对2-SIDH的自适应攻击

IF 0.9 Q3 COMPUTER SCIENCE, THEORY & METHODS

International Journal of Computer Mathematics: Computer Systems Theory Pub Date : 2020-09-24 DOI:10.1080/23799927.2020.1822446

Samuel Dobson, S. Galbraith, Jason Legrow, Y. Ti, Lukas Zobernig

{"title":"对2-SIDH的自适应攻击","authors":"Samuel Dobson, S. Galbraith, Jason Legrow, Y. Ti, Lukas Zobernig","doi":"10.1080/23799927.2020.1822446","DOIUrl":null,"url":null,"abstract":"We present a polynomial-time adaptive attack on the 2-SIDH protocol. The 2-SIDH protocol is a special instance of the countermeasure proposed by Azarderakhsh, Jao and Leonardi to perform isogeny-based key exchange with static keys in the presence of an adaptive attack. This countermeasure has also been recently explicitly proposed by Kayacan. Our attack extends the adaptive attack by Galbraith, Petit, Shani and Ti (GPST) to recover a static secret key using malformed points. The extension of GPST is non-trivial and requires learning additional information. In particular, the attack needs to recover intermediate elliptic curves in the isogeny path, and points on them. We also discuss how to extend the attack to k-SIDH when k>2 and explain that the attack complexity is exponential in k.","PeriodicalId":37216,"journal":{"name":"International Journal of Computer Mathematics: Computer Systems Theory","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2020-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":"{\"title\":\"An adaptive attack on 2-SIDH\",\"authors\":\"Samuel Dobson, S. Galbraith, Jason Legrow, Y. Ti, Lukas Zobernig\",\"doi\":\"10.1080/23799927.2020.1822446\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a polynomial-time adaptive attack on the 2-SIDH protocol. The 2-SIDH protocol is a special instance of the countermeasure proposed by Azarderakhsh, Jao and Leonardi to perform isogeny-based key exchange with static keys in the presence of an adaptive attack. This countermeasure has also been recently explicitly proposed by Kayacan. Our attack extends the adaptive attack by Galbraith, Petit, Shani and Ti (GPST) to recover a static secret key using malformed points. The extension of GPST is non-trivial and requires learning additional information. In particular, the attack needs to recover intermediate elliptic curves in the isogeny path, and points on them. We also discuss how to extend the attack to k-SIDH when k>2 and explain that the attack complexity is exponential in k.\",\"PeriodicalId\":37216,\"journal\":{\"name\":\"International Journal of Computer Mathematics: Computer Systems Theory\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.9000,\"publicationDate\":\"2020-09-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"17\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Computer Mathematics: Computer Systems Theory\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/23799927.2020.1822446\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Computer Mathematics: Computer Systems Theory","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/23799927.2020.1822446","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 17

摘要

提出了一种针对2-SIDH协议的多项式时间自适应攻击方法。2-SIDH协议是Azarderakhsh, Jao和Leonardi提出的在存在自适应攻击的情况下使用静态密钥执行基于同基因的密钥交换的对策的一个特殊实例。卡亚坎最近也明确提出了这一对策。我们的攻击扩展了Galbraith, Petit, Shani和Ti (GPST)的自适应攻击，利用畸形点恢复静态密钥。GPST的扩展是非平凡的，需要学习额外的信息。特别是，攻击需要恢复中间椭圆曲线在等源路径，并在他们的点。我们还讨论了如何在k>2时将攻击扩展到k- sidh，并解释了攻击复杂度在k上是指数的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An adaptive attack on 2-SIDH

We present a polynomial-time adaptive attack on the 2-SIDH protocol. The 2-SIDH protocol is a special instance of the countermeasure proposed by Azarderakhsh, Jao and Leonardi to perform isogeny-based key exchange with static keys in the presence of an adaptive attack. This countermeasure has also been recently explicitly proposed by Kayacan. Our attack extends the adaptive attack by Galbraith, Petit, Shani and Ti (GPST) to recover a static secret key using malformed points. The extension of GPST is non-trivial and requires learning additional information. In particular, the attack needs to recover intermediate elliptic curves in the isogeny path, and points on them. We also discuss how to extend the attack to k-SIDH when k>2 and explain that the attack complexity is exponential in k.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Computer Mathematics: Computer Systems Theory Computer Science-Computational Theory and Mathematics

CiteScore

1.80

自引率

0.00%

发文量