Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Journal of Mathematical Cryptology

Managing Editor: Magliveras, Spyros S. / Steinwandt, Rainer / Trung, Tran

Editorial Board: Blackburn, Simon R. / Blundo, Carlo / Burmester, Mike / Cramer, Ronald / Dawson, Ed / Gilman, Robert / Gonzalez Vasco, Maria Isabel / Grosek, Otokar / Helleseth, Tor / Kim, Kwangjo / Koblitz, Neal / Kurosawa, Kaoru / Lauter, Kristin / Lange, Tanja / Menezes, Alfred / Nguyen, Phong Q. / Pieprzyk, Josef / Rötteler, Martin / Safavi-Naini, Rei / Shparlinski, Igor E. / Stinson, Doug / Takagi, Tsuyoshi / Williams, Hugh C. / Yung, Moti

4 Issues per year

CiteScore 2017: 1.43

SCImago Journal Rank (SJR) 2017: 0.293
Source Normalized Impact per Paper (SNIP) 2017: 1.117

Mathematical Citation Quotient (MCQ) 2017: 0.51

See all formats and pricing
More options …
Volume 8, Issue 1


Constructing elliptic curve isogenies in quantum subexponential time

Andrew Childs
  • Department of Combinatorics & Optimization and Institute for Quantum Computing, University of Waterloo, Waterloo, Ontario, N2L 3G1, Canada
  • Email
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
/ David Jao / Vladimir Soukharev
Published Online: 2013-10-23 | DOI: https://doi.org/10.1515/jmc-2012-0016


Given two ordinary elliptic curves over a finite field having the same cardinality and endomorphism ring, it is known that the curves admit a nonzero isogeny between them, but finding such an isogeny is believed to be computationally difficult. The fastest known classical algorithm takes exponential time, and prior to our work no faster quantum algorithm was known. Recently, public-key cryptosystems based on the presumed hardness of this problem have been proposed as candidates for post-quantum cryptography. In this paper, we give a new subexponential-time quantum algorithm for constructing nonzero isogenies between two such elliptic curves, assuming the Generalized Riemann Hypothesis (but with no other assumptions). Our algorithm is based on a reduction to a hidden shift problem, and represents the first nontrivial application of Kuperberg's quantum algorithm for finding hidden shifts. This result suggests that isogeny-based cryptosystems may be uncompetitive with more mainstream quantum-resistant cryptosystems such as lattice-based cryptosystems. As part of this work, we also present the first classical algorithm for evaluating isogenies having provably subexponential running time in the cardinality of the base field under GRH.

Keywords: Elliptic curves; isogenies; hidden shift problem; quantum algorithms

MSC: 81P94; 68Q12; 11Y40; 14H52

About the article

Received: 2012-06-29

Revised: 2013-06-07

Accepted: 2013-09-29

Published Online: 2013-10-23

Published in Print: 2014-02-01

Funding Source: MITACS

Funding Source: NSERC

Funding Source: Ontario Ministry of Research and Innovation

Funding Source: QuantumWorks

Funding Source: US ARO/DTO

Citation Information: Journal of Mathematical Cryptology, Volume 8, Issue 1, Pages 1–29, ISSN (Online) 1862-2984, ISSN (Print) 1862-2976, DOI: https://doi.org/10.1515/jmc-2012-0016.

Export Citation

© 2014 by Walter de Gruyter Berlin/Boston.Get Permission

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

Steven D. Galbraith and Frederik Vercauteren
Quantum Information Processing, 2018, Volume 17, Number 10
Suhri Kim, Kisoon Yoon, Jihoon Kwon, Seokhie Hong, and Young-Ho Park
Security and Communication Networks, 2018, Volume 2018, Page 1
E. B. Aleksandrova, A. A. Shtyrkina, and A. V. Yarmak
Automatic Control and Computer Sciences, 2017, Volume 51, Number 8, Page 928
Kristin Lauter
IEEE Security & Privacy, 2017, Volume 15, Number 4, Page 22
Hikari Tachibana, Katsuyuki Takashima, and Tsuyoshi Takagi
JSIAM Letters, 2015, Volume 9, Number 0, Page 29
E. B. Aleksandrova, D. P. Zegzhda, and A. S. Konoplev
Automatic Control and Computer Sciences, 2016, Volume 50, Number 8, Page 739
Jean-François Biasse, Claus Fieker, and Michael J. Jacobson
LMS Journal of Computation and Mathematics, 2016, Volume 19, Number A, Page 371
Anne Broadbent and Christian Schaffner
Designs, Codes and Cryptography, 2016, Volume 78, Number 1, Page 351

Comments (0)

Please log in or register to comment.
Log in