Valerio Ardizio is the newest member of Frederik Vercauteren's team!
"I chose COSIC because of its welcoming, inspiring, and stimulating research environment, as well as the outstanding expertise of the researchers who are part of this group."
#choosecosic
I spent two years building a piece of infrastructure for open access publishing in CS arxiv.org/abs/2504.10424. I've gotten positive feedback from authors, but most are quite ignorant about how publishing works (even in computer science). Thankfully we don't have to accept Microsoft Word.😁
let's read some legal agreements
www.youtube.com/watch?v=nmvf...
Abstract. Isogeny group action based signatures are obtained from a sigma protocol with high soundness error, say $\frac{1}{2}$ for its most basic variant. One needs to independently repeat the sigma protocol O(λ) times to reduce the soundness error to negligible (with λ being the security parameter). These repetitions come with a considerable efficiency and size overhead. On the other hand, quaternion isogeny-based signatures such as SQIsign and PRISM are directly obtained from a sigma protocol with a negligible soundness error. The secret key in the SQIsign and PRISM is a random supersingular isogeny, and both schemes are insecure when the secret isogeny arises from the supersingular isogeny group action setting. In this paper, we propose WaterSQI and PRISMO, variants of SQIsign and PRISM respectively, suited for secret isogenies that arise from the supersingular isogeny group action setting. They use a sigma protocol whose soundness error is negligible without requiring parallel repetitions. They are hence more compact and O(λ) times more efficient compared to Generalised CSI-FiSh (the generalisation of CSI-FiSh to large parameters using generic isogeny group action evaluation algorithms such as Clapotis/KLaPoTi/PEGASIS). For example, for our proof of concept implementation with a 2000 bits prime in sagemath, PRISMO, when compared to Generalised CSI-FiSh with the same public key size, is about 3x faster for key generation, 273x faster for signing and 4900x faster for verification, while also being 29x more compact (signature size).
Image showing part 2 of abstract.
WaterSQI and PRISMO: Quaternion Signatures for Supersingular Isogeny Group Actions (Tako Boris Fouotsa) ia.cr/2025/1737
Main ingredient: orientations don't like inert primes because they bring no advantage for computing isogenies with such degrees.
Quaternion signatures for isogeny group actions: showing how to adapt SQIsign and PRISM to the group actions setting, unleashing WaterSQI and PRISMO signatures that come with a tremendous speed-up over CSI-FiSh style signatures.
Come to the ASCrypto school, affiliated with Latincrypt2025!
🗓️ Sept 29–30 | Medellín, Colombia
👨🏫 Learn 𝐦𝐨𝐝𝐞𝐫𝐧 𝐩𝐫𝐨𝐯𝐢𝐧𝐠 𝐬𝐲𝐬𝐭𝐞𝐦𝐬 from top experts
💥 2 days, 3 modules: IVC, STARKs, MPC
👥 With Benedikt Bünz, Sophia Yakoubov, Alan Szepieniec
Organised by the amazing Arantxa Zapico and Javier Verbel.
Registration for the Leuven Isogeny Days 6 is now open!
📅 10–12 Sept 2025 @ KU Leuven
Morning: research talks
Afternoon: brainstorming sessions
More info: www.esat.kuleuven.be/cosic/projec...
#isogeny #isocrypt #erc #postquantum
The 3rd link doesn't appear well above. Here it is: africacrypt2025.sciencesconf.org/resource/pag...
AFRICACRYPT'25 accepted papers (africacrypt2025.sciencesconf.org/resource/page/…) & invited speakers (africacrypt2025.sciencesconf.org/resource/page/id/11 are online.
Early registration deadline is May 30th (africacrypt2025.sciencesconf.org/resource/page/���).
See you in Rabat 🇲🇦 in July! 😉
Isogenies @ Eurocrypt 2025 in Madrid!
The SQIparty starts on Monday, but it's still time to register!
We prepared an exciting program for you with a balanced mix of talks, coding sprints, skillshares and other activities!
www.cig.udl.cat/SQIparty2025...
See you in Lleida!
Good news is that we're still accepting brainstorm topics!! If you have a brainstorm idea, send us a short description by email !
Season 6 of the Isogeny Club is officially done! You can catch up with all the talks here: isogeny.club
If, like us, you haven't had enough isogenies for the term, be sure to join us at the Brainstorm Sessions affiliated with Eurocrypt: isogeny.club/eurocrypt
Congratulations to the new IACR fellows....
Joan Daemen,
Thomas Johansson,
Anna Lysyanskaya,
Pascal Paillier,
J.R. Rao,
Alon Rosen,
Elaine Shi,
Bo-Yin Yang.
iacr.org/fellows/
#cryptography
Higher dimensions everywhere ! #isogenies
I mean as a sub-reviewer...
Registration to the SQIparty is open, free, and we have a first sketch of a program!
www.cig.udl.cat/SQIparty2025...
Register and plan your travel quickly: the rooms are reserved only until Thursday!
See you in Lleida!
