[Resource Topic] 2023/1229: Two Remarks on Torsion-Point Attacks in Isogeny-Based Cryptography

Welcome to the resource topic for 2023/1229

Title:
Two Remarks on Torsion-Point Attacks in Isogeny-Based Cryptography

Authors: Francesco Sica

Abstract:

We fix an omission in [Petit17] on torsion point attacks of isogeny-based cryptosystems akin to SIDH, also reprised in [dQuehen-etal21]. In these works, their authors represent certain integers using a norm equation to derive a secret isogeny. However, this derivation uses as a crucial ingredient ([Petit17] Section 4.3), which we show to be incorrect. We then state sufficient conditions allowing to prove a modified version this lemma.

A further idea of parametrizing solutions of the norm equation will show that these conditions can be fulfilled under the same heuristics of these previous works. Our contribution is a theoretical one. It doesn’t invalidate the attack, which works as well in practice, but gives a correct mathematical justification for it.

We also simplify the argument of Theorem 3 in [dQuehen-etal21] to show that the requirement that m be small is unnecessary.

ePrint: https://eprint.iacr.org/2023/1229

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .