In 2011, Jao and de Feo introduced a key exchange protocol based on isogenies of supersingular elliptic curves. Similar problems had been used previously in a hash function construction by Charles, Goren and Lauter. The talk will survey these systems and the mathematical ideas behind them.

I will then present a very powerful active attack on the supersingular isogeny encryption scheme, based on similar principles to the well-known "small subgroup attack" on DLP protocols. The attack is not prevented by any of the currently proposed "validation protocols", but it can be avoided by using a relatively expensive countermeasure proposed by Kirkwood et al. I will briefly survey some other recent results. This is all joint work with Christophe Petit, Barak Shani and Yan Bo Ti.


Steven Galbraith

Research Area

The University of Auckland


Wed, 02/11/2016 - 2:00pm


RC-4082, The Red Centre, UNSW