SIKE Channels

Feo, Luca De; Mrabet, Nadia El; Genêt, Aymeric; ́c, Novak Kaluđerovi; Guertechin, Natacha Linard de; Pontié, S.; Tasso, Élise

doi:10.46586/tches.v2022.i3.264-289

Cited by 7 publications

(4 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, it cannot be adjusted in an obvious way to attack primitives that do not reveal this information, such as CRS/CSIDH [10], [39], [7] and SQISign [12], and the general supersingular isogeny path problem remains unaffected [44]. We forward the reader to an online project, initiated by De Feo, which attempts at organizing the most popular isogeny-based cryptographic protocols and their best classical and quantum attacks [14].…”

Section: Impact and Non-impact On Isogeny-based Cryptosystemsmentioning

confidence: 99%

“…Turning this decision method into a key recovery algorithm works along the lines of Section 6. First, we look for the smallest β ≥ 1 for which there exists an integer α ≥ 0 such that c = 2 a−α − 3 b−β (14) is smooth (this is an optimistic goal!). Then, for each guess for the first degree-3 β -component κ 1 of ϕ, we run our test to see whether or not there exists a degree-3 b−β -isogeny κ 1 (E 0 ) → E mapping 2 α κ 1 (P 0 ) to 2 α P and 2 α κ 1 (Q 0 ) to 2 α Q.…”

Section: Base Curves Whose Endomorphism Ring Is Unknownmentioning

confidence: 99%

“…Once κ 1 is found, we can proceed by steps of degree 3 as in Section 7.3. Since smoothness is such a rare event, it actually makes sense to recycle the expression (14) all along. Then we can also recycle our auxiliary isogeny γ, i.e., it only has to be computed once, including pushing through torsion points.…”

Section: Base Curves Whose Endomorphism Ring Is Unknownmentioning

confidence: 99%

See 2 more Smart Citations

An Efficient Key Recovery Attack on SIDH

Castryck

Decru

2023

Lecture Notes in Computer Science

129

View full text Add to dashboard Cite

We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH). The attack is based on Kani's "reducibility criterion" for isogenies from products of elliptic curves and strongly relies on the torsion point images that Alice and Bob exchange during the protocol. If we assume knowledge of the endomorphism ring of the starting curve then the classical running time is polynomial in the input size (heuristically), apart from the factorization of a small number of integers that only depend on the system parameters. The attack is particularly fast and easy to implement if one of the parties uses 2-isogenies and the starting curve comes equipped with a non-scalar endomorphism of very small degree; this is the case for SIKE, the instantiation of SIDH that recently advanced to the fourth round of NIST's standardization effort for post-quantum cryptography. Our Magma implementation breaks SIKEp434, which aims at security level 1, in about ten minutes on a single core.

show abstract

Section: Impact and Non-impact On Isogeny-based Cryptosystemsmentioning

confidence: 99%

Section: Base Curves Whose Endomorphism Ring Is Unknownmentioning

confidence: 99%

Section: Base Curves Whose Endomorphism Ring Is Unknownmentioning

confidence: 99%

See 1 more Smart Citation

An Efficient Key Recovery Attack on SIDH

Castryck

Decru

2023

Lecture Notes in Computer Science

129

View full text Add to dashboard Cite

show abstract

“…This implementation aims to provide efficient and secure cryptographic operations on resource-constrained devices such as the Cortex-M4. On the other hand, SIKE (supersingular isogeny key encapsulation) can also be implemented on Cortex-M4 [55,56]. It is a post-quantum key exchange scheme based on isogeny-based cryptography.…”

Section: Related Work In Abe and Other Security Schemesmentioning

confidence: 99%

Attribute-Based Encryption Schemes for Next Generation Wireless IoT Networks: A Comprehensive Survey

Shruti

Rani

Sah

et al. 2023

Sensors

View full text Add to dashboard Cite

Most data nowadays are stored in the cloud; therefore, cloud computing and its extension—fog computing—are the most in-demand services at the present time. Cloud and fog computing platforms are largely used by Internet of Things (IoT) applications where various mobile devices, end users, PCs, and smart objects are connected to each other via the internet. IoT applications are common in several application areas, such as healthcare, smart cities, industries, logistics, agriculture, and many more. Due to this, there is an increasing need for new security and privacy techniques, with attribute-based encryption (ABE) being the most effective among them. ABE provides fine-grained access control, enables secure storage of data on unreliable storage, and is flexible enough to be used in different systems. In this paper, we survey ABE schemes, their features, methodologies, benefits/drawbacks, attacks on ABE, and how ABE can be used with IoT and its applications. This survey reviews ABE models suitable for IoT platforms, taking into account the desired features and characteristics. We also discuss various performance indicators used for ABE and how they affect efficiency. Furthermore, some selected schemes are analyzed through simulation to compare their efficiency in terms of different performance indicators. As a result, we find that some schemes simultaneously perform well in one or two performance indicators, whereas none shines in all of them at once. The work will help researchers identify the characteristics of different ABE schemes quickly and recognize whether they are suitable for specific IoT applications. Future work that may be helpful for ABE is also discussed.

show abstract