IRIS

Generating a supersingular elliptic curve such that nobody knows its endomorphism ring is a notoriously hard task, despite several isogeny-based protocols relying on such an object. A trusted setup is often proposed as a workaround, but several aspects remain unclear. In this work, we develop the tools necessary to practically run such a distributed trusted-setup ceremony. Our key contribution is the first statistically zero-knowledge proof of isogeny knowledge that is compatible with any base field. To prove statistical ZK, we introduce isogeny graphs with Borel level structure and prove they have the Ramanujan property. Then, we analyze the security of a distributed trusted-setup protocol based on our ZK proof in the simplified universal composability framework. Lastly, we develop an optimized implementation of the ZK proof, and we propose a strategy to concretely deploy the trusted-setup protocol.

Basso, A., Codogni, G., Connolly, D., De Feo, L., Boris Fouotsa, T., Lido, G.m., et al. (2023). Supersingular curves you can trust. In Advances in Cryptology – EUROCRYPT 2023 (pp.405-437). Springer [10.1007/978-3-031-30617-4_14].

Supersingular curves you can trust

Giulio Codogni;Guido Maria Lido;
2023-10-01

Abstract

Generating a supersingular elliptic curve such that nobody knows its endomorphism ring is a notoriously hard task, despite several isogeny-based protocols relying on such an object. A trusted setup is often proposed as a workaround, but several aspects remain unclear. In this work, we develop the tools necessary to practically run such a distributed trusted-setup ceremony. Our key contribution is the first statistically zero-knowledge proof of isogeny knowledge that is compatible with any base field. To prove statistical ZK, we introduce isogeny graphs with Borel level structure and prove they have the Ramanujan property. Then, we analyze the security of a distributed trusted-setup protocol based on our ZK proof in the simplified universal composability framework. Lastly, we develop an optimized implementation of the ZK proof, and we propose a strategy to concretely deploy the trusted-setup protocol.
Annual International Conference on the Theory and Applications of Cryptographic Techniques
Lyon (France)
2023
42
Rilevanza internazionale
contributo
ott-2023
Settore MAT/03 - GEOMETRIA
English
Iosogeny based cryptography; zero-knowledge proof
https://eprint.iacr.org/2022/1469
https://eprint.iacr.org/2022/1469
Intervento a convegno
Basso, A., Codogni, G., Connolly, D., De Feo, L., Boris Fouotsa, T., Lido, G.m., et al. (2023). Supersingular curves you can trust. In Advances in Cryptology – EUROCRYPT 2023 (pp.405-437). Springer [10.1007/978-3-031-30617-4_14].
Basso, A; Codogni, G; Connolly, D; De Feo, L; Boris Fouotsa, T; Lido, Gm; Morrison, T; Panny, L; Patranabis, S; Wesolowski, B
02 - Intervento a convegno
File in questo prodotto:
File Dimensione Formato  
Supersingular curves you can trust Advances in Cryptology EUROCRYPT 2023.pdf

solo utenti autorizzati

Tipologia: Documento in Post-print
Licenza: Copyright dell'editore
Dimensione 563.11 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
563.11 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/308098
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? ND
social impact