It saddens to spend time reviewing a paper, then to neither be able to see the other reviews nor take part in the discussion on that paper! Program Chairs should always enable this (and choose a reviewing platform that allows them to).
Given recent instances of US visa holders and residents being detained or deported by US immigration authorities, we understand that some members of our community may not feel safe traveling to the US for Crypto this year. We want to assure everyone that we will provide the option to present and attend remotely.
Update on crypto.iacr.org/2025/
> claims no new results
> adds in a tiny new result anyway
> ???
anyway, enjoy the read!
This workshop is gonna be great: cool people, interesting talks, and lots of great research on SQIsign and isogeny-based crypto. Mark it in your calendars!
And if you’re going to Eurocrypt, this is going to be convenient: the workshop is just the week before, and it’s not too far from Madrid
Looking forward to speaking at this event.
Come and enjoy an autumn day in Rome talking #cryptography....
www.decifris.it/fcir25
Cathedral of La Seu Vella in Lleida
Fancy some isogeny crypto?
Join us for a 3-day workshop on isogeny-based cryptography in Lleida, Catalonia, April 28-30
www.cig.udl.cat/icrypto2025_...
Brought to you by ULleida's Cryptography+Graphs group, the SQIsign team and friends!
Registration and program coming soon
Registration is free!
Registration for Eurocrypt 2025 is open!!
Register at eurocrypt.iacr.org/2025/registr...
Early bird registration deadline is 4th of April.
Note that registration will be temporarily closed between the 29th and the 31st of March, and we'll have to cancel previous invoices left unpaid by March 30th.
And why not pair that with an isogeny workshop in Catalonia just before?
bsky.app/profile/bsky...
May be you could have a short version that fits within the page limit and that contains sufficient details allowing the reviewer to evaluate the results. Then include a longer version in the complemental Archive field on the submission page.
![Abstract. We point out flaw in zero-knowledge of the CROSS identification protocol, CROSS-ID, which allows a distinguisher to distinguish real and simulated transcripts given access to the witness. Moreover, we show that the real and simulated transcripts are not statistically indistinguishable, and therefore the protocol can only satisfy weak computational (rather than strong, statistical or perfect) Honest Verifier Zero-knowledge. This issue is still present in version 2.0 updated on January 31, 2025, which resolves the security losses attained via the attacks of [BLP+25]](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:fwa55bujvdrwlwlwgqmmxmuf/bafkreiaznha3h4ckktul27z75rlpn55wb7cndkjgytf7wiss35sjm4wlga)
Abstract. We point out flaw in zero-knowledge of the CROSS identification protocol, CROSS-ID, which allows a distinguisher to distinguish real and simulated transcripts given access to the witness. Moreover, we show that the real and simulated transcripts are not statistically indistinguishable, and therefore the protocol can only satisfy weak computational (rather than strong, statistical or perfect) Honest Verifier Zero-knowledge. This issue is still present in version 2.0 updated on January 31, 2025, which resolves the security losses attained via the attacks of [BLP+25]
A Note on Zero-Knowledge Simulator of the CROSS Identification Protocol (Shai Levin) ia.cr/2025/359
Abstract. Following Ibukiyama, Katsura and Oort, all principally polarized superspecial abelian surfaces over $\overline{\mathbb{F}}_p$ can be represented by a certain type of 2 × 2 matrix g, having entries in the quaternion algebra B_(p, ∞). We present a heuristic polynomial-time algorithm which, upon input of two such matrices g₁, g₂, finds a “connecting matrix” representing a polarized isogeny of smooth degree between the corresponding surfaces. Our algorithm should be thought of as a two-dimensional analog of the KLPT algorithm from 2014 due to Kohel, Lauter, Petit and Tignol for finding a connecting ideal of smooth norm between two given maximal orders in B_(p, ∞). The KLPT algorithm has proven to be a versatile tool in isogeny-based cryptography, and our analog has similar applications; we discuss two of them in detail. First, we show that it yields a polynomial-time solution to a two-dimensional analog of the so-called constructive Deuring correspondence: given a matrix g representing a superspecial principally polarized abelian surface, realize the latter as the Jacobian of a genus-2 curve (or, exceptionally, as the product of two elliptic curves if it concerns a product polarization). Second, we show that, modulo a plausible assumption, Charles-Goren-Lauter style hash functions from superspecial principally polarized abelian surfaces require a trusted set-up. Concretely, if the matrix g associated with the starting surface is known then collisions can be produced in polynomial time. We deem it plausible that all currently known methods for generating a starting surface indeed reveal the corresponding matrix. As an auxiliary tool, we present an explicit table for converting (2,2)-isogenies into the corresponding connecting matrix, a step for which a previous method by Chu required super-polynomial (but sub-exponential) time.
Image showing part 2 of abstract.
KLPT²: Algebraic Pathfinding in Dimension Two and Applications (Wouter Castryck, Thomas Decru, Péter Kutas, Abel Laval, Christophe Petit, Yan Bo Ti) ia.cr/2025/372
