International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 21 August 2019

Simon-Philipp Merz, Romy Minko, Christophe Petit
ePrint Report ePrint Report
The security proofs for isogeny-based undeniable signature schemes have been based primarily on two isogeny hardness assumptions: that the One-Sided Modified SSCDH problem and the One-More SSCDH problem are hard to solve. We challenge the validity of these assumptions, showing that both the decisional and computational variants of these problems can be solved in constant time. We further demonstrate an attack, applicable to two undeniable signature schemes, one of which was proposed at PQCrypto 2014, which allows an adversary to forge signatures in $2^{4\lambda/5}$ steps on a classical computer. This is an improvement over the expected classical security of $2^{\lambda}$, where $\lambda$ is the chosen security parameter.
Expand

Additional news items may be found on the IACR news page.