Sabrina Kunzweiler's research while affiliated with Ruhr-Universität Bochum and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (14)
The parametrization of (3, 3)-isogenies by Bruin, Flynn and Testa requires over 37.500 multiplications if one wants to evaluate a single isogeny in a point. We simplify their formulae and reduce the amount of required multiplications by \(94\%\). Further we deduce explicit formulae for evaluating (3, 3)-splitting and gluing maps in the framework of...
Despite recent breakthrough results in attacking SIDH, the CSIDH protocol remains a secure post-quantum key exchange protocol with appealing properties. However, for obtaining efficient CSIDH instantiations one has to resort to small secret keys. In this work, we provide novel methods to analyze small key CSIDH, thereby introducing the representati...
We define the Generic Group Action Model (GGAM), an adaptation of the Generic Group Model to the setting of group actions (such as CSIDH). Compared to a previously proposed definition by Montgomery and Zhandry (ASIACRYPT ’22), our GGAM more accurately abstracts the security properties of group actions.We are able to prove information-theoretic lowe...
In the context of quantum-resistant cryptography, cryptographic group actions offer an abstraction of isogeny-based cryptography in the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) setting. In this work, we revisit the security of two previously proposed natural protocols: the Group Action Hashed ElGamal key encapsulation mechanism (GA-...
We present two provably secure password-authenticated key exchange (PAKE) protocols based on a commutative group action. To date the most important instantiation of isogeny-based group actions is given by CSIDH. To model the properties more accurately, we extend the framework of cryptographic group actions (Alamati et al., ASIACRYPT 2020) by the ab...
A new approach has been recently developed to study the arithmetic of hyperelliptic curves (Formula presented.) over local fields of odd residue characteristic via combinatorial data associated to the roots of (Formula presented.). Since its introduction, numerous papers have used this machinery of ‘cluster pictures’ to compute a plethora of arithm...
An important open problem in supersingular isogeny-based cryptography is to produce, without a trusted authority, concrete examples of "hard supersingular curves," that is, concrete supersingular curves for which computing the endomorphism ring is as difficult as it is for random supersingular curves. Or, even better, to produce a hash function to...
We present a polynomial-time adaptive attack on the genus-2 variant of SIDH (G2SIDH) and describe an improvement to its secret selection procedure. G2SIDH is a generalisation of the Supersingular Isogeny Diffie–Hellman key exchange into the genus-2 setting and achieves the same security as SIDH while using fields a third of the size.We analyze the...
We study a 3-dimensional stratum \(\mathcal {M}_{3,V}\) of the moduli space \(\mathcal {M}_3\) of curves of genus 3 parameterizing curves Y that admit a certain action of V = C
2 × C
2. We determine the possible types of the stable reduction of these curves to characteristic different from 2. We define invariants for \(\mathcal {M}_{3,V}\) and char...
A new approach has been recently developed to study the arithmetic of hyperelliptic curves $y^2=f(x)$ over local fields of odd residue characteristic via combinatorial data associated to the roots of $f$. Since its introduction, numerous papers have used this machinery of "cluster pictures" to compute a plethora of arithmetic invariants associated...
Let C be a hyperelliptic curve over a local field K with odd residue characteristic, defined by some affine Weierstraß equation \(y^2=f(x)\). We assume that C has semistable reduction and denote by \({\mathcal {X}}\rightarrow \text {Spec}\, {\mathcal {O}}_K\) its minimal regular model with relative dualising sheaf \(\omega _{{\mathcal {X}}/ {\mathc...
Given a superelliptic curve $Y_K : y^n = f(x)$ over a local field $K$, we describe the theoretical background and an implementation of a new algorithm for computing the $\mathcal{O}_K$-lattice of integral differential forms on $Y_K$. We build on the results of Obus and the second author, which describe arbitrary regular models of the projective lin...
We study a 3-dimensional stratum $\mathcal{M}_{3,V}$ of the moduli space $\mathcal{M}_3$ of curves of genus $3$ parameterizing curves $Y$ that admit a certain action of $V\simeq C_2\times C_2$. We determine the possible types of the stable reduction of these curves to characteristic different from $2$. We define invariants for $\mathcal{M}_{3,V}$ a...
Let $C$ be a hyperelliptic curve over a local field $K$ with odd residue characteristic, defined by some affine Weierstrass equation $y^2=f(x)$. We assume that $C$ has semistable reduction and denote by $\mathcal{X} \rightarrow \textrm{Spec}\, \mathcal{O}_K$ its minimal regular model with relative dualizing sheaf $\omega_{\mathcal{X}/ \mathcal{O}_K...
Citations
... Our results also have applications in cryptanalysis: the best classical and quantum attacks on commutative isogeny-based schemes involve computing massive numbers of group actions, each comprised of a large number of ℓ-isogenies (see e.g. [3] and [8]). Any algorithm that reduces the number of basic operations per ℓ-isogeny will improve the effectiveness of these attacks. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/792587711565829-1565979044596_Q64/Jesus-Javier-Chi-Dominguez.jpg)
... At a late stage of the preparation of this manuscript the authors were made aware of work in [13] discussing the security of group action-induced computational problems, particularly in a quantum sense. The arguments therein should be addressed when discussing the difficulty of SDLP in subsequent work. ...
... To keep track of the arithmetic invariants needed to compute λ f ,K as in lemma 2.6, we use the machinery of 'clusters' [17,18]. Clusters allow us to extract arithmetic invariants of hyperelliptic curves over p-adic fields with p odd from simple combinatorial data (see example 4.4 below for a worked out example). ...
... Other known attacks In Kunzweiler et al. (2021), an adaptive attack has been proposed, where the gist is the symplectic basis related to Weil pairings. In general, finding the symplectic basis is equivalent to solving DLP for Weil pairings, which is practical for smooth order ℓ n 0 . ...
... As a particular case, the generalized Howe curve C with g 1 = g 2 = 1 and r = 1 is a non-hyperelliptic curve of genus g(C) = 4, and it is called simply a Howe curve, which was originally defined in [12] (see also [25] and [26]). On the other hand, in the case where g(C) = 3 with g 1 = g 2 = 1 and r = 2, all the quotient curves C 1 , C 2 and C 3 are of genus one, and this case was studied in [3], [33], [34] and [37]. In particular, Oort [37] used this construction to prove the existence of superspecial curves of genus 3, which we will introduce in Section 5 bellow. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/333056100585472-1456418170633_Q64/Pinar-Kilicer.jpg)
... We use cluster pictures, a relatively new innovation which have already proved advantageous in studying the arithmetic of hyperelliptic curves. In particular, cluster pictures have been used to calculate semistable models, conductors, minimal discriminants and Galois representations in [DDMM18], Tamagawa numbers in [Bet18], root numbers in [Bis19], and differentials in [Kun19]. More recent papers which make use of cluster pictures are [Mus20], where the author constructs the minimal regular model with normal crossings of hyperelliptic curves and determines a basis of integral differentials, and [BBB + 20], where many of the numerous papers using cluster pictures are summarised and complemented by examples. ...
