isogeny graphs in cryptography
play

Isogeny Graphs in Cryptography Luca De Feo hand-drawings by Rachel - PowerPoint PPT Presentation

Mar 01, 2024 •271 likes •1.01k views

Isogeny Graphs in Cryptography Luca De Feo hand-drawings by Rachel Deyts Universit de Versailles & Inria, Universit Paris-Saclay May 31, 2018, Journes du Pr-GDR Scurit, Paris Elliptic curves Let E y 2 x 3 ax b be

  1. Isogeny Graphs in Cryptography Luca De Feo hand-drawings by Rachel Deyts Université de Versailles & Inria, Université Paris-Saclay May 31, 2018, Journées du Pré-GDR Sécurité, Paris

  2. Elliptic curves Let E ✿ y 2 ❂ x 3 ✰ ax ✰ b be an elliptic curve... R Q P P ✰ Q Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 2 / 44

  3. ✰ Elliptic curves Let E ✿ y 2 ❂ x 3 ✰ ax ✰ b be an elliptic curve... Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 2 / 44

  4. ✰ Elliptic curves Let E ✿ y 2 ❂ x 3 ✰ ax ✰ b be an elliptic curve... Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 2 / 44

  5. ✰ Elliptic curves Let E ✿ y 2 ❂ x 3 ✰ ax ✰ b be an elliptic curve... Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 2 / 44

  6. ✰ Elliptic curves Let E ✿ y 2 ❂ x 3 ✰ ax ✰ b be an elliptic curve... Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 2 / 44

  7. ✰ Elliptic curves Let E ✿ y 2 ❂ x 3 ✰ ax ✰ b be an elliptic curve... Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 2 / 44

  8. Elliptic curves Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 3 / 44

  9. The QUANTHOM Menace Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 4 / 44

  10. Post-quantum cryptographer? Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 5 / 44

  11. Elliptic curves of the world, UNITE! QUOUSQUE QUANTUM? QUANTUM SUFFICIT! Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 6 / 44

  12. And so, they found a way around the Quanthom... Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 7 / 44

  13. And so, they found a way around the Quanthom... Public curve Public curve Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 7 / 44

  14. And so, they found a way around the Quanthom... Public curve Shared secret Public curve Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 7 / 44

  15. What’s an isogeny? Rebus: 1-3-7-3-8-6 Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 8 / 44

  16. Isogenies Isogenies are just the right notion TM of morphism for elliptic curves Surjective group morphisms. Algebraic maps (i.e., defined by polynomials). (Separable) isogenies ✱ finite subgroups: ✦ E ✵ ✦ 0 ✣ 0 ✦ H ✦ E The kernel H determines the image curve E ✵ up to isomorphism def ❂ E ✵ ✿ E ❂ H Isogeny degree Neither of these definitions is quite correct, but they nearly are: The degree of ✣ is the cardinality of ❦❡r ✣ . (Bisson) the degree of ✣ is the time needed to compute it. Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 9 / 44

  17. ❋ ✄ ✼✦ Isogenies: an example over ❋ 11 E ✿ y 2 ❂ x 3 ✰ x E ✵ ✿ y 2 ❂ x 3 � 4 x ✥ ✦ x 2 ✰ 1 y x 2 � 1 ✣ ✭ x ❀ y ✮ ❂ ❀ x 2 x Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 10 / 44

  18. ❋ ✄ ✼✦ Isogenies: an example over ❋ 11 E ✿ y 2 ❂ x 3 ✰ x E ✵ ✿ y 2 ❂ x 3 � 4 x ✥ ✦ x 2 ✰ 1 y x 2 � 1 ✣ ✭ x ❀ y ✮ ❂ ❀ x 2 x Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 10 / 44

  19. ❋ ✄ ✼✦ Isogenies: an example over ❋ 11 E ✿ y 2 ❂ x 3 ✰ x E ✵ ✿ y 2 ❂ x 3 � 4 x ✥ ✦ x 2 ✰ 1 y x 2 � 1 ✣ ✭ x ❀ y ✮ ❂ ❀ x 2 x Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 10 / 44

