IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
20 March 2022
Virtual event, Anywhere on Earth, 26 September - 27 September 2022
Event Calendar
Event date: 26 September to 27 September 2022
Submission deadline: 27 May 2022
Notification: 29 July 2022
Submission deadline: 27 May 2022
Notification: 29 July 2022
TU Darmstadt
Job Posting
The Applied Cryptography Group at Technical University of Darmstadt offers a fully funded position as PhD student in Cryptography. The positions is to be filled as soon as possible for 3 years with the possibility of extension. You will conduct research and publish/present the results at top venues for research in cryptography and IT Security.
Topics of particular interest include (but are not limited to):
Topics of particular interest include (but are not limited to):
- Leakage/tamper resilient cryptography
- Cryptography for blockchains and cryptocurrencies
- Multiparty computation & threshold cryptography
- Decentralized finance
- Completed Master's degree (or equivalent) at a top university with excellent grades in computer science, mathematics or a similar area.
- Strong mathematical and/or algorithmic/theoretical CS background
- Good knowledge of cryptography. Knowledge in concepts of provable security is a plus.
- Fluent written and verbal communication skills in English
Closing date for applications:
Contact: Sebastian Faust (office.cac@cysec.de)
More information: https://www.informatik.tu-darmstadt.de/cac/cac/index.en.jsp
JAIPUR, India, 8 December - 11 December 2022
Event Calendar
Event date: 8 December to 11 December 2022
Submission deadline: 30 June 2022
Notification: 1 August 2022
Submission deadline: 30 June 2022
Notification: 1 August 2022
18 March 2022
Award
We are proud to announce the winners of the 2022 IACR Test-of-Time Award. This award honors papers published at the 3 IACR flagship conferences 15 years ago which have had a lasting impact on the field.
The Test-of-Time award for Asiacrypt 2007 is awarded to: Faster Addition and Doubling on Elliptic Curves, by Daniel J. Bernstein and Tanja Lange, for introducing efficient elliptic curve addition formulae in the context of Edwards forms of elliptic curves.
The Test-of-Time award for Crypto 2007 is awarded to: Deterministic and Efficiently Searchable Encryption, by Mihir Bellare, Alexandra Boldyreva and Adam O'Neill, for placing searchable encryption on a rigorous footing, leading to a huge interest in this field in applications.
The Test-of-Time award for Eurocrypt 2007 is awarded to: An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries, by Yehuda Lindell and Benny Pinkas, for providing the first implementable protocol for actively secure variants of Yao's protocol, and thus paving the way to more practical constructions.
For more information, see https://www.iacr.org/testoftime.
Congratulations to all winners!
The Test-of-Time award for Asiacrypt 2007 is awarded to: Faster Addition and Doubling on Elliptic Curves, by Daniel J. Bernstein and Tanja Lange, for introducing efficient elliptic curve addition formulae in the context of Edwards forms of elliptic curves.
The Test-of-Time award for Crypto 2007 is awarded to: Deterministic and Efficiently Searchable Encryption, by Mihir Bellare, Alexandra Boldyreva and Adam O'Neill, for placing searchable encryption on a rigorous footing, leading to a huge interest in this field in applications.
The Test-of-Time award for Eurocrypt 2007 is awarded to: An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries, by Yehuda Lindell and Benny Pinkas, for providing the first implementable protocol for actively secure variants of Yao's protocol, and thus paving the way to more practical constructions.
For more information, see https://www.iacr.org/testoftime.
Congratulations to all winners!
Rome, Italy, 20 June - 23 June 2022
Event Calendar
Event date: 20 June to 23 June 2022
Submission deadline: 1 April 2022
Notification: 15 April 2022
Submission deadline: 1 April 2022
Notification: 15 April 2022
A Leading Financial Technology Firm
Job Posting
Purpose:
You will be active in the planning and implementation of applications for the cryptography, especially secure multi-party computing (MPC) related domain. An ability to analyze and evaluate novel cryptography research and blockchain technology in the market is a must,
Requirements
-Proven track record for great academic research, learning skills, and solving challenging problems
-Expertise on Cryptography, especially blockchain space related to custody and management of keys, MPC or fully homomorphic encryption (FHE)
-Experience with Rust or Golang or other mainstream programming languages
Bonus Qualifications:
-MSc/PhD in STEM with applied cryptography orientation (participation in at least 2 classes related to cryptography)
-Significant involvement in the project that required the use of novel
cryptography, ideally FHE and/or ZK and/or MPC related
-Published paper in top tier cryptography conference
Closing date for applications:
Contact: Charles Isaac
Dfns
Job Posting
Context
Dfns is a cybersecurity company that builds custody* SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto. Our mission is to bring serenity to DeFi by eliminating new blockchain risks and making crypto transactions easier, faster, more affordable, and compliant with existing regulations.
