CryptoDB
Supersingular Curves You can Trust
Authors: |
|
---|---|
Download: |
|
Presentation: | Slides |
Conference: | EUROCRYPT 2023 |
Abstract: | Generating a supersingular elliptic curve such that nobody knows its endomorphism ring is a notoriously hard task, despite several isogeny-based protocols relying on such an object. A trusted setup is often proposed as a workaround, but several aspects remain unclear. In this work, we develop the tools necessary to practically run such a distributed trusted-setup ceremony. Our key contribution is the first statistically zero-knowledge proof of isogeny knowledge that is compatible with any base field. To prove statistical ZK, we introduce isogeny graphs with Borel level structure and prove they have the Ramanujan property. Then, we analyze the security of a distributed trusted-setup protocol based on our ZK proof in the simplified universal composability framework. Lastly, we develop an optimized implementation of the ZK proof, and we propose a strategy to concretely deploy the trusted-setup protocol. |
BibTeX
@inproceedings{eurocrypt-2023-32968, title={Supersingular Curves You can Trust}, publisher={Springer-Verlag}, doi={10.1007/978-3-031-30617-4_14}, author={Andrea Basso and Giulio Codogni and Deirdre Connolly and Luca De Feo and Tako Boris Fouotsa and Guido Maria Lido and Travis Morrison and Lorenz Panny and Sikhar Patranabis and Benjamin Wesolowski}, year=2023 }