{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T16:20:56Z","timestamp":1754151656864,"version":"3.41.2"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030816513"},{"type":"electronic","value":"9783030816520"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-81652-0_17","type":"book-chapter","created":{"date-parts":[[2021,7,20]],"date-time":"2021-07-20T06:26:19Z","timestamp":1626762379000},"page":"431-450","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Trapdoor DDH Groups from Pairings and Isogenies"],"prefix":"10.1007","author":[{"given":"P\u00e9ter","family":"Kutas","sequence":"first","affiliation":[]},{"given":"Christophe","family":"Petit","sequence":"additional","affiliation":[]},{"given":"Javier","family":"Silva","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,21]]},"reference":[{"key":"17_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-030-34578-5_9","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"W Beullens","year":"2019","unstructured":"Beullens, W., Kleinjung, T., Vercauteren, F.: CSI-FiSh: efficient isogeny based signatures through class group computations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 227\u2013247. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34578-5_9"},{"key":"17_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1007\/978-3-319-13039-2_25","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2014","author":"J-F Biasse","year":"2014","unstructured":"Biasse, J.-F., Jao, D., Sankar, A.: A quantum algorithm for computing isogenies between supersingular elliptic curves. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 428\u2013442. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13039-2_25"},{"key":"17_CR3","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511546570","volume-title":"Advances in Elliptic Curve Cryptography","author":"IF Blake","year":"2005","unstructured":"Blake, I.F., Seroussi, G., Smart, N.P.: Advances in Elliptic Curve Cryptography, vol. 317. Cambridge University Press, Cambridge (2005)"},{"key":"17_CR4","doi-asserted-by":"crossref","unstructured":"Burdges, J., De Feo, L.: Delay encryption (2020)","DOI":"10.1007\/978-3-030-77870-5_11"},{"key":"17_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/978-3-030-03332-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"W Castryck","year":"2018","unstructured":"Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395\u2013427. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03332-3_15"},{"key":"17_CR6","doi-asserted-by":"crossref","unstructured":"Childs, A., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Cryptol. 8(1), 1\u201329 (2014)","DOI":"10.1515\/jmc-2012-0016"},{"key":"17_CR7","doi-asserted-by":"crossref","unstructured":"Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233\u2013260 (1997)","DOI":"10.1007\/s001459900030"},{"key":"17_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"492","DOI":"10.1007\/978-3-540-24676-3_29","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"J-S Coron","year":"2004","unstructured":"Coron, J.-S.: Finding small roots of bivariate integer polynomial equations revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492\u2013505. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24676-3_29"},{"key":"17_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1007\/978-3-540-74143-5_21","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"J-S Coron","year":"2007","unstructured":"Coron, J.-S.: Finding small roots of bivariate integer polynomial equations: a direct approach. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 379\u2013394. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74143-5_21"},{"key":"17_CR10","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1007\/s00145-012-9121-x","volume":"26","author":"J-S Coron","year":"2013","unstructured":"Coron, J.-S., Kirichenko, A., Tibouchi, M.: A note on the bivariate Coppersmith theorem. J. Cryptol. 26, 246\u2013250 (2013)","journal-title":"J. Cryptol."},{"key":"17_CR11","unstructured":"De Feo, L.: Mathematics of isogeny-based cryptography. arXiv preprint arXiv:1711.04062 (2017)"},{"key":"17_CR12","unstructured":"De Feo, L.: Isogeny graphs in cryptography (2019)"},{"key":"17_CR13","doi-asserted-by":"crossref","unstructured":"De Feo, L., Galbraith, S.D.: SeaSign: compact isogeny signatures from class group actions. Technical report, IACR Cryptology ePrint Archive (2018)","DOI":"10.1007\/978-3-030-17659-4_26"},{"issue":"3","key":"17_CR14","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1515\/jmc-2012-0015","volume":"8","author":"L De Feo","year":"2014","unstructured":"De Feo, L., Jao, D., Pl\u00fbt, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209\u2013247 (2014)","journal-title":"J. Math. Cryptol."},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"De Feo, L., Masson, S., Petit, C., Sanso, A.: Verifiable delay functions from supersingular isogenies and pairings. Technical report, Cryptology ePrint Archive, Report 2019\/166 (2019)","DOI":"10.1007\/978-3-030-34578-5_10"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Delfs, C., Galbraith, S.D.: Computing isogenies between supersingular elliptic curves over $$\\mathbb{F}_p$$. Designs, Codes Crypt. 78(2), 425\u2013440 (2016)","DOI":"10.1007\/s10623-014-0010-1"},{"key":"17_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1007\/11792086_31","volume-title":"Algorithmic Number Theory","author":"AW Dent","year":"2006","unstructured":"Dent, A.W., Galbraith, S.D.: Hidden pairings and trapdoor DDH groups. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 436\u2013451. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11792086_31"},{"key":"17_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/978-3-319-78372-7_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"K Eisentr\u00e4ger","year":"2018","unstructured":"Eisentr\u00e4ger, K., Hallgren, S., Lauter, K., Morrison, T., Petit, C.: Supersingular isogeny graphs and endomorphism rings: reductions and solutions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 329\u2013368. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_11"},{"key":"17_CR19","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1112\/S1461157000000097","volume":"2","author":"SD Galbraith","year":"1999","unstructured":"Galbraith, S.D.: Constructing isogenies between elliptic curves over finite fields. LMS J. Comput. Math. 2, 118\u2013138 (1999)","journal-title":"LMS J. Comput. Math."