M-SIDH and MD-SIDH: countering SIDH attacks by masking information
The SIDH protocol is an isogeny-based key exchange protocol using supersingular
isogenies, designed by Jao and De Feo in 2011. The protocol underlies the SIKE algorithm …
isogenies, designed by Jao and De Feo in 2011. The protocol underlies the SIKE algorithm …
FESTA: fast encryption from supersingular torsion attacks
We introduce FESTA, an efficient isogeny-based public-key encryption (PKE) protocol based
on a constructive application of the SIDH attacks. At its core, FESTA is based on a novel …
on a constructive application of the SIDH attacks. At its core, FESTA is based on a novel …
SQISignHD: new dimensions in cryptography
We introduce SQIsignHD, a new post-quantum digital signature scheme inspired by
SQIsign. SQIsignHD exploits the recent algorithmic breakthrough underlying the attack on …
SQIsign. SQIsignHD exploits the recent algorithmic breakthrough underlying the attack on …
A polynomial time attack on instances of M-SIDH and FESTA
W Castryck, F Vercauteren - International Conference on the Theory and …, 2023 - Springer
The recent devastating attacks on SIDH rely on the fact that the protocol reveals the images
φ (P) and φ (Q) of the secret isogeny φ: E 0→ E on a basis {P, Q} of the N-torsion subgroup E …
φ (P) and φ (Q) of the secret isogeny φ: E 0→ E on a basis {P, Q} of the N-torsion subgroup E …
Towards a quantum-resistant weak verifiable delay function
In this paper, we present a new quantum-resistant weak Verifiable Delay Function based on
a purely algebraic construction. Its delay depends on computing a large-degree isogeny …
a purely algebraic construction. Its delay depends on computing a large-degree isogeny …
Failing to hash into supersingular isogeny graphs
J Booher, R Bowden, J Doliskani… - The Computer …, 2024 - academic.oup.com
An important open problem in supersingular isogeny-based cryptography is to produce,
without a trusted authority, concrete examples of 'hard supersingular curves' that is …
without a trusted authority, concrete examples of 'hard supersingular curves' that is …
The supersingular endomorphism ring and one endomorphism problems are equivalent
A Page, B Wesolowski - Annual International Conference on the Theory …, 2024 - Springer
Abstract The supersingular Endomorphism Ring problem is the following: given a
supersingular elliptic curve, compute all of its endomorphisms. The presumed hardness of …
supersingular elliptic curve, compute all of its endomorphisms. The presumed hardness of …
IS-CUBE: An isogeny-based compact KEM using a boxed SIDH diagram
T Moriya - Cryptology ePrint Archive, 2023 - eprint.iacr.org
Isogeny-based cryptography is one of the candidates for post-quantum cryptography. One of
the benefits of using isogeny-based cryptography is its compactness. In particular, a key …
the benefits of using isogeny-based cryptography is its compactness. In particular, a key …
OPRFs from isogenies: designs and analysis
L Heimberger, T Hennerbichler, F Meisingseth… - Proceedings of the 19th …, 2024 - dl.acm.org
Oblivious Pseudorandom Functions (OPRFs) are an elementary building block in
cryptographic and privacy-preserving applications. While there are numerous pre-quantum …
cryptographic and privacy-preserving applications. While there are numerous pre-quantum …
Isogeny problems with level structure
Given two elliptic curves and the degree of an isogeny between them, finding the isogeny is
believed to be a difficult problem—upon which rests the security of nearly any isogeny …
believed to be a difficult problem—upon which rests the security of nearly any isogeny …