Isogeny-based cryptography

基于同源的密码学

• 批准号: RGPIN-2022-03357
• 负责人: Jao, David
• 金额: $ 3.5万
• 依托单位: University of Waterloo
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=749568
• 关键词: Isogeny; based; cryptography

Elliptic curve cryptography is one of the most efficient, secure, and well-studied technologies available today for achieving public-key encryption and authentication, and enjoys widespread use in internet and software applications. Although these systems are generally believed to be secure today, we have known since 1994 that a universal quantum computer would be able to break most of these systems. However, one type of elliptic curve cryptography, called isogeny-based cryptography, may possibly be more resistant against attacks from quantum computers, because the underlying mathematical problems are more difficult to solve on a quantum computer. In 2011, I invented Supersingular Isogeny Diffie-Hellman (SIDH), the first practical public-key cryptosystem using isogenies. Since then, the field of isogeny-based cryptography has blossomed into one of the major branches of post-quantum cryptography (the study of cryptosystems resistant to quantum computer attacks). In 2017, the US government's National Institute of Standards and Technology (NIST) launched a public standardization process for post-quantum cryptosystems, and I along with a team of researchers submitted Supersingular Isogeny Key Encapsulation (SIKE) as a candidate for standardization. Currently SIKE has advanced to round 3 as an alternate candidate, and as quoted in the evaluation report: "NIST sees SIKE as a strong candidate for future standardization with continued improvements." The main drawback of SIKE and other isogeny-based cryptosystems is that the speed of isogeny computations is slower than alternative schemes, although it remains quite practical for many applications. In this proposal, we plan to pursue the development of faster isogeny cryptography implementations, more efficient methods of further reducing the size of public keys in isogeny cryptosystems, new models and techniques for analyzing the security of implementations of isogeny-based cryptosystems, and new isogeny-based cryptographic protocols supporting advanced functionality such as blockchains. These results will help to establish Canada at the forefront of the development of security and privacy technologies in the post-quantum era. Expected outcomes and impact of this work include the public standardization and widespread acceptance of isogeny-based cryptography, clear leadership of isogeny-based cryptography in size and space-constrained applications requiring small public keys, and modern-day functionality such as secure messaging and blockchain that remains secure against attacks from quantum computers. Students who work on this project will receive training in cryptography, computer security, software and hardware implementation, and mathematics, gaining valuable skills which will allow them to participate fully in the technology sector and in academic and industrial research.

椭圆曲线密码体制是当今可用于实现公钥加密和身份验证的最有效、最安全和最受研究的技术之一，在互联网和软件应用中得到了广泛的应用。尽管人们普遍认为这些系统在今天是安全的，但自1994年以来，我们就已经知道，一台通用的量子计算机将能够破解大多数这些系统。然而，有一种类型的椭圆曲线密码术，称为基于同源的密码术，可能更能抵抗来自量子计算机的攻击，因为基本的数学问题在量子计算机上更难解决。2011年，我发明了超奇异同源Diffie-Hellman(SIDH)，这是第一个实用的使用同源的公钥密码系统。从那时起，基于同源的密码学领域已经发展成为后量子密码学(研究抵抗量子计算机攻击的密码系统)的主要分支之一。2017年，美国政府国家标准与技术研究所(NIST)启动了后量子密码系统的公开标准化进程，我和一个研究团队提交了超奇异同源密钥封装(SIKE)作为标准化候选方案。目前，SIKE已经作为备选方案晋级第三轮，正如评估报告中所引用的那样：“NIST认为SIKE是未来标准化的有力候选者，并将继续改进。”SIKE和其他基于同源的密码体制的主要缺点是同源计算的速度比其他方案慢，尽管它对于许多应用来说仍然是相当实用的。在这项提案中，我们计划开发更快的同源密码实现，进一步减少同源密码系统中公钥大小的更有效的方法，用于分析基于同源密码系统实现的安全性的新模型和技术，以及支持区块链等高级功能的新的基于同源密码协议。这些成果将有助于将加拿大确立在后量子时代安全和隐私技术发展的前沿。这项工作的预期结果和影响包括基于同源的密码术的公共标准化和广泛接受，基于同源的密码术在需要小公钥的大小和空间受限的应用程序中的明显领先地位，以及安全消息传递和区块链等现代功能，这些功能保持安全，不受量子计算机的攻击。参与这个项目的学生将接受密码学、计算机安全、软件和硬件实现以及数学方面的培训，获得宝贵的技能，使他们能够充分参与技术部门以及学术和工业研究。