Abstract
AbstractWe describe a framework for constructing an efficient non-interactive key exchange (NIKE) protocol fornparties for anyn≥ 2. Our approach is based on the problem of computing isogenies between isogenous elliptic curves, which is believed to be difficult. We do not obtain a working protocol because of a missing step that is currently an open mathematical problem. What we need to complete our protocol is an efficient algorithm that takes as input an abelian variety presented as a product of isogenous elliptic curves, and outputs an isomorphism invariant of the abelian variety.Our framework builds acryptographic invariant map, which is a new primitive closely related to a cryptographic multilinear map, but whose range does not necessarily have a group structure. Nevertheless, we show that a cryptographic invariant map can be used to build several cryptographic primitives, including NIKE, that were previously constructed from multilinear maps and indistinguishability obfuscation.
Highlights
Let Fq be a finite field, let E be an ordinary elliptic curve over Fq, and let X be the set of isomorphism classes of of e√llqipetliecmcuernvtess).oMveorreFoqvtehra, tuanrdeeFrqs-uisiotagbelneocuosntdoitEio
We describe a framework for constructing an efficient non-interactive key exchange (NIKE) protocol for n parties for any n ≥ 2
What we need to complete our protocol is an efficient algorithm that takes as input an abelian variety presented as a product of isogenous elliptic curves, and outputs an isomorphism invariant of the abelian variety
Summary
Let Fq be a finite field, let E be an ordinary elliptic curve over Fq, and let X be the set of isomorphism classes of of e√llqipetliecmcuernvtess).oMveorreFoqvtehra, tuanrdeeFrqs-uisiotagbelneocuosntdoitEio. Given a random curve E′ ∈ X it is difficult to find an element g ∈ G such that E′ = g * E This suggests a Diffie–Hellman two-party key exchange protocol, proposed by Couveignes [14] and Rostovtsev and Stolbunov [38]: Alice chooses a random a ∈ G and publishes Ea := a * E; Bob chooses a random b ∈ G and publishes Eb := b * E. This suggests an n-party non-interactive key exchange protocol, as well as many other cryptographic constructions This property leads to a more general cryptographic primitive that we call a cryptographic invariant map, defined .
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
