Cryptographic schemes based on supersingular isogenies have become an active area of research in the field of post-quantum cryptography. We investigate the resistance of these cryptosystems to fault injection attacks. It appears that the iterative structure of the secret isogeny computation renders these schemes vulnerable to loop-abort attacks. Loop-abort faults allow to perform a full key rec...

We propose a new suite of algorithms that significantly improve the performance of supersingular isogeny Diffie-Hellman (SIDH) key exchange. Subsequently, we present a full-fledged implementation of SIDH that is geared towards the 128-bit quantum and 192bit classical security levels. Our library is the first constant-time SIDH implementation and is up to 2.9 times faster than the previous best ...

Let O be a maximal order in a definite quaternion algebra over Q of prime discriminant p, and ` a small prime. We describe a probabilistic algorithm, which for a given left O-ideal, computes a representative in its left ideal class of `-power norm. In practice the algorithm is efficient, and subject to heuristics on expected distributions of primes, runs in expected polynomial time. This breaks...

In this note, we consider an `-isogeny descent on a pair of elliptic curves over Q. We assume that ` > 3 is a prime. The main result expresses the relevant Selmer groups as kernels of simple explicit maps between finitedimensional F`-vector spaces defined in terms of the splitting fields of the kernels of the two isogenies. We give examples of proving the `-part of the Birch and Swinnerton-Dyer...

A technique of descent via 4-isogeny is developed on the Jacobian of a curve of genus 2 of the form: Y 2 = q1(X)q2(X)q3(X), where each qi(X) is a quadratic defined over Q. The technique offers a realistic prospect of calculating rank tables of Mordell-Weil groups in higher dimension. A selection of worked examples is included as illustration.

We present the first signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves. We give two schemes, both of them based on interactive identification protocols. The first identification protocol is due to De Feo, Jao and Plût. The second one, and the main contribution of the paper, uses novel ideas that have not been used in...

Supersingular isogeny-based cryptography is one of the more recent families of post-quantum proposals. An interesting feature is the comparatively low bandwidth occupation in key agreement protocols, which stems from the possibility of key compression. However, compression and decompression introduce a significant overhead to the overall processing cost despite recent progress. In this paper we...

<p style='text-indent:20px;'>Supersingular isogeny graphs are known to have very few loops and multi-edges. We formalize this idea by studying finding bounds for the number of multi-edges in such graphs. also find conditions under which supersingular graph <inline-formula><tex-math id="M1">\begin{document}$ \Lambda_p( \ell) $\end{document}</tex-math></inline-formula&g...