Multiparty non-interactive key exchange and more from isogenies on elliptic curves (Q2191198)

This paper presents a proposal of a non-interactive multiparty key exchange protocol. For \(n\)\, participants the protocol uses \(n\)\, isogenies from an ordinary elliptic curve \(E\),\, defined over a finite field, to curves \(E_1, \dots, E_n\)\, and an isomorphic invariant of the abelian variety \(E_1\times \cdots \times E_n\). For \(n=2\)\, protocols based on isogenies were already knowns, see [\textit{J. M. Couveignes}, Cryptology ePrint Archive, Report 2006/291 (2006), \url{http://eprint.iacr org/2006/291}]. This construction can be also applied to others cryptographic protocols. The drawback is that, in the authors words ``we do not know any such computable isomorphism invariant, and we present this as an open problem'' (see Section 1). Section 2 describes a general framework for the notion of {\em cryptographic invariant map} (Definition 2.2), a particular case of which would be the idea above based on isogenies of elliptic curves. Section 3 shows how these invariants maps can be applied to solve some cryptographic protocols: \(n\)-way non-interactive key exchange but also unique signatures and verifiable random functions, constrained pseudorandom functions and broadcast encryption and witness encryption. Section 4 assumes the possibility of efficiently compute an isomorphism invariant for abelian varieties of the form \(E_1\times \cdots \times E_n\)\, and deduces a cryptographic invariant map. Finally Section 5 discusses some possible candidates to isomorphism invariant in the case \(E_1\times \cdots \times E_n\), concluding that all of them are not suitable.