Re: [cryptography] Supersingular Isogeny DH
On 7/8/15, Marcel <tiepelt@dev-nu11.de> wrote:
... So my question is, why do i need to random values m_A and n_A to compute the torsiongroup E[l_A] and respectively the kernel K_A ?
Why does is not suffice to use only 1 point to generate E[l_A] and Kernel K_A ?
it is late, and i may mis understand, yet the two are requisite for peers arriving at a shared secret by way of these constructed isogeny; and the random values necessary to not give too much (confirm secret values, without exposing secret values) i found this paper a helpful expansion on the subject: http://cacr.uwaterloo.ca/techreports/2014/cacr2014-20.pdf "In this paper, we mainly explore the efficiency of implementing recently proposed isogeny-based post-quantum public key cryptography..." specifically the graph on page 5. note that the key exchange relies on finding a path connecting vertices in a graph of supersingular isogenies - thus a pair on both ends, not just a pair arrived at among both participants. if this is clear as mud, i will try tomorrow on a fresh brain :) best regards,
On Thu, Jul 09, 2015 at 01:24:12AM -0700, coderman wrote:
i found this paper a helpful expansion on the subject: http://cacr.uwaterloo.ca/techreports/2014/cacr2014-20.pdf "In this paper, we mainly explore the efficiency of implementing recently proposed isogeny-based post-quantum public key cryptography..."
Disclaimer: I am a lame noob at this. IMHO "post-quantum" is not well defined. To my knowledge it is not known if quantum computers can solve SAT efficiently, which might break much more stuff than factoring. If it happens P=NP with low exponent quantum computers might not give much advantage. P=NP with best complexity O(n^{1000}) probably is irrelevant _in practice_ as of now. Remotely related: http://blog.computationalcomplexity.org/2004/06/impagliazzos-five-worlds.htm... Impagliazzo's Five Worlds -- georgi
participants (2)
-
coderman
-
Georgi Guninski