Two Remarks on Torsion-Point Attacks in Isogeny-Based Cryptography


post-quantum cryptography
elliptic curve cryptography
isogeny-based cryptography

How to Cite

Sica, F. (2024). Two Remarks on Torsion-Point Attacks in Isogeny-Based Cryptography. Mathematical Cryptology, 4(1), 1–10. Retrieved from


We fix an omission in [8] on torsion point attacks of isogeny-based cryptosystems akin to SIDH, also reprised in [9, 4]. In these works, their authors represent certain integers using a norm equation to derive a secret isogeny. However, this derivation uses as a crucial ingredient [8, Section 4.3, Lemma~6], which we show to be incorrect. We then state sufficient conditions allowing to prove a modified version this lemma.

A further idea of parametrizing solutions of the norm equation will show that these conditions can be fulfilled under the same heuristics of these previous works. Our contribution is a theoretical one. It doesn't invalidate the attack, which works as well in practice, but gives a correct mathematical justification for it.

We also simplify the argument of [9, Theorem~3] to show that the requirement that m be small is unnecessary.

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Copyright (c) 2024 Francesco Sica