  20. ❋ ✄ ✼✦ Isogenies: an example over ❋ 11 E ✿ y 2 ❂ x 3 ✰ x E ✵ ✿ y 2 ❂ x 3 � 4 x Kernel generator in red. ✥ ✦ x 2 ✰ 1 y x 2 � 1 ✣ ✭ x ❀ y ✮ ❂ ❀ x 2 x Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 10 / 44

  21. ❋ ✄ ✼✦ Isogenies: an example over ❋ 11 E ✿ y 2 ❂ x 3 ✰ x E ✵ ✿ y 2 ❂ x 3 � 4 x Kernel generator in red. ✥ ✦ x 2 ✰ 1 y x 2 � 1 This is a degree 2 map. ✣ ✭ x ❀ y ✮ ❂ ❀ x 2 x Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 10 / 44

  22. Isogenies: an example over ❋ 11 E ✿ y 2 ❂ x 3 ✰ x E ✵ ✿ y 2 ❂ x 3 � 4 x Kernel generator in red. ✥ ✦ x 2 ✰ 1 y x 2 � 1 This is a degree 2 map. ✣ ✭ x ❀ y ✮ ❂ ❀ x 2 x Analogous to x ✼✦ x 2 in ❋ ✄ q . Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 10 / 44

  23. Easy and hard problems In practice: an isogeny ✣ is just a pair of rational fractions x n ✰ ✁ ✁ ✁ ✰ n 1 x ✰ n 0 N ✭ x ✮ with n ❂ ❞❡❣ ✣❀ D ✭ x ✮ ❂ ✷ k ✭ x ✮ ❀ x n � 1 ✰ ✁ ✁ ✁ ✰ d 1 x ✰ d 0 and D ✭ x ✮ vanishes on ❦❡r ✣ . ⑦ Vélu’s formulas ❖ ✭ n ✮ Input: A generator of the kernel H of the isogeny. Output: The curve E ❂ H and the rational fraction N ❂ D . The explicit isogeny problem Input: The curves E and E ❂ H , the degree n . Output: The rational fraction N ❂ D . ⑦ Algorithms a Elkies’ algorithm (and variants); ❖ ✭ n ✮ ⑦ Couveignes’ algorithm (and variants). ❖ ✭ n 2 ✮ a Elkies 1998; Couveignes 1996. Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 11 / 44

  24. Easy and hard problems Isogeny evaluation Input: A description of the isogeny ✣ , a point P ✷ E ✭ k ✮ . Output: The curve E ❂ H and ✣ ✭ P ✮ . Examples Input = rational fraction; O ✭ n ✮ ⑦ Input = composition of low degree isogenies; ❖ ✭❧♦❣ n ✮ The isogeny walk problem O ✭❄❄✮ Input: Isogenous curves E , E ✵ . Output: A path of low degree isogenies from E to E ✵ . Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 12 / 44

  25. Easy and hard problems Isogeny evaluation Input: A description of the isogeny ✣ , a point P ✷ E ✭ k ✮ . Output: The curve E ❂ H and ✣ ✭ P ✮ . Examples Input = rational fraction; O ✭ n ✮ ⑦ Input = composition of low degree isogenies; ❖ ✭❧♦❣ n ✮ The isogeny walk problem O ✭❄❄✮ Input: Isogenous curves E , E ✵ . Output: A path of low degree isogenies from E to E ✵ . Exponential separation... Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 12 / 44

  26. Easy and hard problems Isogeny evaluation Input: A description of the isogeny ✣ , a point P ✷ E ✭ k ✮ . Output: The curve E ❂ H and ✣ ✭ P ✮ . Examples Input = rational fraction; O ✭ n ✮ ⑦ Input = composition of low degree isogenies; ❖ ✭❧♦❣ n ✮ The isogeny walk problem O ✭❄❄✮ Input: Isogenous curves E , E ✵ . Output: A path of low degree isogenies from E to E ✵ . Exponential separation...Crypto happens! Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 12 / 44

