AprèsSQI: Extra Fast Verification for SQIsign Using Extension-Field Signing

We optimise the verification of the SQIsign signature scheme. By using field extensions in the signing procedure, we are able to significantly increase the amount of available rational $2$-power torsion in verification, which achieves a significant speed-up. This, moreover, allows several other speed-ups on the level of curve arithmetic. We show that the synergy between these high-level and low-level improvements gives significant improvements, making verification $2.07$ times faster, or up to $3.41$ times when using size-speed trade-offs, compared to the state of the art, without majorly degrading the performance of signing.

Finding Orientations of Supersingular Elliptic Curves and Quaternion Orders

Faster constant-time evaluation of the Kronecker symbol with application to elliptic curve hashing

We generalize the Bernstein-Yang (BY) algorithm for constant-time modular inversion to compute the Kronecker symbol, of which the Jacobi and Legendre symbols are special cases. We start by developing a basic and easy-to-implement divstep version of the algorithm defined in terms of full-precision division steps. We then describe an optimized version due to Hamburg over word-sized inputs, similar to the jumpdivstep version of the BY algorithm, and formally verify its correctness. Along the way, we introduce a number of optimizations for implementing both versions in constant time and at high-speed. The resulting algorithms are particularly suitable for the special case of computing the Legendre symbol with dense prime $p$, where no efficient addition chain is known for the conventional approach by exponentiation to $\frac{p-1}{2}$. This is often the case for the base field of popular pairing-friendly elliptic curves. Our high-speed implementation for a range of parameters shows that the new algorithm is up to 40 times faster than the conventional exponentiation approach, and up to 25.7\% faster than the previous state of the art. We illustrate the performance of the algorithm with an application for hashing to elliptic curves, where the observed savings amount to 14.7\% -- 48.1\% when used for testing quadratic residuosity within the SwiftEC hashing algorithm. We also apply our techniques to the CTIDH isogeny-based key exchange, with savings of 3.5--13.5\%.

Protecting Chrome Traffic with Hybrid Kyber KEM

Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography. Continuing with our strategy f...

Post-Quantum signatures zoo

SIAM Conference on Applied Algebraic Geometry (AG23)

The SIAM conference on Applied Algebraic Geometry took place in Eindhoven last week. The “mini symposia” included: Applications of Algebraic Geometry to Post-Quantum Cryptology Elliptic…

Come and join the FAEST

The FAEST digital signature algorithm