Andrea Basso

I am very happy to announce that thanks to the hard work of many people (The "MIKE Team"), we now have a working implementation in SageMath of MIKE (Module Isogeny Key Exchange).

It depends if you interpret the waiting period to apply to the authors or to the paper :)

I think CiC and CHES have some form of this, but it doesn't automatically apply to all rejections: if the reviewers think the paper needs significantly more work, the authors cannot resubmit immediately

A waiting period may not be the best option, but we probably need some kind of pre-review check. Right now, it takes very little work for authors to resubmit the same paper again and again until it gets through, while it takes the 3+ reviewers a considerable amount of work to re-review the paper

The waiting period would be on resubmitting the same paper though, which may be helpful to prevent authors from spamming the same paper over and over again until they get lucky.

The IACR board sent a survey to members last year, and it took us a while to analyze the results and publish findings. You can see them at iacr.org/surveyresults/

1. In the AIM, the Sigma protocol underlying SQIsign is sound without rewinding, which means we can show that SQIsign is provably secure in the QROM.

2. The CDH and DLOG problem for all SIDH-like key exchanges (M-SIDH, MD-SIDH, binSIDH, terSIDH, etc.) are equivalent in the AIM.

New paper out! 🎉

We translate the algebraic group model to the (generic) isogeny setting, generalising previous results that were limited to oriented isogenies (we show that any result that holds in the AGAM also holds in the AIM).

Using this model, we obtain two important results:

It also helps to announce those limits in advance, or communicate them clearly, or NOT delete rebuttals, or...

This makes more sense than it seems: the time change happens at the same time in both time zones, which means in the UK it’s at 1am rather than 2am.

The Isogeny Club Season 7 starts today! At 5pm CEST, Bruno Sterner will talk about finding large smooth twins from short lattice vectors. More details at isogeny.club

Announcing The Isogeny Problems!

A curated list of the seven foremost unsolved problems in isogeny-based cryptography. Solving one of these profound questions would mark a monumental advance, and as a resolver you'd get eternal honor and epic rewards!

Full list: isogeni.es/problems

The EU wants to spend your money to assemble a giant mass surveillance machine with little effect on harm against children. Chat Control is not effective, weakens security for all and does not respect privacy. Contact your EU representatives and let them know.

csa-scientist-open-letter.org/Sep2025

If you're a researcher in cryptography, security, or related areas, please consider signing it too. Signature collection is still open!

More than 500 researchers have signed an open letter against the dangerous EU proposal on chat control.

The proposal remains ineffective, undoes decades of results in E2E encryption, and threatens the privacy of half a billion citizens.

csa-scientist-open-letter.org/Sep2025

New somewhat redesigned, somewhat expanded website at andreabasso.com!

If you find any dead links or things not working properly, please let me know

Abstract. The Learning with Rounding (LWR) problem, introduced as a deterministic variant of Learning with Errors (LWE), has become a promising foundation for post-quantum cryptography. This Systematization of Knowledge (SoK) paper presents a comprehensive survey of the theoretical foundations, algorithmic developments, and practical implementations of LWR-based cryptographic schemes. We introduce LWR within the broader landscape of lattice-based cryptography and post-quantum security, highlighting its advantages such as reduced randomness, improved efficiency, and enhanced side-channel resistance. We explore the evolution of security reductions from LWR to LWE, including recent advances that support practical parameter regimes and address challenges in both bounded and unbounded sample settings. This paper systematically reviews existing LWR-based schemes — including Saber, Lizard, Florete, Espada, Sable, and SMAUG — analyzing their design choices, parameter sets, and performance trade-offs. Furthermore, we examine the impact of LWR on side-channel resistance, failure probabilities, and masking efficiency, demonstrating its suitability for secure and efficient implementations. By consolidating the research spanning theory and practice, this SoK aims to guide future cryptographic design and standardization efforts leveraging LWR.

Image showing part 2 of abstract.

Using Learning with Rounding to Instantiate Post-Quantum Cryptographic Algorithms (Andrea Basso, Joppe W. Bos, Jan-Pieter D'Anvers, Angshuman Karmakar, Jose Maria Bermudo Mera, Joost Renes, Sujoy Sinha Roy, Frederik Vercauteren, Peng Wang, Yuewu Wang, Shicong Zhang, Chenxin Zhong) ia.cr/2025/1382

Commission presents Roadmap for effective and lawful access to data for law enforcement The European Commission presented today a Roadmap setting out the way forward to ensure law enforcement authorities in the EU have effective and lawful access to data.

Well, this horrible idea refuses to die so we should refuse to let it pass and start organizing again.

ec.europa.eu/commission/p...

Call for Stipends - ASCRYPTO '25

And for For PhD & advanced MSc students!
🌍 Stipends available for students worldwide — thanks to our sponsors!
📋 Apply for stipends here: docs.google.com/forms/d/e/1F...
🖼️ Consider presenting your work in the Latincrypt poster session!
🔗 More info: ascrypto.org/2025/

A chart for quantum computers, of number of qubits versus error rate, on a logarithmic scale. Broadly it shows a large gap between current quantum computers in the bottom left, and a curve in the top right of the resources they need to break RSA.

An out-of-schedule update to my quantum landscape chart: sam-jaques.appspot.com/quantum_land..., prompted by
@craiggidney.bsky.social 's new paper: arxiv.org/abs/2505.15917.

A startling jump (20x) in how easy quantum factoring can be!

Also: much improved web design!

I’m afraid not :(

We (finally) published all the material from this course on SQIsign, including lecture slides and exercise sheets for the Sage laboratory. Available here: github.com/andreavico/S...

For any polynomial-time abbiatese A...

(abbiategrassese? abbiatese grasso?)

Every time I'm writing a paper I always have the same question: is the attacker a person? Is the attacker a they or a it?

Really cool post on DH!

Starting in half an hour!

By 2030 we will all be out of jobs

👀

A timeline of isogeny-based signatures over the years: 2012 - A signature from group actions: First signature from isogenies in the literature 2014 - SIDH: Also proposes an identification protocol 2016 - GPS: First signature from endomorphism ring knowledge 2018 - SeaSign: First signature based on CSIDH 2020 - SQIsign: Compact and “practical" signature from endomorphism ring knowledge 2023 - SQIsignHD: HD representations make SQIsign signing much faster 2024 - SQIsign2D: Significantly improved SQIsign signing and verification

Isogeny-based signatures have consistently had a breakthrough every two years! Let's see what 2026 will bring...

(Well, except for SQIsignHD that came a year too late, but that's probably because of Covid)

Registrations for the Decrypting Diversity Summit are open:

decryptingdiversity.com/registration/

The event's focus is to develop actions to better support underrepresented groups in cryptography while showcasing the exceptional career paths and research contributions of these communities.

It's somewhat uncertain but probably not. But we'll share the slides, Sage exercises, and other material after the course