  27. Isogeny graphs ✣ We look at the graph of elliptic curves with E ✵ E isogenies up to isomorphism. We say two isogenies ✣❀ ✣ ✵ are isomorphic if: ❡ ✣ ✵ E ✵ Example: Finite field, ordinary case, graph of isogenies of degree 3 . Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 13 / 44

  28. Structure of the graph 1 Theorem (Serre-Tate) Two curves are isogenous over a finite field k if and only if they have the same number of points on k . The graph of isogenies of prime degree ❵ ✻ ❂ p Ordinary case (isogeny volcanoes) Nodes can have degree 0 ❀ 1 ❀ 2 or ❵ ✰ 1 . ■ For ✘ 50 ✪ of the primes ❵ , graphs are just isolated points; ■ For other ✘ 50 ✪ , graphs are 2 -regular; ■ other cases only happen for finitely many ❵ ’s. Supersingular case (algebraic closure) The graph is ❵ ✰ 1 -regular. There is a unique (finite) connected component made of all supersingular curves with the same number of points. 1 Deuring 1941; Kohel 1996; Fouquet and Morain 2002. Luca De Feo (UVSQ & INRIA) Isogeny Graphs in Cryptography May 31, 2018, GDR Sécurité, Paris 14 / 44

Recommend

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ March 18, 2019 Mathematical foundations of asymmetric cryptography Aussois, Savoie Slides online at https://defeo.lu/docet/ Overview Isogeny graphs 1 Elliptic Curves

1.96k views • 156 slides
Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ July 29 August 29,

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ July 29 August 29,

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ July 29 August 29, 2019 Cryptography meets Graph Theory Wrzburg, Franken, Germany Luca De Feo (U Paris Saclay) Isogeny graphs in cryptography Jul 29Aug 2,

1.99k views • 174 slides
Isogeny graphs in cryptography: the good, the bad and the ugly Luca De Feo Universit Paris

Isogeny graphs in cryptography: the good, the bad and the ugly Luca De Feo Universit Paris

Isogeny graphs in cryptography: the good, the bad and the ugly Luca De Feo Universit Paris Saclay UVSQ May 13, 2019, Universit di Roma 3, Roma Slides online at https://defeo.lu/docet/ Elliptic curves Let E y 2 x 3 ax b

1.22k views • 76 slides
Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ & Inria March

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ & Inria March

Isogeny graphs in cryptography Luca De Feo Universit Paris Saclay, UVSQ & Inria March 1923, 2018, Post-Scryptum Spring School, Les 7 Laux Slides online at http://defeo.lu/docet/ Photo courtesy of Elisa Lorenzo-Garca Overview

1.87k views • 144 slides
Isogeny graphs with real multiplication Sorina Ionica Ecole Normale Suprieure de Paris joint

Isogeny graphs with real multiplication Sorina Ionica Ecole Normale Suprieure de Paris joint

Isogeny graphs with real multiplication Sorina Ionica Ecole Normale Suprieure de Paris joint work with Emmanuel Thom Sorina Ionica 1 / 24 Isogeny graphs Kohel 1996: Graph with vertices elliptic curves defined over F q and edges all

302 views • 27 slides
BROOKS JETCHEV WESOLOWSKI ISOGENY GRAPHS OF ORDINARY ABELIAN VARIETIES PRESENTED AT ECC 2017,

BROOKS JETCHEV WESOLOWSKI ISOGENY GRAPHS OF ORDINARY ABELIAN VARIETIES PRESENTED AT ECC 2017,

ERNEST HUNTER DIMITAR BENJAMIN BROOKS JETCHEV WESOLOWSKI ISOGENY GRAPHS OF ORDINARY ABELIAN VARIETIES PRESENTED AT ECC 2017, NIJMEGEN, THE NETHERLANDS BY BENJAMIN WESOLOWSKI FROM EPFL, SWITZERLAND AN INTRODUCTION TO ISOGENY GRAPHS