},{"key":"17_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1007\/11586821_26","volume-title":"Cryptography and Coding","author":"SD Galbraith","year":"2005","unstructured":"Galbraith, S.D., McKee, J.F.: Pairings on elliptic curves over finite commutative rings. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 392\u2013409. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11586821_26"},{"key":"17_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-70694-8_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"SD Galbraith","year":"2017","unstructured":"Galbraith, S.D., Petit, C., Silva, J.: Identification protocols and signature schemes based on supersingular isogeny problems. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 3\u201333. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_1"},{"key":"17_CR22","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1112\/S1461157000001108","volume":"7","author":"SD Galbraith","year":"2004","unstructured":"Galbraith, S.D., Rotger, V.: Easy decision Diffie-Hellman groups. LMS J. Comput. Math. 7, 201\u2013218 (2004)","journal-title":"LMS J. Comput. Math."},{"key":"17_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-642-03356-8_18","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"T Icart","year":"2009","unstructured":"Icart, T.: How to hash into elliptic curves. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 303\u2013316. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_18"},{"key":"17_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/11818175_19","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"A Joux","year":"2006","unstructured":"Joux, A., Lercier, R., Smart, N., Vercauteren, F.: The number field sieve in the medium prime case. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 326\u2013344. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_19"},{"key":"17_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"543","DOI":"10.1007\/978-3-662-53018-4_20","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"T Kim","year":"2016","unstructured":"Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543\u2013571. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_20"},{"key":"17_CR26","unstructured":"Kohel, D.R.: Endomorphism rings of elliptic curves over finite fields. Ph.D. thesis, University of California, Berkeley (1996)"},{"key":"17_CR27","unstructured":"Koshiba, T., Takashima, K.: Pairing cryptography meets isogeny: a new framework of isogenous pairing groups. IACR Cryptology ePrint Archive 2016, 1138 (2016)"},{"key":"17_CR28","unstructured":"Lauter, K.E., Charles, D., Mityagin, A.: Trapdoor pairings, May 15 2012. US Patent 8,180,047 (2012)"},{"key":"17_CR29","doi-asserted-by":"crossref","unstructured":"Lenstra Jr., H.W.: Factoring integers with elliptic curves. Ann. Math. 649\u2013673 (1987)","DOI":"10.2307\/1971363"},{"issue":"5","key":"17_CR30","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/18.259647","volume":"39","author":"AJ Menezes","year":"1993","unstructured":"Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39(5), 1639\u20131646 (1993)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"17_CR31","doi-asserted-by":"crossref","unstructured":"Morales, D.J.M.: An attack on disguised elliptic curves. J. Math. Cryptol. 2(1), 1\u20138 (2008)","DOI":"10.1515\/JMC.2008.001"},{"key":"17_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/3-540-48910-X_16","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201999","author":"P Paillier","year":"1999","unstructured":"Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223\u2013238. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_16"},{"key":"17_CR33","unstructured":"Petit, C., Lauter, K.E.: Hard and easy problems for supersingular isogeny graphs. IACR Cryptology ePrint Archive 2017, 962 (2017)"},{"key":"17_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1007\/978-3-642-00862-7_7","volume-title":"Topics in Cryptology \u2013 CT-RSA 2009","author":"M Prabhakaran","year":"2009","unstructured":"Prabhakaran, M., Xue, R.: Statistically hiding sets. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 100\u2013116. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-00862-7_7"},{"key":"17_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1007\/978-3-642-36362-7_27","volume-title":"Public-Key Cryptography \u2013 PKC 2013","author":"Y Seurin","year":"2013","unstructured":"Seurin, Y.: New constructions and applications of trapdoor DDH groups. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 443\u2013460. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36362-7_27"},{"key":"17_CR36","series-title":"Graduate Texts in Mathematics","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-09494-6","volume-title":"The Arithmetic of Elliptic Curves","author":"JH Silverman","year":"2009","unstructured":"Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM, vol. 106. Springer, New York (2009). https:\/\/doi.org\/10.1007\/978-0-387-09494-6"},{"issue":"4","key":"17_CR37","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/s00145-004-0313-x","volume":"17","author":"ER Verheul","year":"2004","unstructured":"Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. J. Cryptol. 17(4), 277\u2013296 (2004)","journal-title":"J. Cryptol."}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-81652-0_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,19]],"date-time":"2025-07-19T22:02:38Z","timestamp":1752962558000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-81652-0_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030816513","9783030816520"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-81652-0_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"21 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Selected Areas in Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sacrypt2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sac2020.ca\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"iChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6-8","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}