Current browse context:
math.NT
Change to browse by:
References & Citations
Mathematics > Number Theory
Title: Orienteering with one endomorphism
(Submitted on 26 Jan 2022 (v1), last revised 19 Oct 2022 (this version, v3))
Abstract: In supersingular isogeny-based cryptography, the path-finding problem reduces to the endomorphism ring problem. Can path-finding be reduced to knowing just one endomorphism? It is known that a small endomorphism enables polynomial-time path-finding and endomorphism ring computation (Love-Boneh [36]). An endomorphism gives an explicit orientation of a supersingular elliptic curve. In this paper, we use the volcano structure of the oriented supersingular isogeny graph to take ascending/descending/horizontal steps on the graph and deduce path-finding algorithms to an initial curve. Each altitude of the volcano corresponds to a unique quadratic order, called the primitive order. We introduce a new hard problem of computing the primitive order given an arbitrary endomorphism on the curve, and we also provide a sub-exponential quantum algorithm for solving it. In concurrent work (Wesolowski [54]), it was shown that the endomorphism ring problem in the presence of one endomorphism with known primitive order reduces to a vectorization problem, implying path-finding algorithms. Our path-finding algorithms are more general in the sense that we don't assume the knowledge of the primitive order associated with the endomorphism.
Submission history
From: Katherine E. Stange [view email][v1] Wed, 26 Jan 2022 17:39:10 GMT (485kb,D)
[v2] Thu, 10 Mar 2022 18:39:00 GMT (239kb,D)
[v3] Wed, 19 Oct 2022 14:44:39 GMT (242kb,D)
Link back to: arXiv, form interface, contact.