From fintechs to large banks to e-commerce sites, Dfns gives financial institutions and businesses the freedom to own and transfer crypto on a battle-designed security infrastructure. Our API is designed to offer best-in-class developer experience allowing any platform to deploy custodial wallets in a matter of days, with streamlined feature delivery and frequent security upgrades.
Founded in 2020 in Paris, Dfns is a startup incubated at Station F (awarded Future40), accelerated by Techstars and recognized DeepTech by the French Ministry of Economy. Our company is fully remote with offices in Paris, Amsterdam, New York, London, Stockholm, Sofia, and other cities.
Job Description
You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.
You will join an amazing team of leaders (CTO, CISO, CPO) and experts (R&D Engineers, Cryptographers, Security Engineers) in a highly challenging and collaborative environment.
We are looking for a trailblazing VP of Research who can explore blockchain and ZK technology, generate new product ideas, and outline detailed R&D strategies. You will need to manage diverse teams spanning engineering and marketing, requiring both a strong technical background and excellent business skills. As an ideal candidate, you will have a keen eye for gaps in client product offerings and the innovative mindset to fill them. You’re a highly skilled cryptographer with a proven ability to strategize the full lifecycle of patent production—from conception through release.
Dfns is a cybersecurity company that builds custody* SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto. Our mission is to bring serenity to DeFi by eliminating new blockchain risks and making crypto transactions easier, faster, more affordable, and compliant with existing regulations.
From fintechs to large banks to e-commerce sites, Dfns gives financial institutions and businesses the freedom to own and transfer crypto on a battle-designed security infrastructure. Our API is designed to offer best-in-class developer experience allowing any platform to deploy custodial wallets in a matter of days, with streamlined feature delivery and frequent security upgrades.
Founded in 2020 in Paris, Dfns is a startup incubated at Station F (awarded Future40), accelerated by Techstars and recognized DeepTech by the French Ministry of Economy. Our company is fully remote with offices in Paris, Amsterdam, New York, London, Stockholm, Sofia, and other cities.
Job Description
You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.
You will join an amazing team of leaders (CTO, CISO, CPO) and experts (R&D Engineers, Cryptographers, Security Engineers) in a highly challenging and collaborative environment.
We are looking for a trailblazing VP of Research who can explore blockchain and ZK technology, generate new product ideas, and outline detailed R&D strategies. You will need to manage diverse teams spanning engineering and marketing, requiring both a strong technical background and excellent business skills. As an ideal candidate, you will have a keen eye for gaps in client product offerings and the innovative mindset to fill them. You’re a highly skilled cryptographer with a proven ability to strategize the full lifecycle of patent production—from conception through release.
Closing date for applications:
Contact: chris@dfns.co
More information: https://www.welcometothejungle.com/en/companies/dfns/jobs/vp-of-research_paris?q=6ea9e03888204c360e4888930ccfcdc0&o=944248&e=companies_jobs
Dfns
Job Posting
Context
Dfns is a cybersecurity company that builds custody SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto. Our mission is to bring serenity to DeFi by eliminating new blockchain risks and making crypto transactions easier, faster, more affordable, and compliant with existing regulations.
From fintechs to large banks to e-commerce sites, Dfns gives financial institutions and businesses the freedom to own and transfer crypto on a battle-designed security infrastructure. Our API is designed to offer best-in-class developer experience allowing any platform to deploy custodial wallets in a matter of days, with streamlined feature delivery and frequent security upgrades.
