### Solving norm equations to attack isogeny-based cryptosystems

Linfoot Number Theory Seminar

26th February 2020, 11:00 am – 12:00 pm

Fry Building, 2.04

This talk is motivated by analyzing the security of a cryptographic key exchange protocol called SIDH (Supersingular Isogeny Diffie-Hellman), which is based on isogeny graphs of supersingular elliptic curves. One of the biggest open problems in the field at the moment is, given a generic supersingular elliptic curve over a finite field of exponential size (e.g. about 2^256), compute its endomorphism ring. In fact, there is a attack from 2016 which shows that, if you can solve this open problem, then you can completely break the cryptosystem. We will introduce the context, and then discuss various ideas for constructing curves for which we can compute new endomorphisms.

This is joint work with Peter Kutas, Lorenz Panny, Christophe Petit, and Kate Stange.

## Comments are closed.