Drama in NIST’s post-quantum cryptographic standard!

[Freak]

Since my last post about NISTs first 4 algorithms in the post-quantum cryptographic standard, there have been some big developments. One of the 4th round submissions may now be out of the running, as a new paper has been published demonstrating an attack on its underlying algorithm allowing it to be cracked in ONE HOUR on a single core processor.

The cryptographic algorithm in question is SIKE, or Supersingular Isogeny Key Encapsulation which is an implementation of the post-quantum cryptographic algorithm Supersingular isogeny Diffie–Hellman key exchange (SIDH). The algorithm starts with creating a special graph called a supersingular isogeny graph where each node represents a special case of an elliptic curve called a supersingular elliptic curve, and the vertices represent a special structure preserving transformation called an isogeny from one curve to another. The algorithm then involves taking a random walk between the nodes.

The attack on the algorithm exploits two properties of the starting curve in the random walk; a torsion point shared by the users of the algorithm when performing the handshake, and a non-scalar endomorphism that exists on the curve.

It may still be possible to mitigate this attack by changing the properties of the starting curve, but we'll have to see what happens! The paper also makes note that there is a larger article being written, so they may also have more to say about all of this.