SQIsign2D–West: The Fast, the Small, and the Safer
Abstract We introduce SQIsign2D–West, a variant of SQIsign using two-dimensional isogeny
representations. SQIsignHD introduced four-and eight-dimensional isogeny representations …
representations. SQIsignHD introduced four-and eight-dimensional isogeny representations …
SCALLOP-HD: group action from 2-dimensional isogenies
We present SCALLOP-HD, a novel group action that builds upon the recent SCALLOP
group action introduced by De Feo, Fouotsa, Kutas, Leroux, Merz, Panny and Wesolowski in …
group action introduced by De Feo, Fouotsa, Kutas, Leroux, Merz, Panny and Wesolowski in …
Hidden stabilizers, the isogeny to endomorphism ring problem and the cryptanalysis of pSIDH
Abstract The Isogeny to Endomorphism Ring Problem (IsERP) asks to compute the
endomorphism ring of the codomain of an isogeny between supersingular curves in …
endomorphism ring of the codomain of an isogeny between supersingular curves in …
Deuring for the People: Supersingular Elliptic Curves with Prescribed Endomorphism Ring in General Characteristic.
Constructing a supersingular elliptic curve whose endomorphism ring is isomorphic to a
given quaternion maximal order (one direction of the Deuring correspondence) is known to …
given quaternion maximal order (one direction of the Deuring correspondence) is known to …
Verifiable random function from the Deuring correspondence and higher dimensional isogenies
A Leroux - 2023 - hal.science
In this paper, we introduce the family DeuringVRF y, z of Verifiable Random Function (VRF)
protocols. Based on isogenies between supersingular curves, the random function at the …
protocols. Based on isogenies between supersingular curves, the random function at the …
Breaking and repairing SQIsign2D-East
We present a key recovery attack on SQIsign2D-East that reduces its security level from
$\lambda $ to $\lambda/2$. We exploit the fact that each signature leaks a Legendre symbol …
$\lambda $ to $\lambda/2$. We exploit the fact that each signature leaks a Legendre symbol …
Computation of Hilbert class polynomials and modular polynomials from supersingular elliptic curves
A Leroux - arXiv preprint arXiv:2301.08531, 2023 - arxiv.org
We present several new heuristic algorithms to compute class polynomials and modular
polynomials modulo a prime $ p $ by revisiting the idea of working with supersingular elliptic …
polynomials modulo a prime $ p $ by revisiting the idea of working with supersingular elliptic …
SQIPrime: A dimension 2 variant of SQISignHD with non-smooth challenge isogenies
M Duparc, TB Fouotsa - International Conference on the Theory and …, 2024 - Springer
We introduce SQIPrime, a post-quantum digital signature scheme based on the Deuring
correspondence and Kani's Lemma. Compared to its predecessors that are SQISign and …
correspondence and Kani's Lemma. Compared to its predecessors that are SQISign and …
Avoiding Trusted Setup in Isogeny-based Commitments
GT Saah, TB Fouotsa, E Fouotsa… - Cryptology ePrint …, 2024 - eprint.iacr.org
In 2021, Sterner proposed a commitment scheme based on supersingular isogenies. For
this scheme to be binding, one relies on a trusted party to generate a starting supersingular …
this scheme to be binding, one relies on a trusted party to generate a starting supersingular …
Further Connections Between Isogenies of Supersingular Curves and Bruhat-Tits Trees
We further explore the explicit connections between supersingular curve isogenies and
Bruhat-Tits trees. By identifying a supersingular elliptic curve $ E $ over $\mathbb {F} _p $ as …
Bruhat-Tits trees. By identifying a supersingular elliptic curve $ E $ over $\mathbb {F} _p $ as …