Drinfeld Modules are not for Isogeny Based Cryptography

          @misc{ scivideos_15469,
            doi = {},
            url = {https://simons.berkeley.edu/talks/tbd-143},
            author = {},
            keywords = {},
            language = {en},
            title = {Drinfeld Modules are not for Isogeny Based Cryptography},
            publisher = {The Simons Institute for the Theory of Computing},
            year = {2020},
            month = {feb},
            note = {15469 see, \url{https://scivideos.org/Simons-Institute/15469}}
          }
          

Abstract

Elliptic curves play a prominent role in cryptography. For instance, the hardness of the elliptic curve discrete logarithm problem is a foundational assumption in public key cryptography. Drinfeld modules are positive characteristic function field analogues of elliptic curves. It is natural to ponder the existence/security of Drinfeld module analogues of elliptic curve cryptosystems. But the Drinfeld module discrete logarithm problem is easy even on a classical computer. Beyond discrete logarithms, elliptic curve isogeny based cryptosystems have have emerged as candidates for post-quantum cryptography, including supersingular isogeny Diffie-Hellman (SIDH) and commutative supersingular isogeny Diffie-Hellman (CSIDH) protocols. We formulate Drinfeld module analogues of these elliptic curve isogeny based cryptosystems and devise classical polynomial time algorithms to break these Drinfeld analogues catastrophically.