Algebraic approaches for solving isogeny problems of prime power degrees

Recently, supersingular isogeny cryptosystems have received attention as a candidate of post-quantum cryptography (PQC). Their security relies on the hardness of solving isogeny problems over supersingular elliptic curves. The meet-in-the-middle approach seems the most practical to solve isogeny problems with classical computers. In this paper, we propose two algebraic approaches for isogeny problems of prime power degrees. Our strategy is to reduce isogeny problems to a system of algebraic equations, and to solve it by Gröbner basis computation. The first one uses modular polynomials, and the second one uses kernel polynomials of isogenies. We report running times for solving isogeny problems of 3-power degrees on supersingular elliptic curves over 𝔽p2 with 503-bit prime p, extracted from the NIST PQC candidate SIKE. Our experiments show that our first approach is faster than the meet-in-the-middle approach for isogeny degrees up to 310.

Complexity bounds on Semaev’s naive index calculus method for ECDLP

Since Semaev introduced summation polynomials in 2004, a number of studies have been devoted to improving the index calculus method for solving the elliptic curve discrete logarithm problem (ECDLP) with better complexity than generic methods such as Pollard’s rho method and the baby-step and giant-step method (BSGS). In this paper, we provide a deep analysis of Gröbner basis computation for solving polynomial systems appearing in the point decomposition problem (PDP) in Semaev’s naive index calculus method. Our analysis relies on linear algebra under simple statistical assumptions on summation polynomials. We show that the ideal derived from PDP has a special structure and Gröbner basis computation for the ideal is regarded as an extension of the extended Euclidean algorithm. This enables us to obtain a lower bound on the cost of Gröbner basis computation. With the lower bound, we prove that the naive index calculus method cannot be more efficient than generic methods.

Constructions of Maximum Few-Distance Sets in Euclidean Spaces

A finite set of vectors $\mathcal{X}$ in the $d$-dimensional Euclidean space $\mathbb{R}^d$ is called an $s$-distance set if the set of mutual distances between distinct elements of $\mathcal{X}$ has cardinality exactly $s$. In this paper we present a combined approach of isomorph-free exhaustive generation of graphs and Gröbner basis computation to classify the largest $3$-distance sets in $\mathbb{R}^4$, the largest $4$-distance sets in $\mathbb{R}^3$, and the largest $6$-distance sets in $\mathbb{R}^2$. We also construct new examples of large $s$-distance sets in $\mathbb{R}^d$ for $d\leq 8$ and $s\leq 6$, and independently verify several earlier results from the literature.