{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T22:33:52Z","timestamp":1775774032872,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662538869","type":"print"},{"value":"9783662538876","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-53887-6_3","type":"book-chapter","created":{"date-parts":[[2016,11,8]],"date-time":"2016-11-08T12:11:21Z","timestamp":1478607081000},"page":"63-91","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":135,"title":["On the Security of Supersingular Isogeny Cryptosystems"],"prefix":"10.1007","author":[{"given":"Steven D.","family":"Galbraith","sequence":"first","affiliation":[]},{"given":"Christophe","family":"Petit","sequence":"additional","affiliation":[]},{"given":"Barak","family":"Shani","sequence":"additional","affiliation":[]},{"given":"Yan Bo","family":"Ti","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,11,9]]},"reference":[{"key":"3_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-662-45611-8_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"DF Aranha","year":"2014","unstructured":"Aranha, D.F., Fouque, P.-A., G\u00e9rard, B., Kammerer, J.-G., Tibouchi, M., Zapalowicz, J.-C.: GLV\/GLS decomposition, power analysis, and attacks on ECDSA signatures with single-bit nonce bias. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 262\u2013281. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-45611-8_14"},{"key":"3_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1007\/978-3-319-13039-2_25","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2014","author":"J-F Biasse","year":"2014","unstructured":"Biasse, J.-F., Jao, D., Sankar, A.: A quantum algorithm for computing isogenies between supersingular elliptic curves. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 428\u2013442. Springer, Heidelberg (2014). doi:10.1007\/978-3-319-13039-2_25"},{"key":"3_CR3","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781107360211","volume-title":"Elliptic Curves in Cryptography","author":"IF Blake","year":"1999","unstructured":"Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)"},{"key":"3_CR4","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511546570","volume-title":"Advances in Elliptic Curve Cryptography","author":"IF Blake","year":"2005","unstructured":"Blake, I.F., Seroussi, G., Smart, N.P.: Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2005)"},{"key":"3_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/3-540-68697-5_11","volume-title":"Advances in Cryptology \u2014 CRYPTO 1996","author":"D Boneh","year":"1996","unstructured":"Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in diffie-hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129\u2013142. Springer, Heidelberg (1996). doi:10.1007\/3-540-68697-5_11"},{"issue":"1","key":"3_CR6","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/s00145-007-9002-x","volume":"22","author":"DX Charles","year":"2009","unstructured":"Charles, D.X., Lauter, K.E., Goren, E.Z.: Cryptographic hash functions from expander graphs. J. Cryptol. 22(1), 93\u2013113 (2009)","journal-title":"J. Cryptol."},{"issue":"1","key":"3_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1515\/jmc-2012-0016","volume":"8","author":"AM Childs","year":"2014","unstructured":"Childs, A.M., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Cryptol. 8(1), 1\u201329 (2014)","journal-title":"J. Math. Cryptol."},{"issue":"1","key":"3_CR8","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/s10623-003-1160-8","volume":"36","author":"M Ciet","year":"2005","unstructured":"Ciet, M., Joye, M.: Elliptic curve cryptosystems in the presence of permanent and transient faults. Des. Codes Crypt. 36(1), 33\u201343 (2005)","journal-title":"Des. Codes Crypt."},{"key":"3_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"572","DOI":"10.1007\/978-3-662-53018-4_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"C Costello","year":"2016","unstructured":"Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572\u2013601. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53018-4_21"},{"key":"3_CR10","volume-title":"Primes of the Form $$x^2 + n y^2 $$","author":"DA Cox","year":"1989","unstructured":"Cox, D.A.: Primes of the Form $$x^2 + n y^2 $$. John Wiley & Sons Inc, New York (1989)"},{"key":"3_CR11","series-title":"Undergraduate Texts in Mathematics","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-35651-8","volume-title":"Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra","author":"DA Cox","year":"2007","unstructured":"Cox, D.A., Little, J., O\u2019Shea, D.: Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra. Undergraduate Texts in Mathematics, 3rd edn. Springer, Secaucus (2007)","edition":"3"},{"key":"3_CR12","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/BF02940746","volume":"14","author":"M Deuring","year":"1941","unstructured":"Deuring, M.: Die typen der multiplikatoren ringe elliptischer funktionenk\u00f6rper. Abh. Math. Sem. Hansischen Univ. 14, 197\u2013272 (1941)","journal-title":"Abh. Math. Sem. Hansischen Univ."},{"issue":"3","key":"3_CR13","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1515\/jmc-2012-0015","volume":"8","author":"L De Feo","year":"2014","unstructured":"De Feo, L., Jao, D., Pl\u00fbt, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209\u2013247 (2014)","journal-title":"J. Math. Cryptol."},{"key":"3_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology \u2014 CRYPTO 1999","author":"E Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537\u2013554. Springer, Heidelberg (1999). doi:10.1007\/3-540-48405-1_34"},{"key":"3_CR15","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1112\/S1461157000000097","volume":"2","author":"SD Galbraith","year":"1999","unstructured":"Galbraith, S.D.: Constructing isogenies between elliptic curves over finite fields. LMS J. Comput. Math. 2, 118\u2013138 (1999)","journal-title":"LMS J. Comput. Math."},{"issue":"3","key":"3_CR16","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1023\/A:1011214926272","volume":"23","author":"NA Howgrave-Graham","year":"2001","unstructured":"Howgrave-Graham, N.A., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Crypt. 23(3), 283\u2013290 (2001)","journal-title":"Des. Codes Crypt."