The cr.yp.to blog| blog.cr.yp.to
The cr.yp.to blog| blog.cr.yp.to
The cr.yp.to blog| blog.cr.yp.to
The cr.yp.to blog| blog.cr.yp.to
D. J. BernsteinIndex of formal scientific papers| cr.yp.to
Compilers can suddenly and silently introduce implementation vulnerabilities in yesterday's secure code. PQShield recently discovered an instance of this problem in the popular ML-KEM (Kyber) reference implementation, and it has been resolved with the help of Peter Schwabe and the Kyber team. Read More.| PQShield
We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH). The attack is based on Kani's "reducibility criterion" for isogenies from products of elliptic curves and strongly relies on the torsion point images that Alice and Bob exchange during the protocol. If we assume knowledge of the endomorphism ring of the starting curve then the classical running time is polynomial in the input size (heuristically), apart from the factorization of a small nu...| IACR Cryptology ePrint Archive
