Genus two isogeny cryptography

Author: 

Flynn, E
Ti, Y

Publication Date: 

14 July 2019

Journal: 

PQCrypto 2019: Post-Quantum Cryptography

Last Updated: 

2020-01-21T16:29:52.64+00:00

Volume: 

11505

DOI: 

10.1007/978-3-030-25510-7_16

page: 

286-306

abstract: 

We study (ℓ,ℓ) -isogeny graphs of principally polarised supersingular abelian surfaces (PPSSAS). The (ℓ,ℓ) -isogeny graph has cycles of small length that can be used to break the collision resistance assumption of the genus two isogeny hash function suggested by Takashima. Algorithms for computing (2, 2)-isogenies on the level of Jacobians and (3, 3)-isogenies on the level of Kummers are used to develop a genus two version of the supersingular isogeny Diffie–Hellman protocol of Jao and de Feo. The genus two isogeny Diffie–Hellman protocol achieves the same level of security as SIDH but uses a prime with a third of the bit length.

Symplectic id: 

966649

Submitted to ORA: 

Not Submitted

Publication Type: 

Conference Paper

ISBN-13: 

9783030255107