Founded in 2020 in Paris, Dfns is a startup incubated at Station F (awarded Future40), accelerated by Techstars and recognized DeepTech by the French Ministry of Economy. Our company is fully remote with offices in Paris, Amsterdam, New York, London, Stockholm, Sofia, and other cities.
Job Description
You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.
You will join an amazing team of leaders (CTO, VP of Research, CISO) and experts (Software Engineers, R&D Engineers, Security Engineers) in a highly challenging and collaborative environment.
We are looking for a Senior Cryptographer to develop our crypto systems using algorithmic, asymmetric, zk proofs, thresholdized cryptography and other types of tools to encrypt sensitive data and protect it from hackers, misuse, and cybercrime.
As a Cryptographer, you will be laser-focused on finding ways to protect blockchain keys from being intercepted, decrypted, copied, altered, or deleted by unauthorized actors. You will need a deep understanding of cryptography, namely MPC and its related algorithms. You will also develop and apply various mathematical models to help find and thwart potential systems threats.
Dfns is a cybersecurity company that builds custody SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto. Our mission is to bring serenity to DeFi by eliminating new blockchain risks and making crypto transactions easier, faster, more affordable, and compliant with existing regulations.
From fintechs to large banks to e-commerce sites, Dfns gives financial institutions and businesses the freedom to own and transfer crypto on a battle-designed security infrastructure. Our API is designed to offer best-in-class developer experience allowing any platform to deploy custodial wallets in a matter of days, with streamlined feature delivery and frequent security upgrades.
Founded in 2020 in Paris, Dfns is a startup incubated at Station F (awarded Future40), accelerated by Techstars and recognized DeepTech by the French Ministry of Economy. Our company is fully remote with offices in Paris, Amsterdam, New York, London, Stockholm, Sofia, and other cities.
Job Description
You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.
You will join an amazing team of leaders (CTO, VP of Research, CISO) and experts (Software Engineers, R&D Engineers, Security Engineers) in a highly challenging and collaborative environment.
We are looking for a Senior Cryptographer to develop our crypto systems using algorithmic, asymmetric, zk proofs, thresholdized cryptography and other types of tools to encrypt sensitive data and protect it from hackers, misuse, and cybercrime.
As a Cryptographer, you will be laser-focused on finding ways to protect blockchain keys from being intercepted, decrypted, copied, altered, or deleted by unauthorized actors. You will need a deep understanding of cryptography, namely MPC and its related algorithms. You will also develop and apply various mathematical models to help find and thwart potential systems threats.
Closing date for applications:
Contact: chris@dfns.co
More information: https://www.welcometothejungle.com/en/companies/dfns/jobs/senior-cryptographer_paris?q=b03d4fc5976286120e927867a4e9817b&o=944230&e=companies_jobs
Research & Development Group, Horizen Labs; Milano, Italy
Job Posting
Horizen Labs is a blockchain technology company that designs, develops, and delivers powerful, scalable, and reliable distributed ledger solutions for business.
Our Core Engineering Team is an innovative and collaborative group of researchers and software engineers who are dedicated to the design and development of world-class blockchain-based products. We are looking for a cryptographer, or applied cryptographer, to join our growing crypto team based in Milan, Italy. Currently, the team is developing a protocol suite for SNARK-based proof-composition, but its duties reach beyond that, developing privacy-enhancing solutions for our sidechain ecosystem.
Responsabilities- Design privacy-enhancing technology built on SNARK-based protocols
- Perform collaborative research and assist technical colleagues in their development work
- Participate in standards-setting
- Ph.D. in mathematics, computer science, or cryptography
- Solid foundations in zero-knowledge and cryptographic protocols
- Publications in acknowledged venues on applied or theoretical cryptography, preferably cryptographic protocols or PETs
- Strong problem-solving skills
- The ability to work in a team setting as well as autonomously
- Foundations in blockchain technology and experience in reading Rust are a plus
- A competitive salary plus pre-series A stock options
- Flexible working hours, including the possibility of remote working
- The opportunity to work with talented minds on challenging topics in this field, including the most recent advancements in zero-knowledge
- A nice and informal team setting to conduct research and development of high-quality open source solutions
If you are interested in this position, you might want to take a look at our recent publications (IACR eprints 2021/930, 2021/399, 2020/123) and our latest podcast on zeroknowledge.fm (Episode 178).
