In this talk we will give a brief introduction on oblivious pseudorandom functions (OPRFs) and their applications. Then, we present a cryptanalysis of the SIDH-based oblivious pseudorandom function from supersingular isogenies proposed at Asiacrypt'20 by Boneh, Kogan and Woo. We demonstrate an attack on one assumption, the auxiliary one-more assumption, underlying the security of the scheme. This leads to an attack on the oblivious PRF itself. The attack allows adversaries to evaluate the OPRF without further interactions with the server after some initial OPRF evaluations and some offline computations. This breaks the pseudorandomness of the OPRF. We first propose a polynomial-time attack. Then, we argue it is easy to change the OPRF protocol to include some countermeasures, and present a second subexponential attack that succeeds in the presence of said countermeasures. Both attacks break the security parameters suggested by Boneh et al. Finally, we examine the generation of one of the OPRF parameters and argue that a trusted third party is needed to guarantee provable security.
Joint work with Andrea Basso, Péter Kutas, Christophe Petit and Antonio Sanso.
Simon is a PhD student at Royal Holloway, University of London, in the Information Security Group. His research interests span various aspects of post-quantum cryptography, with a special focus on cryptanalysis and isogeny-based cryptography. More generally, Simon is interested in various applications of pure mathematics to cryptography.