• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.167-177
• /
• 2024

This paper proposes optimization techniques for SeaSign, an isogeny-based digital signature algorithm. SeaSign combines class group actions of CSIDH with the Fiat-Shamir with abort. While CSIDH-based algorithms have regained attention due to polynomial time attacks for SIDH-based algorithms, SeaSiogn has not undergone significat optimization because of its inefficiency. In this paper, an efficient signing method for SeaSign is proposed. The proposed signing method is simple yet powerful, achived by repositioning the rejection sampling within the algorithm. Additionally, this paper presnts parameters that can provide optimal performance for the proposed algorithm. As a result, by using the original parameters of SeaSign, the proposed method is three times faster than the original SeaSign. Additonally, combining the newly suggested parameters with the signing method proposed in this paper yields a performance that is 290 times faster than the original SeaSign and 7.47 times faster than the method proposed by Decru et al.

• Communications of the Korean Mathematical Society
• /
• v.10 no.3
• /
• pp.519-525
• /
• 1995

By using an exact sequence of extension groups corresponding to an isogeny of a Drinfeld module we investigate which extension classes are coming from Hom(G,C). In the last section of this paper an example was given where the connecting homomorphism can be explictly computed.

• Bulletin of the Korean Mathematical Society
• /
• v.37 no.4
• /
• pp.843-854
• /
• 2000

S. Turner has shown that a Neron symbol can be calculated from the values of K-meromorphic theta functions corresponding to divisors on K-holomorphic torus of strongly diagonal type. Using an isogeny to a K-holomorphic torus of strongly diagonal type, he constructed a Neron symbol on K-holomorphic torus of diagonal type. In this work, we provide a simple formula of the Neron symbol on the Tate curve. And then we construct the Neron symbol on K-holomorphic torus of diagonal or st rongly diagonal type without using isogenies.

• Korean Journal of Mathematics
• /
• v.30 no.3
• /
• pp.555-560
• /
• 2022

Suppose L/K be a finite abelian extension of number fields of odd degree and suppose an abelian variety A defined over L is a K-variety. If the endomorphism algebra of A/L is a field F, the followings are equivalent : (1) The enodomorphiam algebra of the restriction of scalars from L to K is simple. (2) There is no proper subfield of L containing L^G_F on which A has a K-variety descent.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.243-252
• /
• 2023

As an efficient key recovery attack on SIDH/SIKE was proposed, CSIDH is drawing attention again. CSIDH is an isogeny-based key exchange algorithm that is safe against known attacks to date, and provide efficient NIKE by modernizing CRS scheme. In this paper, we firstly present the optimized implementation of CSIDH-512 on ARM Cortex-M7. We use three-level hybrid Montgomery reduction and present the results of our implementation, limitations, and future research directions. This is a CSIDH implementation in 32-bit embedded devices that has not been previously presented, and it is expected that the results of this paper will be available to implement CSIDH and derived cryptographic algorithms in various embedded environments in the future.

• Journal of the Korean Mathematical Society
• /
• v.58 no.1
• /
• pp.123-132
• /
• 2021

Let K be a number field and L a finite abelian extension of K. Let E be an elliptic curve defined over K. The restriction of scalars ResKLE decomposes (up to isogeny) into abelian varieties over K $$Res^L_KE{\sim}{\bigoplus_{F{\in}S}}A_F,$$ where S is the set of cyclic extensions of K in L. It is known that if L is a quadratic extension, then AL is the quadratic twist of E. In this paper, we consider the case that K is a number field containing a primitive third root of unity, $L=K({\sqrt[3]{D}})$ is the cyclic cubic extension of K for some D ∈ K×/(K×)3, E = Ea : y2 = x3 + a is an elliptic curve with j-invariant 0 defined over K, and EaD : y2 = x3 + aD2 is the cubic twist of Ea. In this case, we prove AL is isogenous over K to $E_a^D{\times}E_a^{D^2}$ and a property of the Selmer rank of AL, which is a cubic analogue of a theorem of Mazur and Rubin on quadratic twists.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.591-599
• /
• 2023

Due to the recent attack by Castryck-Decru, the private key of SIDH can be recovered in polynomial time so several methods have been proposed to prevent the attack. Among them, M-SIDH proposed by Fouotsa et al, counteracts the attack by masking the torsion point information during the key exchange. In this paper, we implement M-SIDH and evaluate its performance. To the best of our knowledge, this is the first implementation of M-SIDH in C language. Toward that end, we propose a method to select parameters for M-SIDH instantiation and propose a 1024-bit prime for implementation. We implemented the square-root Velu formula over the extension field for further optimization. As a result, 1129 ms is required for a key exchange in the case of MSIDH-1024, providing the classic 64-bit security level.