Closing date for applications:
Contact: recruiting@horizenlabs.io
More information: https://horizenlabs.io/
Technology Innovation Institute (TII) - Abu Dhabi, UAE
Job Posting
Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.
Cryptography Research Center
In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.
Position: Senior MPC Researcher
Skills required for the job
Qualifications
Closing date for applications:
Contact: Mehdi Messaoudi - Talent Acquisition Manager
mehdi.messaoudi@tii.ae
More information: https://www.tii.ae/cryptography
Universität der Bundeswehr München, Research Institute CODE
Job Posting
The Research Institute CODE at Universität der Bundeswehr München seeks an internationally recognised person with an excellent research and teaching track in cryptology. CODE hosts 13 professorships in the scope of cyber security ranging from software security, privacy, digital forensics to data science and open source intelligence.
Closing date for applications:
Contact: Further information is available via Prof. Harald Baier, harald.baier@unibw.de
More information: https://jobs.zeit.de/jobs/universitaetsprofessur-w3-fuer-kryptologie-universitaet-der-bundeswehr-muenchen-neubiberg-1056374
Meta Financial Technologies
Job Posting
The Meta Financial Technologies (MFT) research group is hiring! If you are looking for a full-time cryptography research position at Meta, and have a PhD background in cryptography, please reach out to Kevin Lewi (klewi@fb.com) and Arnab Roy (arnabr@fb.com) and we will be happy to elaborate more on the process.
Below is a short blurb about what we do:
The MFT crypto research team works on several exciting projects ranging from highly practical real-world problems addressing the security of Facebook products to foundational problems in cryptography. The ideal candidates will have a keen interest in producing new science to advance this interdisciplinary field, as well as supporting the productization of their results. We strongly believe in providing our researchers with the environment to explore the best problems to work on, while building up the skills to thrive in both industry and academia.
As a researcher at MFT, you will have an opportunity to learn about the myriad research problems that arise in developing what we believe will be the most important platform for financial services for years to come. You will be working with leading researchers as well as engineers and product managers. Since most of the work is open-source, many research projects can be discussed relatively freely. Research publication is strongly encouraged and rewarded.
Closing date for applications:
Contact: Please contact klewi [at] fb [dot] com and arnabr [at] fb [dot] com
Aymeric Genêt, Novak Kaluđerović
ePrint Report
In this paper, the recommended implementation of the post-quantum key exchange SIKE for Cortex-M4 is attacked through power analysis with a single trace by clustering with the $k$-means algorithm the power samples of all the invocations of the elliptic curve point swapping function in the constant-time coordinate-randomized three point ladder. Because each sample depends on whether two consecutive bits of the private key are the same or not, a successful clustering (with $k=2$) leads to the recovery of the entire private key. The attack is naturally improved with better strategies, such as clustering the samples in the frequency domain or processing the traces with a wavelet transform, using a simpler clustering algorithm based on thresholding, and using metrics to prioritize certain keys for key validation. The attack and the proposed improvements were experimentally verified using the ChipWhisperer framework. Splitting the swapping mask into multiple shares is suggested as an effective countermeasure.
Damiano Abram, Ivan Damgård, Claudio Orlandi, Peter Scholl
ePrint Report
Recently, number-theoretic assumptions including DDH, DCR and QR have been used to build powerful tools for secure computation, in the form of homomorphic secret-sharing (HSS), which leads to secure two-party computation protocols with succinct communication, and pseudorandom correlation functions (PCFs), which allow non-interactive generation of a large quantity of correlated randomness. In this work, we present a group-theoretic framework for these classes of constructions,
which unifies their approach to computing distributed discrete logarithms in various groups. We cast existing constructions in our framework, and also present new constructions, including one based on class groups of imaginary quadratic fields. This leads to the first construction of two-party homomorphic secret sharing for branching programs from class group assumptions. Using our framework, we also obtain pseudorandom correlation functions for generating oblivious transfer and vector-OLE correlations from number-theoretic assumptions. These have a trustless, public-key setup when instantiating our framework using class groups. Previously, such constructions either needed a trusted setup in the form of an RSA modulus with unknown factorisation, or relied on multi-key fully homomorphic encryption from the learning with errors assumption.
