Déposez votre fichier ici pour le déplacer vers cet enregistrement.
y
Finding an explicit isogeny between two given isogenous elliptic curves over a finite field is considered a hard problem, even for quantum computers. In 2011 this led Jao and De Feo to propose a key exchange protocol that became known as SIDH, shorthand for Supersingular Isogeny Diÿe-Hellman. The security of SIDH does not rely on a pure isogeny problem, due to certain 'auxiliary' elliptic curve points that are exchanged during the protocol (for constructive reasons). In this talk I will discuss a break of SIDH that was discovered in collaboration with Thomas Decru. The attack uses isogenies between abelian surfaces and exploits the aforementioned auxiliary points, so it does not break the pure isogeny problem. I will also discuss improvements of this attack due to Maino et al. and Robert, as well as a countermeasure by Fouotsa et al., along with breaks of this countermeasure in some special cases.
[-] Finding an explicit isogeny between two given isogenous elliptic curves over a finite field is considered a hard problem, even for quantum computers. In 2011 this led Jao and De Feo to propose a key exchange protocol that became known as SIDH, shorthand for Supersingular Isogeny Diÿe-Hellman. The security of SIDH does not rely on a pure isogeny problem, due to certain 'auxiliary' elliptic curve points that are exchanged during the protocol (for ...
[+] 14G50 ; 14K02 ; 14H52 ; 14H40 ; 14G15
Déposez votre fichier ici pour le déplacer vers cet enregistrement.
2 y
It is classical that, for example, there is a simple abelian variety of dimension $4$ which is not the jacobian of any curve of genus $4$, and it is not hard to see that there is one defined over the field of all algebraic numbers $\overline{\bf Q}$. In $2012$ Chai and Oort asked if there is a simple abelian fourfold, defined over $\overline{\bf Q}$, which is not even isogenous to any jacobian. In the same year Tsimerman answered ''yes''. Recently Zannier and I have done this over the rationals $\bf Q$, and with ''yes, almost all''. In my talk I will explain ''almost all'' the concepts involved.
[-] It is classical that, for example, there is a simple abelian variety of dimension $4$ which is not the jacobian of any curve of genus $4$, and it is not hard to see that there is one defined over the field of all algebraic numbers $\overline{\bf Q}$. In $2012$ Chai and Oort asked if there is a simple abelian fourfold, defined over $\overline{\bf Q}$, which is not even isogenous to any jacobian. In the same year Tsimerman answered ''yes''. ...
[+] 14H40 ; 14K02 ; 14K15 ; 11G10
Déposez votre fichier ici pour le déplacer vers cet enregistrement.
y
Computing endomorphism rings of supersingular elliptic curves is an important problem in computational number theory, and it is also closely connected to the security of some of the recently proposed isogeny-based cryptosystems. In this talk we give a new algorithm for computing the endomorphism ring of a supersingular elliptic curve. The algorithm works by first computing two cycles in the l-isogeny graph that create an order in the endomorphism ring of the curve E. Then we determine which maximal order containing this order is the endomorphism ring of E.
This is joint work with Hallgren, Leonardi, Morrison and Park.
[-] Computing endomorphism rings of supersingular elliptic curves is an important problem in computational number theory, and it is also closely connected to the security of some of the recently proposed isogeny-based cryptosystems. In this talk we give a new algorithm for computing the endomorphism ring of a supersingular elliptic curve. The algorithm works by first computing two cycles in the l-isogeny graph that create an order in the en...
[+] 14H52 ; 14K02 ; 11G20
Français
