A modular approach to OSIDH
Leonardo Colò
I2M, Aix-Marseille Université
/user/leonardo.colO/
Date(s) : 19/05/2022 iCal
11h00 - 12h00
We recently defined an OSIDH protocol — for oriented supersingular isogeny Diffie-Hellman — by imposing the data of an orientation by an imaginary quadratic ring O on the category of supersingular elliptic curves. Starting with an elliptic curve E_0 oriented by a CM order O_K of class number one, we push forward the class group action along an l-isogeny chains, on which the class group of an order O of large index l^n in O_K acts. The map from l-isogeny chains to its terminus forgets the structure of the orientation, and the original base curve E_0. For a sufficiently long random l-isogeny chain, the terminal curve represents a generic supersingular elliptic curve.
One of the advantages of working in this general framework is that the group action by Cl(O) can be carried out effectively solely on the sequence of moduli points (such as j-invariants) on a modular curve, thereby avoiding expensive generic isogeny computations or the requirement of rational torsion points. The goal of this talk is to describe how to realize this group action as an effective algorithm, make it efficient, and introduce the use of level structures, replacing the j-line X(1) with a modular curve X(Γ) of higher level. This is joint work with David Kohel.
References
[1] W. Castryck, T. Lange, C. Martindale, L. Panny, and J. Renes. CSIDH: an efficient post- quantum commutative group action. Cryptology ePrint Archive, 2018/383, https://eprint. iacr.org/2018/383
Emplacement
I2M Luminy - Ancienne BU, Salle Séminaire CIELL (1er étage)
Catégories
