Very sad news

Sat Typhoon APT Subverts Law Enforcement Wiretapping The Chinese state-sponsored cyberattack threat managed to infiltrate the "lawful intercept" network connections that police use in criminal investigations.

This exactly. And it's not just theoretical, it can happen for real. "The Chinese state-sponsored cyberattack threat managed to infiltrate the "lawful intercept" network connections that police use in criminal investigations." www.darkreading.com/cyber-risk/s...

Yessss!!!

Reminder that the MSCA postdoctoral program exists. If you have a PhD and want to work in a European lab, you have until September to apply. Just contact them now.

ec.europa.eu/info/funding...

Abstract. In this paper we study supersingular elliptic curves primitively oriented by an imaginary quadratic order, where the orientation is determined by an endomorphism that factors through the Frobenius isogeny. In this way, we partly recycle one of the main features of CSIDH, namely the fact that the Frobenius orientation can be represented for free. This leads to the most efficient family of ideal-class group actions in a range where the discriminant is significantly larger than the field characteristic p. Moreover, if we orient with a non-maximal order $\mathcal{O} \subset \mathbb{Q}(\sqrt{-p})$ and we assume that it is feasible to compute the ideal-class group of the maximal order, then also the ideal-class group of 𝒪 is known and we recover the central feature of SCALLOP-like constructions. We propose two variants of our scheme. In the first one, the orientation is by a suborder of the form $\mathbb{Z}[f\sqrt{-p}]$ for some f coprime to p, so this is similar to SCALLOP. In the second one, inspired by the work of Chenu and Smith, the orientation is by an order of the form $\mathbb{Z}[\sqrt{-dp}]$ where d is square-free and not a multiple of p. We give practical ways of generating parameters, together with a proof-of-concept SageMath implementation of both variants, which shows the effectiveness of our construction.

Image showing part 2 of abstract.

Orient Express: Using Frobenius to Express Oriented Isogenies (Wouter Castryck, Riccardo Invernizzi, Gioella Lorenzon, Jonas Meers, Frederik Vercauteren) ia.cr/2025/1047

Optimal KLPT would be amazing, I would love that for 2026. Then 2028 could be optimal KLPT^2 :)

Title of the PhD course: Advances in Cryptography and Codes - Part 1: SQIsign Lecturers: Andrea Basso (IBM Research Zurich, CH), Luciano Maino (University of Bristol, UK) The course in short: The course offers a comprehensive and rigorous introduction to SQIsign, an advanced isogeny-based digital signature scheme designed to resist attacks from quantum computers. The course will present the mathematical foundations on which SQIsign is based and the algorithmic background necessary to understand and evaluate the security of SQIsign and other isogeny-based protocols. Complementing the theoretical material, the course also includes a practical laboratory where students will use SageMath to study and implement various aspects of SQIsign. Where (in presence): Department of Mathematics, University of Trento (IT) Via Sommarive, 5, 38123, Trento (online): https://unitn.zoom.us/j/88902079708 (Passcode: 532383) When: From May 19, 2025 to May 28, 2025 Detailed Program: Monday 19/05 10:30 - 12:30 (Room A205) & 14:30 - 16:30 (Room A221) Tuesday 20/05 10:30 - 12:30 (Room A215) & 14:30 - 16:30 (Room A213) Wednesday 21/05 10:30 - 12:30 (Room A218) & 14:30 - 16:30 (Room A215) Thursday 22/05 10:30 - 12:30 (Room A209) & 14:30 - 16:30 (Room A220) Friday 23/05 10:30 - 12:30 (Room A215) & 14:30 - 16:30 (Room A215) Tuesday 27/05 11:30 - 12:30 – Q&A, optional (Room A218) Wednesday 28/05 11:30 - 12:30 – Q&A, optional (Room A218)

Next week @lucianomaino.bsky.social and I will teach a week-long course on SQIsign at the University of Trento.

The course will be both in-person and online: if you're interested, you can tune in Monday morning at 10:30 at unitn.zoom.us/j/88902079708

(details and full schedule in the image below)

CECC 2025 will accept posters, submission deadline is the 23rd May (more details can be found at cecc2025.inf.elte.hu). Also we have great invited speakers (Carla Rafols, Thomas Decru, Stefan Dziembowski), so hope to see you in Budapest!

This is cool heimberger.xyz/oprfs.html

The SQIparty starts on Monday, but it's still time to register!

We prepared an exciting program for you with a balanced mix of talks, coding sprints, skillshares and other activities!

www.cig.udl.cat/SQIparty2025...

See you in Lleida!

New work: we explain cubical arithmetic in simple terms to show you how easy it is to compute pairings. Essentially, you only need to know the Montgomery ladder!

As a bonus, pairings from cubical arithmetic are faster than those from Miller's loop for applications in isogeny-based cryptography.

