Modul:   MAT076  Neuchatel - St.Gallen - Zurich Seminar in Coding Theory and Cryptography

Isogeny Representations and their Applications in Cryptography

Vortrag von Dr. Boris Fouotsa

Datum: 06.12.23  Zeit: 15.00 - 16.00  Raum:

Isogenies are rational maps between elliptic curves that are also group morphisms with respect to the group structure of the elliptic curves. The kernel of an isogeny is always finite, and a natural way to describe an isogeny is to give a description of its kernel. Given the kernel of an isogeny, Velu formulas (or square root Velu formulas) allow to compute and evaluate the isogeny. These formulas are only efficient for small degree isogenies. Hence, in general, only smooth degrees isogenies can be computed and evaluated exploiting these formulas. The Deuring Correspondence allows to interpret supersingular isogenies as ideals. It enables the computation and the evaluation of isogenies of generic degree, provided that the endomorphism rings of the curves in play are known. The recent SIDH attacks have proven that the images of torsion points through an isogeny can be used to efficiently evaluate the isogeny if these points have (power)smooth order. This enables a brand new way to represent isogenies. This has been leveraged to design SQISignHD, a variant of the SQISign signature. SQISignHD is currently the most compact post-quantum signature scheme. In this talk, we will discuss this new isogeny representation and show how it is used in SQISignHD. We will then show how to adapt SQISignHD to obtain a signature scheme for the CSIDH group action setting.