We also show how to upgrade our constructions to achieve active security using appropriate zero-knowledge proofs. In the random oracle model, this leads to a one-round, actively secure protocol for setting up the PCF, as well as a 3-round, actively secure HSS-based protocol for secure two-party computation of branching programs with succinct communication.
Alexander May, Carl Richard Theodor Schneider
ePrint Report
We show how to backdoor the McEliece cryptosystem, such that a backdoored public key is indistinguishable from a usual public key, but allows to efficiently retrieve the underlying secret key. For good cryptographic reasons, McEliece uses a small random seed $\boldsymbol{\delta}$ that generates via some pseudo random number generator (PRNG) the randomness that determines the secret key.
Our backdoor mechanism works by encoding the encryption of $\boldsymbol{\delta}$ into the public key. Retrieving $\boldsymbol{\delta}$ then allows to efficiently recover the (backdoored) secret key. Interestingly, McEliece can be used itself to encrypt $\boldsymbol{\delta}$, thereby protecting our backdoor mechanism with strong post-quantum security guarantees.
Our backdoor mechanism also works for the current Classic McEliece NIST standard proposal, and therefore opens the door for widespread maliciously backdoored implementations.
Fortunately, there is a simple fix to guard (Classic) McEliece against backdoors. While it is not strictly necessary to store $\boldsymbol{\delta}$ after key generation, we show that $\boldsymbol{\delta}$ allows identifying maliciously backdoored keys. Thus, our results provide strong advice to implementers to store $\boldsymbol{\delta}$ inside the secret key (as the proposal recommends), and use $\boldsymbol{\delta}$ to guard against backdoor mechanisms.
Our backdoor mechanism works by encoding the encryption of $\boldsymbol{\delta}$ into the public key. Retrieving $\boldsymbol{\delta}$ then allows to efficiently recover the (backdoored) secret key. Interestingly, McEliece can be used itself to encrypt $\boldsymbol{\delta}$, thereby protecting our backdoor mechanism with strong post-quantum security guarantees.
Our backdoor mechanism also works for the current Classic McEliece NIST standard proposal, and therefore opens the door for widespread maliciously backdoored implementations.
Fortunately, there is a simple fix to guard (Classic) McEliece against backdoors. While it is not strictly necessary to store $\boldsymbol{\delta}$ after key generation, we show that $\boldsymbol{\delta}$ allows identifying maliciously backdoored keys. Thus, our results provide strong advice to implementers to store $\boldsymbol{\delta}$ inside the secret key (as the proposal recommends), and use $\boldsymbol{\delta}$ to guard against backdoor mechanisms.
Panagiotis Chatzigiannis, Konstantinos Chalkias
ePrint Report
Base64 encoding has been a popular method to encode binary data into printable ASCII characters. It is commonly used in several serialization protocols, web, and logging applications, while it is oftentimes the preferred method for human-readable database fields. However, while convenient and with a better compression rate than hex-encoding, the large number of base64 variants in related standards and proposed padding-mode optionality have been proven problematic in terms of security and cross-platform compatibility. This paper addresses a potential attack vector in the base64 decoding phase, where multiple different encodings can successfully decode into the same data, effectively breaking string uniqueness guarantees. The latter might result to log mismatches, denial of service attacks and duplicated database entries, among the others. Apart from documenting why canonicity can be broken by a malleable encoder, we also present an unexpected result, where most of today's base64 decoder libraries are not 100% compatible in their default settings. Some surprising results include the non-compatible behavior of major Rust base64 crates and between popular Javascript and NodeJS base64 implementations. Finally, we propose ways and test vectors for mitigating these issues until a more permanent solution is widely adopted.
Thijs Veugen, Bart Kamphorst, Michiel Marcus
ePrint Report
We present the first algorithm that combines privacy-preserving technologies and state-of-the-art explainable AI to enable privacy-friendly explanations of black-box AI models. We provide a secure algorithm for contrastive explanations of black-box machine learning models that securely trains and uses local foil trees. Our work shows that the quality of these explanations can be upheld whilst ensuring the privacy of both the training data, and the model itself.
