Seminari di Crittografia - Venerdì 23 febbraio 2024

An efficient break of Supersingular Isogeny Diffie-Hellman 

• Wouter Castryck  (COSIC - KU Leuven) 10:30 - 11:30

Abstract:
Supersingular Isogeny Diffie-Hellman (SIDH) was a proposal for post-quantum key exchange, based on the hardness of finding isogenies between elliptic curves over finite fields. It got broken in the summer of 2022, through the use of isogenies between higher-dimensional principally polarized abelian varieties (in practice: Richelot isogenies). I will give an overview of this attack, of which we have a clearer understanding now, 1.5 years after the break. As time permits, I will also discuss some constructive applications. This is based on joint work with Decru, and will also cover work by Maino, Martindale, Panny, Robert, Wesolowski, and others.

Modular Curves Creeping Up in Isogeny Problems

• Luca De Feo (IBM Research Europe - Zurich) 11:30 - 12:30

Abstract:
After the spectacular attacks of summer 2022, the panorama of isogeny based cryptography has changed. One interesting take-away from the SIKE attacks and other recent results is that "torsion knowledge" matters. Although mostly ignored by cryptographers, a well established way to talk about torsion knowledge is the formalism of modular curves. I will explain how modular curves creep up in isogeny-based cryptography, and what they tell us about its security.

These talks will be anticipated by a 1-hour informal lecture by Wouter Castryck and Luca De Feo, where they will go through some of the preliminaries of their talks. This lecture will take place at 9 am, and its attendance is particularly suggested to master and PhD students. However, anyone looking for a primer on elliptic curves over finite fields, Jacobians of genus-2 curves and their isogenies is welcome.