Cryptanalysis of Isogeny-Based Quantum Money with Rational Points

TL;DR

This paper presents a cryptanalysis of a recent isogeny-based quantum money scheme, improving attack efficiency using rational points and division polynomials, while maintaining exponential complexity that prevents forgery.

Contribution

It introduces a novel cryptanalytic approach leveraging rational points and quadratic twists, enhancing verification efficiency without compromising security.

Findings

Speedup of O(log^4 p) over brute-force attack

Attack remains exponential, thus impractical for forgery

More efficient verification procedure achieved

Abstract

Quantum money is the cryptographic application of the quantum no-cloning theorem. It has recently been instantiated by Montgomery and Sharif (Asiacrypt '24) from class group actions on elliptic curves. In this work, we propose a concrete cryptanalysis by leveraging the efficiency of evaluating division polynomials with the coordinates of rational points, offering a speedup of O(log^4p) compared to the brute-force attack. Since our attack still requires exponential time, it remains impractical to forge a quantum banknote. Interestingly, due to the inherent properties of quantum money, our attack method also results in a more efficient verification procedure. Our algorithm leverages the properties of quadratic twists to utilize rational points in verifying the cardinality of the superposition of elliptic curves. We expect this approach to contribute to future research on elliptic-curve-based quantum cryptography.