Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Paper 2024/773

SQIPrime: A dimension 2 variant of SQISignHD with non-smooth challenge isogenies

Max Duparc, École Polytechnique Fédérale de Lausanne
Tako Boris Fouotsa, École Polytechnique Fédérale de Lausanne
Abstract

We introduce SQIPrime, a post-quantum digital signature scheme based on the Deuring correspondence and Kani's Lemma. Compared to its predecessors that are SQISign and especially SQISignHD, SQIPrime further expands the use of high dimensional isogenies, already in use in the verification in SQISignHD, to all its subroutines. In doing so, it no longer relies on smooth degree isogenies (of dimension 1). Intriguingly, this includes the challenge isogeny which is also a non-smooth degree isogeny, but has an accessible kernel. The fact that the isogenies do not have rational kernel allows to fit more rational power 2 torsion points which are necessary when computing and representing the response isogeny. SQIPrime operates with prime numbers of the form $p = 2^\alpha f-1$. We describe two variants of SQIPrime. SQIPrime4D which incorporates the novelties described above and uses dimension 4 isogenies to represent the response isogeny. The runtime of higher dimensional isogeny computation is exponential in the dimension, hence the smaller the dimension the better for efficiency. The second variant, SQIPrime2D, solely uses dimension 2 isogenies. This is achieved by setting the degree of the secret isogeny to be equal to that of the challenge isogeny and further exploiting Kani's Lemma. SQIPrime2D is more efficient compared to SQIPrime4D and to SQISignHD, at the cost of being comparatively less compact, but still very compact compared to non isogeny based post-quantum signatures.

Note: Algorithm 3 revisited. Proof of concept implementation provided and timings added in Section 8.4

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2024
Keywords
IsogeniesSQISignSQISignHDKani's LemmaSQIPrime
Contact author(s)
max duparc @ epfl ch
tako fouotsa @ epfl ch
History
2024-10-13: last of 2 revisions
2024-05-20: received
See all versions
Short URL
https://ia.cr/2024/773
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/773,
      author = {Max Duparc and Tako Boris Fouotsa},
      title = {{SQIPrime}: A dimension 2 variant of {SQISignHD} with non-smooth challenge isogenies},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/773},
      year = {2024},
      url = {https://eprint.iacr.org/2024/773}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.