In this talk we present a cryptanalysis of the SIDH-based oblivious pseudorandom function from supersingular isogenies proposed at Asiacrypt'20 by Boneh, Kogan and Woo. We present an attack on one assumption, the auxiliary one-more assumption, that was introduced by Boneh et al. which leads to an attack on the oblivious PRF itself. The attack allows adversaries to evaluate the OPRF without further interactions with the server after some initial OPRF evaluations and some offline computations. This breaks the pseudorandomness of the OPRF. We first propose a polynomial-time attack. Then, we argue it is easy to change the OPRF protocol to include some countermeasures, and present a second subexponential attack that succeeds in the presence of said countermeasures. Both attacks break the security parameters suggested by Boneh et al. Finally, we examine the generation of one of the OPRF parameters and argue that a trusted third party is needed to guarantee provable security.
Simon is a PhD student at Royal Holloway, University of London, in the Information Security Group. His research interests span various aspects of post-quantum cryptography, with a special focus on cryptanalysis and isogeny-based cryptography. More generally, Simon is interested in various applications of pure mathematics to cryptography.