## CryptoDB

### Benjamin Smith

#### Publications

Year
Venue
Title
2021
TCHES
This paper introduces a new key space for CSIDH and a new algorithm for constant-time evaluation of the CSIDH group action. The key space is not useful with previous algorithms, and the algorithm is not useful with previous key spaces, but combining the new key space with the new algorithm produces speed records for constant-time CSIDH. For example, for CSIDH-512 with a 256-bit key space, the best previous constant-time results used 789000 multiplications and more than 200 million Skylake cycles; this paper uses 438006 multiplications and 125.53 million cycles.
2018
ASIACRYPT
We revisit the ordinary isogeny-graph based cryptosystems of Couveignes and Rostovtsev–Stolbunov, long dismissed as impractical. We give algorithmic improvements that accelerate key exchange in this framework, and explore the problem of generating suitable system parameters for contemporary pre- and post-quantum security that take advantage of these new algorithms. We also prove the session-key security of this key exchange in the Canetti–Krawczyk model, and the IND-CPA security of the related public-key encryption scheme, under reasonable assumptions on the hardness of computing isogeny walks. Our systems admit efficient key-validation techniques that yield CCA-secure encryption, thus providing an important step towards efficient post-quantum non-interactive key exchange (NIKE).
2017
ASIACRYPT
2016
CHES
2016
JOFC
2015
EPRINT
2014
EUROCRYPT
2013
ASIACRYPT
2011
ASIACRYPT
2009
JOFC
2008
EUROCRYPT
2007
EPRINT
We describe the use of explicit isogenies to reduce Discrete Logarithm Problems (DLPs) on Jacobians of hyperelliptic genus~$3$ curves to Jacobians of non-hyperelliptic genus~$3$ curves, which are vulnerable to faster index calculus attacks. We provide algorithms which compute an isogeny with kernel isomorphic to $(\mathbb{Z}/2\mathbb{Z})^3$ for any hyperelliptic genus~$3$ curve. These algorithms provide a rational isogeny for a positive fraction of all hyperelliptic genus~$3$ curves defined over a finite field of characteristic $p > 3$. Subject to reasonable assumptions, our algorithms provide an explicit and efficient reduction from hyperelliptic DLPs to non-hyperelliptic DLPs for around $18.57\%$ of all hyperelliptic genus~$3$ curves over a given finite field.
2006
EPRINT
D\'ech\`ene has proposed generalized Jacobians as a source of groups for public-key cryptosystems based on the hardness of the Discrete Logarithm Problem (DLP). Her specific proposal gives rise to a group isomorphic to the semidirect product of an elliptic curve and a multiplicative group of a finite field. We explain why her proposal has no advantages over simply taking the direct product of groups. We then argue that generalized Jacobians offer poorer security and efficiency than standard Jacobians.
2006
EPRINT
Distortion maps are a useful tool for pairing based cryptography. Compared with elliptic curves, the case of hyperelliptic curves of genus $g > 1$ is more complicated since the full torsion subgroup has rank $2g$. In this paper we prove that distortion maps always exist for supersingular curves of genus $g>1$ and we give several examples in genus $2$.