},{"key":"3_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-642-25405-5_2","volume-title":"Post-Quantum Cryptography","author":"D Jao","year":"2011","unstructured":"Jao, D., Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19\u201334. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-25405-5_2"},{"key":"3_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/978-3-319-11659-4_10","volume-title":"Post-Quantum Cryptography","author":"D Jao","year":"2014","unstructured":"Jao, D., Soukharev, V.: Isogeny-based quantum-resistant undeniable signatures. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 160\u2013179. Springer, Heidelberg (2014). doi:10.1007\/978-3-319-11659-4_10"},{"key":"3_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/11935230_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"E Jochemsz","year":"2006","unstructured":"Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267\u2013282. Springer, Heidelberg (2006). doi:10.1007\/11935230_18"},{"key":"3_CR20","unstructured":"Kirkwood, D., Lackey, B.C., McVey, J., Motley, M., Solinas, J.A., Tuller, D.: Failure is not an option: standardization issues for post-quantum key agreement. In: Workshop on Cybersecurity in a Post-Quantum World (2015)"},{"key":"3_CR21","unstructured":"Kohel, D.: Endomorphism rings of elliptic curves over finite fields. Ph.D. thesis, University of California, Berkeley (1996)"},{"issue":"Special issue A","key":"3_CR22","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1112\/S1461157014000151","volume":"17","author":"D Kohel","year":"2014","unstructured":"Kohel, D., Lauter, K., Petit, C., Tignol, J.-P.: On the quaternion $$\\ell $$-isogeny path problem. LMS J. Comput. Math. 17(Special issue A), 418\u2013432 (2014)","journal-title":"LMS J. Comput. Math."},{"key":"3_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/BFb0052240","volume-title":"Advances in Cryptology \u2014 CRYPTO 1997","author":"CH Lim","year":"1997","unstructured":"Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249\u2013263. Springer, Heidelberg (1997). doi:10.1007\/BFb0052240"},{"issue":"1","key":"3_CR24","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/s13389-014-0072-z","volume":"4","author":"E De Mulder","year":"2014","unstructured":"De Mulder, E., Hutter, M., Marson, M.E., Pearson, P.: Using Bleichenbacher\u2019s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA: extended version. J. Crypt. Eng. 4(1), 33\u201345 (2014)","journal-title":"J. Crypt. Eng."},{"issue":"3","key":"3_CR25","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s00145-002-0021-3","volume":"15","author":"PQ Nguyen","year":"2002","unstructured":"Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the digital signature algorithm with partially known nonces. J. Crypt. 15(3), 151\u2013176 (2002)","journal-title":"J. Crypt."},{"issue":"2","key":"3_CR26","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1023\/A:1025436905711","volume":"30","author":"PQ Nguyen","year":"2003","unstructured":"Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Crypt. 30(2), 201\u2013217 (2003)","journal-title":"Des. Codes Crypt."},{"key":"3_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1007\/978-3-540-24847-7_26","volume-title":"Algorithmic Number Theory","author":"PQ Nguyen","year":"2004","unstructured":"Nguyen, P.Q., Stehl\u00e9, D.: Low-dimensional lattice basis reduction revisited. In: Buell, D. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 338\u2013357. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-24847-7_26"},{"key":"3_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-319-11659-4_12","volume-title":"Post-Quantum Cryptography","author":"C Peikert","year":"2014","unstructured":"Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197\u2013219. Springer, Heidelberg (2014). doi:10.1007\/978-3-319-11659-4_12"},{"key":"3_CR29","unstructured":"Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. Cryptology ePrint Archive, Report 2006\/145 (2006). http:\/\/eprint.iacr.org\/"},{"key":"3_CR30","series-title":"Graduate Texts in Mathematics","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-09494-6","volume-title":"The Arithmetic of Elliptic Curves","author":"JH Silverman","year":"2009","unstructured":"Silverman, J.H.: The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106, 2nd edn. Springer, New York (2009)","edition":"2"},{"issue":"2","key":"3_CR31","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/BF01404549","volume":"2","author":"J Tate","year":"1966","unstructured":"Tate, J.: Endomorphisms of abelian varieties over finite fields. Inventiones mathematicae 2(2), 134\u2013144 (1966)","journal-title":"Inventiones mathematicae"},{"key":"3_CR32","first-page":"238","volume":"273","author":"J V\u00e9lu","year":"1971","unstructured":"V\u00e9lu, J.: Isog\u00e9nies entre courbes elliptiques. C.R. Acad. Sci. Paris S\u00e9r. A. 273, 238\u2013241 (1971)","journal-title":"C.R. Acad. Sci. Paris S\u00e9r. A."},{"key":"3_CR33","series-title":"Lecture Notes in Mathematics","doi-asserted-by":"crossref","DOI":"10.1007\/BFb0091027","volume-title":"Arithm\u00e9tique des Alg\u00e8bres de Quaternions","author":"M-F Vign\u00e9ras","year":"1980","unstructured":"Vign\u00e9ras, M.-F.: Arithm\u00e9tique des Alg\u00e8bres de Quaternions. Lecture Notes in Mathematics, vol. 800. Springer, New York (1980)"},{"issue":"2","key":"3_CR34","first-page":"292","volume":"5","author":"S Xi","year":"2012","unstructured":"Xi, S., Tian, H., Wang, Y.: Toward quantum-resistant strong designated verifier signature from isogenies. Int. J. Grid Util. Comput. 5(2), 292\u2013296 (2012)","journal-title":"Int. J. Grid Util. Comput."}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2016"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-53887-6_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T17:06:14Z","timestamp":1710263174000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-662-53887-6_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662538869","9783662538876"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-53887-6_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"9 November 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Hanoi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vietnam","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 December 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.asiacrypt2016.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}