An attack on SIDH with arbitrary starting curve

ePrint Report: An attack on SIDH with arbitrary starting curve

Luciano Maino, Chloe Martindale

We present an attack on SIDH which does not require any endomorphism information on the starting curve. Our attack is not polynomial-time, but significantly reduces the security of SIDH and SIKE; our analysis and preliminary implementation suggests that our algorithm will be feasible for the Microsoft challenge parameters $p = 2^{110}3^{67}-1$ on a regular computer. Our attack applies to any isogeny-based cryptosystem that publishes the images …

attack eprint report