A supersingular isogeny graph is determined by choosing a large
prime number and a small prime number , and considering the class of all
supersingular elliptic curves defined over the
finite field. There are approximately such curves, each two of which can be related by isogenies. The vertices in the supersingular isogeny graph represent these curves (or more concretely, their
j-invariants, elements of ) and the edges represent isogenies of degree between two curves.[1][2][3]
One proposal for a
cryptographic hash function involves starting from a fixed vertex of a supersingular isogeny graph, using the bits of the binary representation of an input value to determine a sequence of edges to follow in a walk in the graph, and using the identity of the vertex reached at the end of the walk as the hash value for the input. The security of the proposed hashing scheme rests on the assumption that it is difficult to find paths in this graph that connect arbitrary pairs of vertices.[1]
It has also been proposed to use walks in two supersingular isogeny graphs with the same vertex set but different edge sets (defined using different choices of the parameter) to develop a key exchange primitive analogous to
Diffie–Hellman key exchange, called
supersingular isogeny key exchange,[2] suggested as a form of
post-quantum cryptography.[6] However, a leading variant of supersingular isogeny key exchange was broken in 2022 using non-quantum methods.[7]
^Mestre, J.-F. (1986), "La méthode des graphes. Exemples et applications", Proceedings of the international conference on class numbers and fundamental units of algebraic number fields (Katata, 1986), Nagoya University, pp. 217–242,
MR0891898
^
abPizer, Arnold K. (1990), "Ramanujan graphs and Hecke operators", Bulletin of the American Mathematical Society, New Series, 23 (1): 127–137,
doi:10.1090/S0273-0979-1990-15918-X,
MR1027904
^Pizer, Arnold K. (1998), "Ramanujan graphs", Computational perspectives on number theory (Chicago, IL, 1995), AMS/IP Stud. Adv. Math., vol. 7, American Mathematical Society, pp. 159–178,
MR1486836