770 views • 63 slides
Advances in isogeny-based cryptography Benjamin Smith Inria + Laboratoire dInformatique de

Advances in isogeny-based cryptography Benjamin Smith Inria + Laboratoire dInformatique de

Advances in isogeny-based cryptography Benjamin Smith Inria + Laboratoire dInformatique de lcole polytechnique (LIX) 1 Arithmetic of low-dimensional abelian varieties // ICERM // 6/6/19 Elliptic curve cryptography 1 Breaking keypairs

821 views • 57 slides
20 years of isogeny-based cryptography Luca De Feo feat. Jean Kieffer, Benjamin Smith

20 years of isogeny-based cryptography Luca De Feo feat. Jean Kieffer, Benjamin Smith

20 years of isogeny-based cryptography Luca De Feo feat. Jean Kieffer, Benjamin Smith Universit Paris Saclay, UVSQ & Inria November 14, 2017, Elliptic Curve Cryptography, Nijmegen Slides online at http://defeo.lu/docet/ Overview

1.07k views • 84 slides
Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 18, 2019

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 18, 2019

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 18, 2019 Simula UiB, Bergen Slides online at https://defeo.lu/docet Why isogenies? Six families still in NIST post-quantum competition: Lattices 9

2k views • 172 slides
Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 28, 2019

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 28, 2019

Isogeny Based Cryptography: an Introduction Luca De Feo IBM Research Zrich November 28, 2019 NTNU, Trondheim Slides online at https://defeo.lu/docet Why isogenies? Six families still in NIST post-quantum competition: Lattices 9 encryption

1.95k views • 160 slides
Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics & Optimization

Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics & Optimization

Isogeny-Based Public-Key Cryptography David Jao Department of Combinatorics & Optimization Centre for Applied Cryptographic Research June 17, 2016 CENTRE FOR APPLIED CRYPTOGRAPHIC RESEARCH (CACR) Motivation: Post-Quantum Cryptography

355 views • 16 slides
Isogeny-based cryptography, a quantum-safe alternative Annamaria Iezzi University of South

Isogeny-based cryptography, a quantum-safe alternative Annamaria Iezzi University of South

Isogeny-based cryptography, a quantum-safe alternative Annamaria Iezzi University of South Florida FWIMD - February 9, 2019 The key exchange problem ALICE and BELLE, communicating over a public channel, want to agree on a common secret

499 views • 18 slides
Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven

Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven

Isogeny-Based Cryptography Tanja Lange (with lots of slides by Lorenz Panny) Eindhoven University of Technology 20 & 21 July 2020 DiffieHellman key exchange 76 Public parameters: a finite group G (traditionally F p , today

1.65k views • 118 slides
Constructing Canonical Strategies For Parallel Implementation Of Isogeny Based Cryptography Aaron

Constructing Canonical Strategies For Parallel Implementation Of Isogeny Based Cryptography Aaron

Constructing Canonical Strategies For Parallel Implementation Of Isogeny Based Cryptography Aaron Hutchinson and Koray Karabina Florida Atlantic University INDOCRYPT 2018 Acknowledgment: This research was supported by the Army Research Office

288 views • 18 slides
Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe

Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe

Another Look At Some Isogeny Hardness Assumptions Simon-Phillipp Merz, Romy Minko, Christophe Petit ECC 2019 3 December 1 / 50 Motivation Isogeny based cryptography Another Look at Provable Security Neal Koblitz Dept. of

780 views • 61 slides
An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017

An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017

An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017 Nijmegen, The Netherlands W. Castryck (GIF): Elliptic curves are dead: long live elliptic curves https://www.esat.kuleuven.be/cosic/?p=7404

1.07k views • 78 slides
Isogeny graphs in dimension 2 2014/12/17 Cryptographic seminar Caen Gatan Bisson, Romain

Isogeny graphs in dimension 2 2014/12/17 Cryptographic seminar Caen Gatan Bisson, Romain

