International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 09 August 2022

Luciano Maino, Chloe Martindale
ePrint Report ePrint Report
We present an attack on SIDH which does not require any endomorphism information on the starting curve. Our attack is not polynomial-time, but significantly reduces the security of SIDH and SIKE; our analysis and preliminary implementation suggests that our algorithm will be feasible for the Microsoft challenge parameters $p = 2^{110}3^{67}-1$ on a regular computer. Our attack applies to any isogeny-based cryptosystem that publishes the images of points under the secret isogeny, for example Séta [26] and B-SIDH [9]. It does not apply to CSIDH [8], CSI-FiSh [3], or SQISign [11].

Additional news items may be found on the IACR news page.