And by “breaking,” I mean solving it in polynomial time.

Now, before you start freaking out and running to your nearest crypto expert for advice on how to secure your data from this catastrophic vulnerability, let me clarify that SIDH is still a highly promising candidate for post-quantum cryptography, and its security has not been compromised in any significant way.

However, as with all things in life, there’s always room for improvement, and we can never be too careful when it comes to protecting our data from prying eyes. So Let’s get right into it with the details of how SIDH works and explore some potential weaknesses that could potentially lead to a polynomial-time attack.

SIDH is based on the concept of supersingular elliptic curves, which are essentially mathematical objects with certain properties that make them useful for cryptography. The basic idea behind SIDH is to use these curves to generate shared secrets between two parties in a secure and efficient manner.

Here’s how it works: Alice and Bob each choose their own secret value (which we’ll call “a” and “b,” respectively) and then compute the following values using some pre-agreed upon parameters:

Alice computes: 𝐺 = [1]^(a * P_A), where P_A is a point on the curve. Bob computes: 𝑃 = [1]^(b * Q_B), where Q_B is a point on the curve that’s related to Alice’s public key (which we’ll call “P_A”).

Now, here comes the tricky part. To compute their shared secret value, both Alice and Bob need to find an isogeny between two supersingular elliptic curves. An isogeny is essentially a map that takes one curve and transforms it into another curve with similar properties. The key idea behind SIDH is to use the fact that there’s only one unique isogeny between any given pair of supersingular elliptic curves, which makes it possible for Alice and Bob to compute their shared secret value without revealing any sensitive information about their private keys.

So how do we find this elusive isogeny? Well, as with all things in life, there’s a catch: finding an isogeny between two supersingular elliptic curves is notoriously difficult and requires solving some very complex mathematical problems. However, thanks to the wonders of modern cryptography, it turns out that we can use some clever tricks to make this process much easier (and faster) than you might think!

For example, instead of trying to find an isogeny directly between two supersingular elliptic curves, we can first compute a series of intermediate points on the curve using some pre-agreed upon parameters. These intermediate points are known as “twists,” and they allow us to simplify the problem of finding an isogeny by reducing it to a simpler mathematical problem that’s much easier to solve (at least in theory).

Now, here comes the part where things get really interesting: according to some recent research, there may be a way to break SIDH using a polynomial-time attack. The basic idea behind this attack is to use some clever tricks to exploit certain weaknesses in the twists that are used to simplify the problem of finding an isogeny.

Specifically, it turns out that if we choose our twists carefully (and with a bit of luck), we can create a situation where there’s only one unique twist that satisfies some specific criteria. This means that instead of having to search through a large number of possible twists to find the right one, we can simply compute this single “magic” twist and use it to break SIDH in polynomial time!

Of course, as with all things in life, there are some caveats to consider. For example, while this attack may be theoretically possible (at least in certain situations), it’s still not clear whether or not it can actually be implemented in practice. Moreover, even if we could implement this attack successfully, it would require a significant amount of computational resources and expertise, which makes it unlikely that anyone will be able to use it for practical purposes anytime soon (if ever).

While this may sound like a scary prospect at first glance, the reality is that SIDH remains one of the most promising candidates for post-quantum cryptography, and its security has not been compromised in any significant way. However, as with all things in life, there’s always room for improvement, and we can never be too careful when it comes to protecting our data from prying eyes!