Isogeny graphs in dimension 2 2014/12/17 Cryptographic seminar Caen Gatan Bisson, Romain Cosset, Alina Dudeanu, Sorina Ionica, Dimitar Jetchev, David Lubicz, Chlo Martindale, Damien Robert Isogenies on elliptic curves Abelian

598 views • 44 slides
isogeny-based cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 8,

isogeny-based cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 8,

An introduction to supersingular isogeny-based cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 8, 2017 ibenik , Croatia T owards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

1.46k views • 51 slides
Exploring Isogeny Graphs Around the Volcano in 2 80 Days Luca De Feo hand drawings by Rachel

Exploring Isogeny Graphs Around the Volcano in 2 80 Days Luca De Feo hand drawings by Rachel

Exploring Isogeny Graphs Around the Volcano in 2 80 Days Luca De Feo hand drawings by Rachel Deyts Universit Paris Saclay UVSQ Dec 14, 2018, UVSQ, Versailles Elliptic curves Let E y 2 x 3 ax b be an elliptic curve...

1.02k views • 85 slides
ORIENTING SUPERSINGULAR ISOGENY GRAPHS LEONARDO COL & DAVID KOHEL 1 / 22 Institut de

ORIENTING SUPERSINGULAR ISOGENY GRAPHS LEONARDO COL & DAVID KOHEL 1 / 22 Institut de

ORIENTING SUPERSINGULAR ISOGENY GRAPHS LEONARDO COL & DAVID KOHEL 1 / 22 Institut de Mathmatiques de Marseille Journes Nationales de Calcul Formel 2019 CIRM, Luminy, 7 February 2019 Leonardo COL ( I2M-AMU ) OSIDH 7 February 2019 2

966 views • 73 slides
Supersingular Isogeny Graphs and Endomorphism Rings: Reductions and Solutions Kirsten Eisentr

Supersingular Isogeny Graphs and Endomorphism Rings: Reductions and Solutions Kirsten Eisentr

Supersingular Isogeny Graphs and Endomorphism Rings: Reductions and Solutions Kirsten Eisentr ager (Penn State), Sean Hallgren (Penn State), Kristin Lauter (Microsoft Research), Travis Morrison (Penn State), Christophe Petit (Birmingham)

427 views • 38 slides
ORIENTING SUPERSINGULAR ISOGENY GRAPHS LEONARDO COL & DAVID KOHEL Institut de Mathmatiques

ORIENTING SUPERSINGULAR ISOGENY GRAPHS LEONARDO COL & DAVID KOHEL Institut de Mathmatiques

ORIENTING SUPERSINGULAR ISOGENY GRAPHS LEONARDO COL & DAVID KOHEL Institut de Mathmatiques de Marseille Number-Theoretic Methods in Cryptology 2019 Sorbonne Universit, Institut de Mathmatiques de Jussieu Paris, 26 June 2019 Leonardo

739 views • 53 slides
Algorithms for isogeny graphs Sorina Ionica Ecole Normale Suprieure Paris Inria Bordeaux 5

Algorithms for isogeny graphs Sorina Ionica Ecole Normale Suprieure Paris Inria Bordeaux 5

Algorithms for isogeny graphs Sorina Ionica Ecole Normale Suprieure Paris Inria Bordeaux 5 fvrier 2013 Sorina Ionica 1 / 35 Cryptographic motivation We need an abelian variety of small dimension (i.e. 1,2) defined over F q s.t. # A ( F q

833 views • 35 slides
Towards practical key exchange from ordinary isogeny graphs Luca De Feo 1,3 Jean Kieffer 2,3,4

Towards practical key exchange from ordinary isogeny graphs Luca De Feo 1,3 Jean Kieffer 2,3,4

Towards practical key exchange from ordinary isogeny graphs Luca De Feo 1,3 Jean Kieffer 2,3,4 Benjamin Smith 3 1 UVSQ, Universit Paris Saclay 2 cole normale suprieure, Paris 3 Inria and cole polytechnique, Universit Paris Saclay 4 Inria

882 views • 74 slides

More recommend