Aljosha Judmayer, Nicholas Stifter, Philipp Schindler, Edgar Weippel
ePrint Report
Estimating the probability, as well as the profitability, of different attacks is of utmost importance when assessing the security and stability of prevalent cryptocurrencies. Previous modeling attempts of classic chain-racing attacks have different drawbacks: they either focus on theoretical scenarios such as infinite attack durations, do not account for already contributed blocks, assume honest victims which immediately stop extending their chain as soon as it falls behind, or rely on computationally heavy approaches which render them ill-suited when fast decisions are required. In this paper, we present a simple yet practical model to calculate the success probability of finite attacks, while considering already contributed blocks and victims that do not give up easily. Hereby, we introduce a more fine grained distinction between different actor types and the sides they take during an attack. The presented model simplifies assessing the profitability of forks in practical settings, while also enabling fast and more accurate estimations of the economic security grantees in certain scenarios. By applying and testing our model in the context of bribing attacks, we further emphasize that approaches where the attacker compensates already contributed attack-chain blocks are particularly cheap. Better and more realistic attack models also help to spot and explain certain events observed in the empirical analysis of cryptocurrencies, or provide valuable directions for future studies. For better reproducibility and to foster further research in this area, all source code, artifacts and calculations are made available on GitHub.
Cong Zhang, Yu Chen, Weiran Liu, Min Zhang, Dongdai Lin
ePrint Report
Private set union (PSU) protocol enables two parties, each holding a set, to compute the union of their sets without revealing anything else to either party. So far, there are two known approaches for constructing PSU protocols. The first mainly depends on additively homomorphic encryption (AHE), which is generally inefficient since it needs to perform a non-constant number of homomorphic computations on each item. The second is mainly based on oblivious transfer and symmetric-key operations,
which is recently proposed by Kolesnikov et al. (KRTW, ASIACRYPT 2019). It features good practical performance, which is several orders of magnitude faster than the first one. However, neither of these two approaches is optimal in the sense that
their computation and communication complexity are not both $O(n)$, where $n$ is the size of the set. Therefore, the problem of constructing the optimal PSU protocol remains open.
In this work, we resolve this open problem by proposing a generic framework of PSU from oblivious transfer and a newly introduced protocol called multi-query reverse private membership test (mq-RPMT). We present two generic constructions of mq-RPMT. The first is based on symmetric-key encryption and general 2PC techniques. The second is based on re-randomizable public-key encryption. Both constructions lead to PSU with linear computation and communication complexity.
By instantiating the generic constructions of mq-RPMT, we obtain two concrete PSU protocols based on SKE and PKE techniques respectively. We implement our two PSU protocols and compare them with the state-of-the-art PSU. Experiments show that our PKE-based protocol has the lowest communication of all schemes, which is $4.1-14.8\times$ lower depending on set size. The running time of our PSU scheme is $1.2-12\times$ faster than that of state-of-the-art depending on network environments.
By instantiating the generic constructions of mq-RPMT, we obtain two concrete PSU protocols based on SKE and PKE techniques respectively. We implement our two PSU protocols and compare them with the state-of-the-art PSU. Experiments show that our PKE-based protocol has the lowest communication of all schemes, which is $4.1-14.8\times$ lower depending on set size. The running time of our PSU scheme is $1.2-12\times$ faster than that of state-of-the-art depending on network environments.
Antonin Leroux
ePrint Report
In this article, we prove a generic lower bound on the number of $\mathfrak{O}$-\textit{orientable} supersingular curves over $\FF_{p^2}$, i.e curves that admit an embedding of the quadratic order $\mathfrak{O}$ inside their endomorphism ring. Prior to this work, the only known effective lower-bound is restricted to small discriminants. Our main result targets the case of fundamental discriminants and we derive a generic bound using the expansion properties of the supersingular isogeny graphs.
Our work is motivated by isogeny-based cryptography and the increasing number of protocols based on $\mathfrak{O}$-oriented curves. In particular, our lower bound provides a complexity estimate for the brute-force attack against the new $\mathfrak{O}$-uber isogeny problem introduced by De Feo, Delpech de Saint Guilhem, Fouotsa, Kutas, Leroux, Petit, Silva and Wesolowski in their recent article on the SETA encryption scheme.