Constructing elliptic curve isogenies in quantum subexponential time
TLDR
In this article, a quantum algorithm for constructing an isogeny between two elliptic curves is presented, where the isogenies from an elliptic curve E to itself form the endomorphism ring of the curve; this ring is an imaginary quadratic order O∆ of discriminant ∆ < 0.Abstract:
Quantum computation has the potential for dramatic impact on cryptography. Shor’s algorithm [16] breaks the two most widely used public-key cryptosystems, RSA encryption and elliptic curve cryptography. Related quantum algorithms could break other classical cryptographic protocols, such as Buchmann-Williams key exchange [8] and algebraically homomorphic encryption [5]. Thus there is considerable interest in understanding which classical cryptographic schemes are or are not secure against quantum attacks, both from a practical perspective and as a potential source of new quantum algorithms that outperform classical computation. While it is well known that quantum computers can efficiently solve the discrete logarithm problem in elliptic curve groups, other computations involving elliptic curves may be significantly more difficult. In particular, Couveignes [4] and Rostovtsev and Stolbunov [15, 17] proposed publickey cryptosystems based on the presumed difficulty of constructing an isogeny between two given elliptic curves. Informally, an isogeny is a map between curves that preserves their algebraic structure. Isogenies play a major role in classical computational number theory, yet as far as we are aware they have yet to be studied from the standpoint of quantum computation. In this work, we present a quantum algorithm for constructing an isogeny between two ordinary elliptic curves. The isogenies from an elliptic curve E to itself form the endomorphism ring of the curve; this ring is an imaginary quadratic order O∆ of discriminant ∆ < 0. Given two isogenous ordinary elliptic curves E0, E1 over Fq with the same endomorphism ring O∆, we show how to construct an isogeny φ : E0 → E1 (specified by its kernel, represented by a smooth ideal class [b] ∈ Cl(O∆)). The output of this algorithm is sufficient to recover the private key in all proposed isogeny-based public-key cryptosystems [4, 15, 17]. The running time of our algorithm is subexponential—specifically, assuming the Generalized Riemann Hypothesis (GRH), it runs in time L(12 , √ 3 2 ), where L( 2 , c) := exp [ (c+ o(1)) √ ln q ln ln q ] .read more
Citations
More filters
Journal ArticleDOI
Quantum cryptography beyond quantum key distribution
TL;DR: In this paper, the authors survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD, including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives.
Journal ArticleDOI
From Pre-Quantum to Post-Quantum IoT Security: A Survey on Quantum-Resistant Cryptosystems for the Internet of Things
TL;DR: A survey on what can be called post-quantum IoT systems (IoT systems protected from the currently known quantum computing attacks): the main post-Quantum cryptosystems and initiatives are reviewed, the most relevant IoT architectures and challenges are analyzed, and the expected future trends are indicated.
Book ChapterDOI
Identification Protocols and Signature Schemes Based on Supersingular Isogeny Problems
TL;DR: A new identification protocol and new signature schemes based on isogeny problems based on the hardness of the endomorphism ring computation problem are provided and their efficiency is studied, highlighting very small key sizes and reasonably efficient signing and verification algorithms.
Proceedings ArticleDOI
Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields
Jean-François Biasse,Fang Song +1 more
TL;DR: It is shown that CGP and PIP reduce naturally to the computation of S-unit groups, which is another fundamental problem in number theory, and an efficient quantum reduction from computing S-units to the continuous hidden subgroup problem introduced in [11].
Book ChapterDOI
A Quantum Algorithm for Computing Isogenies between Supersingular Elliptic Curves
TL;DR: A quantum algorithm for computing an isogeny between any two supersingular elliptic curves defined over a given finite field that is an asymptotic improvement over the previous fastest known method which had complexity \(\tilde{O}(p^{1/2})\) (on both classical and quantum computers).
References
More filters
Journal ArticleDOI
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
TL;DR: In this paper, the authors considered factoring integers and finding discrete logarithms on a quantum computer and gave an efficient randomized algorithm for these two problems, which takes a number of steps polynomial in the input size of the integer to be factored.
Journal ArticleDOI
Reducing elliptic curve logarithms to logarithms in a finite field
TL;DR: The main result of the paper is to demonstrate the reduction of the elliptic curve logarithm problem to the logarathm problem in the multiplicative group of an extension of the underlying finite field, thus providing a probabilistic subexponential time algorithm for the former problem.
Journal ArticleDOI
Endomorphisms of Abelian Varieties over Finite Fields.
TL;DR: In this paper, it was shown that HOmk(A', A") is a free module of rank 2g over the ring Z l of l-adic integers, and the canonical map is Z-free.
Book
Primes of the Form x2 + ny2: Fermat, Class Field Theory, and Complex Multiplication
Abstract: FROM FERMAT TO GAUSS. Fermat, Euler and Quadratic Reciprocity. Lagrange, Legendre and Quadratic Forms. Gauss, Composition and Genera. Cubic and Biquadratic Reciprocity. CLASS FIELD THEORY. The Hilbert Class Field and p = x 2 + ny 2 . The Hilbert Class Field and Genus Theory. Orders in Imaginary Quadratic Fields. Class Fields Theory and the Cebotarev Density Theorem. Ring Class Field and p = x 2 + ny 2 . COMPLEX MULTIPLICATION. Elliptic Functions and Complex Multiplication. Modular Functions and Ring Class Fields. Modular Functions and Singular j--Invariants. The Class Equation. Ellpitic Curves. References. Index.
Journal ArticleDOI
Abelian varieties over finite fields
TL;DR: Gauthier-Villars as mentioned in this paper implique l'accord avec les conditions générales d'utilisation (http://www.numdam.org/conditions).
Related Papers (5)
Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies
David Jao,Luca De Feo +1 more