Really excited to share the Decrypting Diversity Summit happening in Montpellier, France from 17-20 June! The goal of the summit is to promote diversity, inclusivity, and gender equality within the cryptography community. For more info: decryptingdiversity.com

Deadline to submit to this conference is today!

The second Levchin Prize goes to the CADO-NFS team: Emmanuel Thomé, Pierrick Gaudry, and Paul Zimmerman! Congratulations!

#realworldcrypto

Registration is now open! www.cig.udl.cat/SQIparty2025...

Cathedral of La Seu Vella in Lleida

Fancy some isogeny crypto?

Join us for a 3-day workshop on isogeny-based cryptography in Lleida, Catalonia, April 28-30

www.cig.udl.cat/icrypto2025_...

Brought to you by ULleida's Cryptography+Graphs group, the SQIsign team and friends!

Registration and program coming soon
Registration is free!

Next week (Tuesday 5pm CET) at The Isogeny Club we'll have Laurane Marco (EPFL) who will talk to us about computing modular polynomials modulo a generic prime! More details at isogeny.club

Abstract. We study recent algebraic attacks (Briaud-Øygarden EC’23) on the Regular Syndrome Decoding (RSD) problem and the assumptions underlying the correctness of their attacks’ complexity estimates. By relating these assumptions to interesting algebraic-combinatorial problems, we prove that they do not hold in full generality. However, we show that they are (asymptotically) true for most parameter sets, supporting the soundness of algebraic attacks on RSD. Further, we prove—without any heuristics or assumptions—that RSD can be broken in polynomial time whenever the number of error blocks times the square of the size of error blocks is larger than 2 times the square of the dimension of the code. Additionally, we use our methodology to attack a variant of the Learning With Errors problem where each error term lies in a fixed set of constant size. We prove that this problem can be broken in polynomial time, given a sufficient number of samples. This result improves on the seminal work by Arora and Ge (ICALP’11), as the attack’s time complexity is independent of the LWE modulus.

Image showing part 2 of abstract.

On the Soundness of Algebraic Attacks against Code-based Assumptions (Miguel Cueto Noval, Simon-Philipp Merz, Patrick Stählin, Akin Ünal) ia.cr/2025/415

16th International Conference on Cryptology, Africacrypt 2025 - Sciencesconf.org Africacrypt 2025 is organized by the ENSIAS College of Mohammed V University in Rabat with partnership of the General Directorate of Information Systems Security (DGSSI), Morocco.

16th International Conference on Cryptology AFRICACRYPT 2025
July 21-23, 2025 – Rabat, Morocco 🇲🇦

Extended submission deadline in 1 week:
africacrypt2025.sciencesconf.org
Submit your best results !

See you in Rabat 🇲🇦 in July 2025.

Abstract. In this paper, we present the first practical algorithm to compute an effective group action of the class group of any imaginary quadratic order 𝒪 on a set of supersingular elliptic curves primitively oriented by 𝒪. Effective means that we can act with any element of the class group directly, and are not restricted to acting by products of ideals of small norm, as for instance in CSIDH. Such restricted effective group actions often hamper cryptographic constructions, e.g. in signature or MPC protocols. Our algorithm is a refinement of the Clapoti approach by Page and Robert, and uses 4-dimensional isogenies. As such, it runs in polynomial time, does not require the computation of the structure of the class group, nor expensive lattice reductions, and our refinements allows it to be instantiated with the orientation given by the Frobenius endomorphism. This makes the algorithm practical even at security levels as high as CSIDH-4096. Our implementation in SageMath takes 1.5s to compute a group action at the CSIDH-512 security level, 21s at CSIDH-2048 level and around 2 minutes at the CSIDH-4096 level. This marks the first instantiation of an effective cryptographic group action at such high security levels. For comparison, the recent KLaPoTi approach requires around 200s at the CSIDH-512 level in SageMath and 2.5s in Rust.

Image showing part 2 of abstract.

PEGASIS: Practical Effective Class Group Action using 4-Dimensional Isogenies (Pierrick Dartois, Jonathan Komada Eriksen, Tako Boris Fouotsa, Arthur Herlédan Le Merdy, Riccardo Invernizzi, Damien Robert, Ryan Rueger, Frederik Vercauteren, Benjamin Wesolowski) ia.cr/2025/401

As part of the round-2 NIST submission, we developed a complete proof of security of SQIsign!

Happy to share this work with Paul Frixons, Valerie Gilchrist, Simon-Philipp Merz and Christophe Petit. We show that you have to be careful with new assumptions for cryptographic group actions. Namely for the CSI-SHARK assumption one can significantly beat Kuperberg using Childs-Van Dam

Excited to share this work on 2-dimensional KLPT which is joint work with Wouter Castryck, Thomas Decru, Abel Laval, Christophe Petit and Yan Bo Ti. This could pave the way for a 2-dimensional SQIsign and potentially other applications.