoints the editors of the journal, whose responsibility it is to supervise the refereeing process. The names of governors and editors appear on the front page of each issue. Their addresses appear in the title pages of each issue.