-
Failing to hash into supersingular isogeny graphs
Authors:
Jeremy Booher,
Ross Bowden,
Javad Doliskani,
Tako Boris Fouotsa,
Steven D. Galbraith,
Sabrina Kunzweiler,
Simon-Philipp Merz,
Christophe Petit,
Benjamin Smith,
Katherine E. Stange,
Yan Bo Ti,
Christelle Vincent,
José Felipe Voloch,
Charlotte Weitkämper,
Lukas Zobernig
Abstract:
An important open problem in supersingular isogeny-based cryptography is to produce, without a trusted authority, concrete examples of "hard supersingular curves" that is, equations for supersingular curves for which computing the endomorphism ring is as difficult as it is for random supersingular curves. A related open problem is to produce a hash function to the vertices of the supersingular…
▽ More
An important open problem in supersingular isogeny-based cryptography is to produce, without a trusted authority, concrete examples of "hard supersingular curves" that is, equations for supersingular curves for which computing the endomorphism ring is as difficult as it is for random supersingular curves. A related open problem is to produce a hash function to the vertices of the supersingular $\ell$-isogeny graph which does not reveal the endomorphism ring, or a path to a curve of known endomorphism ring. Such a hash function would open up interesting cryptographic applications. In this paper, we document a number of (thus far) failed attempts to solve this problem, in the hope that we may spur further research, and shed light on the challenges and obstacles to this endeavour. The mathematical approaches contained in this article include: (i) iterative root-finding for the supersingular polynomial; (ii) gcd's of specialized modular polynomials; (iii) using division polynomials to create small systems of equations; (iv) taking random walks in the isogeny graph of abelian surfaces; and (v) using quantum random walks.
△ Less
Submitted 8 May, 2024; v1 submitted 29 April, 2022;
originally announced May 2022.
-
Abelian Varieties with $p$-rank Zero
Authors:
Yan Bo Ti,
Gabriel Verret,
Lukas Zobernig
Abstract:
There is a well known theorem by Deuring which gives a criterion for when the reduction of an elliptic curve with complex multiplication (CM) by the ring of integers of an imaginary quadratic field has ordinary or supersingular reduction. We generalise this and a similar theorem by Goren in dimension 2, and classify the $p$-torsion group scheme of the reduction of 3-dimensional abelian varieties w…
▽ More
There is a well known theorem by Deuring which gives a criterion for when the reduction of an elliptic curve with complex multiplication (CM) by the ring of integers of an imaginary quadratic field has ordinary or supersingular reduction. We generalise this and a similar theorem by Goren in dimension 2, and classify the $p$-torsion group scheme of the reduction of 3-dimensional abelian varieties with CM by the ring of integers of a cyclic sextic CM field. We also prove a theorem in arbitrary dimension $g$ that distinguishes ordinary and superspecial reduction for abelian varieties with CM by a cyclic CM field of degree $2g$. As an application, we give algorithms to construct supersingular non-superspecial, and superspecial abelian varieties of dimension 2 (surfaces) and dimension 3, and show that all such varieties have non-integer endomorphisms of small degree.
△ Less
Submitted 16 March, 2022;
originally announced March 2022.
-
Genus 2 Curves in Small Characteristic
Authors:
Lukas Zobernig
Abstract:
We study genus 2 curves over finite fields of small characteristic. The $p$-rank $f$ of a curve induces a stratification of the coarse moduli space $\mathcal{M}_2$ of genus 2 curves up to isomorphism. We are interested in the size of those strata for all $f \in \{0,1,2\}$. In characteristic 2 and 3, previous results show that the supersingular $f=0$ stratum has size $q$. We show that for $q=3^r$,…
▽ More
We study genus 2 curves over finite fields of small characteristic. The $p$-rank $f$ of a curve induces a stratification of the coarse moduli space $\mathcal{M}_2$ of genus 2 curves up to isomorphism. We are interested in the size of those strata for all $f \in \{0,1,2\}$. In characteristic 2 and 3, previous results show that the supersingular $f=0$ stratum has size $q$. We show that for $q=3^r$, over $\mathbb{F}_q$ the non-ordinary $f=1$ and ordinary $f=2$ strata are of size $q(q-1)$ and $q^2(q-1)$, respectively. We give results found from computer calculations which suggest that these formulas hold for all $p \leq 7$ and break down for $p > 7$.
△ Less
Submitted 14 November, 2021;
originally announced November 2021.
-
Towards a Theory of Special-purpose Program Obfuscation
Authors:
Muhammad Rizwan Asghar,
Steven Galbraith,
Andrea Lanzi,
Giovanni Russello,
Lukas Zobernig
Abstract:
Most recent theoretical literature on program obfuscation is based on notions like Virtual Black Box (VBB) obfuscation and indistinguishability Obfuscation (iO). These notions are very strong and are hard to satisfy. Further, they offer far more protection than is typically required in practical applications. On the other hand, the security notions introduced by software security researchers are s…
▽ More
Most recent theoretical literature on program obfuscation is based on notions like Virtual Black Box (VBB) obfuscation and indistinguishability Obfuscation (iO). These notions are very strong and are hard to satisfy. Further, they offer far more protection than is typically required in practical applications. On the other hand, the security notions introduced by software security researchers are suitable for practical designs but are not formal or precise enough to enable researchers to provide a quantitative security assurance. Hence, in this paper, we introduce a new formalism for practical program obfuscation that still allows rigorous security proofs. We believe our formalism will make it easier to analyse the security of obfuscation schemes. To show the flexibility and power of our formalism, we give a number of examples. Moreover, we explain the close relationship between our formalism and the task of providing obfuscation challenges.
This is the full version of the paper. In this version, we also give a new rigorous analysis of several obfuscation techniques and we provide directions for future research.
△ Less
Submitted 4 November, 2020;
originally announced November 2020.