Natanael

Abstract;

In this paper, we present the first practical algorithm to compute an effective group action of the class group of any imaginary quadratic order O on a set of supersingular elliptic curves primitively oriented by O. Effective means that we can act with any element of the class group directly, and are not restricted to acting by products of ideals of small norm, as for instance in CSIDH. Such restricted effective group actions often hamper cryptographic constructions, e.g. in signature or MPC protocols.

Our algorithm is a refinement of the Clapoti approach by Page and Robert, and uses 4-dimensional isogenies. As such, it runs in polynomial time, does not require the computation of the structure of the class group, nor expensive lattice reductions, and our refinements allows it to be instantiated with the orientation given by the Frobenius endomorphism. This makes the algorithm practical even at security levels as high as CSIDH-4096. Our implementation in SageMath takes 1.5s to compute a group action at the CSIDH-512 security level, 21s at CSIDH-2048 level and around 2 minutes at the CSIDH-4096 level. This marks the first instantiation of an effective cryptographic group action at such high security levels. For comparison, the recent KLaPoTi approach requires around 200s at the CSIDH-512 level in SageMath and 2.5s in Rust.

See also; https://bsky.app/profile/andreavbasso.bsky.social/post/3ljkh4wmnqk2c

🔏

See also;

https://talkingpointsmemo.com/edblog/another-update-on-the-situation-at-indiana-university

Via; https://bsky.app/profile/kennyog.bsky.social/post/3ll7ulyayts2d

Via; https://bsky.app/profile/nicksullivan.org/post/3ll7galasrc2z

CFRG process documentation has been updated.

From: https://mastodon.social/@fj/114171907451597856

Interesting paper co-authored by Airbus cryptographer Erik-Oliver Blass on using zero-knowledge proofs in flight control systems.

Sensors would authenticate their measurements, the control unit provides in each iteration control outputs together with a proof of output correctness (reducing the need in some cases for redundant computations), and actuators verify that outputs have been correctly computed

"The GSM Association announced that the latest RCS standard includes E2EE based on the Messaging Layer Security (MLS) protocol, enabling interoperable encryption between different platform providers for the first time"

HQC gets standardized, as an addition to ML-KEM (kyber). McEliece is out of the NIST process for two reasons, they consider it unlikely to be widely used, also ISO is considering standardizing it and they don't want to create an incompatible standard. If ISO does standardize it and it does see use, NIST is considering mirroring that standard (since lots of US agencies are bound to using NIST standards)