The supersingular Endomorphism Ring problem is the following: given a supersingular elliptic curve, compute all of its endomorphisms. The presumed hardness of this problem is foundational for isogeny-based cryptography. The One Endomorphism problem only asks to find a single non-scalar endomorphism. We prove that these two problems are equivalent, under probabilistic polynomial time reductions. We prove a number of consequences. First, assuming the hardness of the endomorphism ring problem, the Charles--Goren--Lauter hash function is collision resistant, and the SQIsign identification protocol is sound. Second, the endomorphism ring problem is equivalent to the problem of computing arbitrary isogenies between supersingular elliptic curves, a result previously known only for isogenies of smooth degree. Third, there exists an unconditional probabilistic algorithm to solve the endomorphism ring problem in time O~(sqrt(p)), a result that previously required to assume the generalized Riemann hypothesis. To prove our main result, we introduce a flexible framework for the study of isogeny graphs with additional information. We prove a general and easy-to-use rapid mixing theorem.

翻译：超奇异自同态环问题如下：给定一条超奇异椭圆曲线，计算其所有自同态。该问题的假设难度是同源密码学的基础。单自同态问题仅要求寻找一个非标量自同态。我们证明，在概率多项式时间归约下，这两个问题是等价的。我们得出了若干推论。第一，假设自同态环问题的困难性，则Charles-Goren-Lauter哈希函数具有抗碰撞性，且SQIsign识别协议是可靠的。第二，自同态环问题等价于计算超奇异椭圆曲线之间任意同源的问题，该结果先前仅对光滑次数的同源成立。第三，存在一个无条件的概率算法，可在O~(√p)时间内求解自同态环问题，而先前这一结果需假设广义黎曼猜想。为证明主要结论，我们引入了一个灵活的框架，用于研究带有附加信息的同源图。我们证明了一个通用且易于使用的快速混合定理。