B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion
C Costello - Advances in Cryptology–ASIACRYPT 2020: 26th …, 2020 - Springer
This paper explores a new way of instantiating isogeny-based cryptography in which parties
can work in both the (p+ 1)(p+ 1)-torsion of a set of supersingular curves and in the (p-1)(p …
can work in both the (p+ 1)(p+ 1)-torsion of a set of supersingular curves and in the (p-1)(p …
{SHA-1} is a shambles: First {Chosen-Prefix} collision on {SHA-1} and application to the {PGP} web of trust
The SHA-1 hash function was designed in 1995 and has been widely used during two
decades. A theoretical collision attack was first proposed in 2004 [WYY05], but due to its …
decades. A theoretical collision attack was first proposed in 2004 [WYY05], but due to its …
Oblivious pseudorandom functions from isogenies
An oblivious PRF, or OPRF, is a protocol between a client and a server, where the server
has a key k for a secure pseudorandom function F, and the client has an input x for the …
has a key k for a secure pseudorandom function F, and the client has an input x for the …
Not Enough LESS: An Improved Algorithm for Solving Code Equivalence Problems over
W Beullens - International Conference on Selected Areas in …, 2020 - Springer
Recently, a new code based signature scheme, called LESS, was proposed with three
concrete instantiations, each aiming to provide 128 bits of classical security 3. Two …
concrete instantiations, each aiming to provide 128 bits of classical security 3. Two …
Improved classical cryptanalysis of SIKE in practice
The main contribution of this work is an optimized implementation of the van Oorschot-
Wiener (vOW) parallel collision finding algorithm. As is typical for cryptanalysis against …
Wiener (vOW) parallel collision finding algorithm. As is typical for cryptanalysis against …
The supersingular isogeny problem in genus 2 and beyond
C Costello, B Smith - International Conference on Post-Quantum …, 2020 - Springer
Let A/F _p and A'/F _p be superspecial principally polarized abelian varieties of dimension
g> 1. For any prime ℓ ≠ p, we give an algorithm that finds a path ϕ: A → A'in the (ℓ,\dots, ℓ) …
g> 1. For any prime ℓ ≠ p, we give an algorithm that finds a path ϕ: A → A'in the (ℓ,\dots, ℓ) …
Supersingular isogeny key exchange for beginners
C Costello - Selected Areas in Cryptography–SAC 2019: 26th …, 2020 - Springer
Supersingular Isogeny Key Exchange for Beginners | SpringerLink Skip to main content
Advertisement SpringerLink Account Menu Find a journal Publish with us Track your research …
Advertisement SpringerLink Account Menu Find a journal Publish with us Track your research …
[PDF][PDF] Mapreduce methodology for elliptical curve discrete logarithmic problems–securing telecom networks
M Subhashini, R Gopinath - International Journal of Electrical …, 2020 - academia.edu
ABSTRACT Elliptic Curve Cryptography (ECC) is capable of constructing public-key
cryptosystems. Specifically, the security of the ECC minimizes to testing the ability to handle …
cryptosystems. Specifically, the security of the ECC minimizes to testing the ability to handle …
The MALICIOUS framework: embedding backdoors into tweakable block ciphers
Inserting backdoors in encryption algorithms has long seemed like a very interesting, yet
difficult problem. Most attempts have been unsuccessful for symmetric-key primitives so far …
difficult problem. Most attempts have been unsuccessful for symmetric-key primitives so far …
Low Weight Discrete Logarithm and Subset Sum in with Polynomial Memory
We propose two heuristic polynomial memory collision finding algorithms for the low
Hamming weight discrete logarithm problem in any abelian group G. The first one is a direct …
Hamming weight discrete logarithm problem in any abelian group G. The first one is a direct …