The supersingular Endomorphism Ring problem is the following: given a supersingular elliptic curve, compute all of its endomorphisms. The presumed hardness of this problem is foundational for isogeny-based cryptography. The One Endomorphism problem only asks to find a single non-scalar endomorphism. We prove that these two problems are equivalent, under probabilistic polynomial time reductions. We prove a number of consequences. First, assuming the hardness of the endomorphism ring problem, the Charles--Goren--Lauter hash function is collision resistant, and the SQIsign identification protocol is sound. Second, the endomorphism ring problem is equivalent to the problem of computing arbitrary isogenies between supersingular elliptic curves, a result previously known only for isogenies of smooth degree. Third, there exists an unconditional probabilistic algorithm to solve the endomorphism ring problem in time O~(sqrt(p)), a result that previously required to assume the generalized Riemann hypothesis. To prove our main result, we introduce a flexible framework for the study of isogeny graphs with additional information. We prove a general and easy-to-use rapid mixing theorem. The proof of this result goes via an augmented Deuring correspondence and the Jacquet-Langlands correspondence.

翻译：超奇异自同态环问题如下：给定一条超奇异椭圆曲线，计算其所有自同态。该问题公认的困难性是同源密码学的基础。单自同态问题仅要求寻找一个非标量自同态。我们证明，在概率多项式时间归约下，这两个问题等价。我们得出若干推论：第一，假设自同态环问题的困难性，Charles-Goren-Lauter哈希函数具有抗碰撞性，SQIsign识别协议是可靠的；第二，自同态环问题等价于计算超奇异椭圆曲线间任意同源的问题，此前该结果仅对光滑次数的同源成立；第三，存在一个无条件的概率算法在O~(√p)时间内求解自同态环问题，而此前该结果需假设广义黎曼猜想。为证明主要结论，我们引入一个灵活框架以研究带附加信息的同源图，并证明了一个通用且易用的快速混合定理。该结果的证明通过增广Deuring对应与Jacquet-Langlands对应完成。