14 July 2019
PQCrypto 2019: Post-Quantum Cryptography
We study (ℓ,ℓ) -isogeny graphs of principally polarised supersingular abelian surfaces (PPSSAS). The (ℓ,ℓ) -isogeny graph has cycles of small length that can be used to break the collision resistance assumption of the genus two isogeny hash function suggested by Takashima. Algorithms for computing (2, 2)-isogenies on the level of Jacobians and (3, 3)-isogenies on the level of Kummers are used to develop a genus two version of the supersingular isogeny Diffie–Hellman protocol of Jao and de Feo. The genus two isogeny Diffie–Hellman protocol achieves the same level of security as SIDH but uses a prime with a third of the bit length.
Submitted to ORA: