LightNews
krijn.isogeni.es
Krijn Reijnders
@krijn.isogeni.es
140 followers 90 following 50 posts
Post-doc in post-quantum cryptography. Mostly isogenies nowadays. See krijnreijnders.com
Posts Media Videos Starter Packs
Pinned
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Nov 5
Having fixed most issues, isogeni.es should be up and running now. Perhaps useful for others too!

(it simply scrapes recent isogeny papers from ePrint, and formats these nicely)
isogeni.es
1 5 8
Reposted by Krijn Reijnders
maria.isogeny.club
Maria Corte-Real Santos @maria.isogeny.club · 18d
The Isogeny Club Season 7 starts today! At 5pm CEST, Bruno Sterner will talk about finding large smooth twins from short lattice vectors. More details at isogeny.club
1 7 10
Reposted by Krijn Reijnders
dfaranha.bsky.social
Diego F. Aranha @dfaranha.bsky.social · 24d
The impact of Alfred Menezes in cryptography is profound. Francisco RH and I are organizing an afternoon session in Latincrypt to celebrate Alfred's career:

menezesfest.info

If you're coming to Medellín, consider attending!
MenezesFest 2025
MenezesFest brings together researchers, colleagues, and friends to celebrate the career and impact of Alfred Menezes.
menezesfest.info
1 6 12
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · 26d
The reward system is pledge-based, meaning that anyone who wants to can offer a reward to any of these problems.

Be creative! Want to pledge $1000 for the resolution of your favorite problem? Please do! Want to pledge a cooking class from your parents? Please do!!

DM/mail me to pledge.
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · 26d
Announcing The Isogeny Problems!

A curated list of the seven foremost unsolved problems in isogeny-based cryptography. Solving one of these profound questions would mark a monumental advance, and as a resolver you'd get eternal honor and epic rewards!

Full list: isogeni.es/problems
The Isogeny Problems
isogeni.es
1 6 16
Reposted by Krijn Reijnders
eprint.ing.bot
ePrint Updates @eprint.ing.bot · Sep 11
Qlapoti: Simple and Efficient Translation of Quaternion Ideals to Isogenies (Giacomo Borin, Maria Corte-Real Santos, Jonathan Komada Eriksen, Riccardo Invernizzi, Marzio Mula, Sina Schaeffler, Frederik Vercauteren) ia.cr/2025/1604
Abstract. The main building block in isogeny-based cryptography is an algorithmic version of the Deuring correspondence, called IdealToIsogeny. This algorithm takes as input left ideals of the endomorphism ring of a supersingular elliptic curve and computes the associated isogeny. Building on ideas from QFESTA, the Clapoti framework by Page and Robert reduces this problem to solving a certain norm equation. The current state of the art is however unable to efficiently solve this equation, and resorts to a relaxed version of it instead. This impacts not only the efficiency of the IdealToIsogeny procedure, but also its success probability. The latter issue has to be mitigated with complex and memory-heavy rerandomization procedures, but still leaves a gap between the security analysis and the actual implementation of cryptographic schemes employing IdealToIsogeny as a subroutine. For instance, in SQIsign the failure probability is still 2⁻⁶⁰ which is not cryptographically negligible. The main contribution of this paper is a very simple and efficient algorithm called Qlapoti which approaches the norm equation from Clapoti directly, solving all the aforementioned problems at once. First, it makes the IdealToIsogeny subroutine between 2.2 and 2.6 times faster. This signigicantly improves the speed of schemes using this subroutine, including notably SQIsign and . On top of that, Qlapoti has a cryptographically negligible failure probability. This eliminates the need for rerandomization, drastically reducing memory consumption, and allows for cleaner security reductions. Image showing part 2 of abstract.
4 6
Reposted by Krijn Reijnders
cosic.bsky.social
COSIC @cosic.bsky.social · 29d
"Industry perspectives on implementation and deployment" by Bas Westerbaan (Cloudfare) today at the PQCSA Workshop on Tackling the Quantum Threat in Athens.
#PQCSA #PQC #postquantum #eudigital
1 2
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Sep 7
Was at exactly this spot two weeks ago, enjoy some choucroute!!
1 1
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Sep 3
On a more serious note, it's puzzling that CiC was 0 first, then got adjusted to 1. Seems that someone just needs to make them aware?

See:
TCHES kanalregister.hkdir.no/en/tidsskrif...
CiC kanalregister.hkdir.no/en/tidsskrif...
Prøve med andre søkeord eller gå tilbake til forsiden.
kanalregister.hkdir.no
1
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Sep 3
Perhaps @jonathan.isogeny.club really really hates embedded devices?
1 1 1
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Sep 1
Out of curiosity, how do you handle students using AI?
1
Reposted by Krijn Reijnders
cosic.bsky.social
COSIC @cosic.bsky.social · Aug 26
🔐 You're invited! Join us on 18 Nov 2025 in Leuven (Belgium) for the #IEEE Milestone Award Ceremony, honoring #Rijndael, the Belgian cipher selected as #AES, protecting billions worldwide. Register (free) by 25 Oct: rijndael-ieeemilestone.cs.ru.nl/index #CyberSecurity #Cryptography
1 4
Reposted by Krijn Reijnders
cosic.bsky.social
COSIC @cosic.bsky.social · Aug 21
Proud moment at #CRYPTO 2025!
“KLPT²: Algebraic Pathfinding in Dimension Two and Applications” received the Best Paper Award. 🏆
Co-authored by COSIC’s Wouter Castryck & Thomas Decru (presenter).
Read it here: eprint.iacr.org/2025/372
3 7
Reposted by Krijn Reijnders
cosic.bsky.social
COSIC @cosic.bsky.social · Jul 8
"Simpler and Faster Pairings from the Montgomery Ladder" by Giacomo Pope, Krijn Reijnders (COSIC), Damien Robert, Alessandro Sferlazza & Benjamin Smith published in IACR Communications in Cryptology and online now: cic.iacr.org/p/2/2/29
#ISOCRYPT #ISOCRYPTproject
Simpler and Faster Pairings from the Montgomery Ladder
cic.iacr.org
3 2
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Jul 7
9 out of 10 dentists recommend solving log(p) KLPT

(from @jonathan.isogeny.club's talk at ARCTICCRYPT 2025!)
1 7
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Jul 3
For those not using VS Code, this one is also very friendly publish.iacr.org/cryptobib
CryptoBib Search
publish.iacr.org
2 3
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Jul 3
Should let people know that this exists and was exactly what I was missing in the last 5 years:

github.com/martisak/vsc...

Simply directly searches dblp from VS Code and copy-pastes the bib-entry into the bib file
GitHub - martisak/vscode-getref: Visual Code Studio interface to dblp.
Visual Code Studio interface to dblp. Contribute to martisak/vscode-getref development by creating an account on GitHub.
github.com
1 3 8
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Jul 2
I KNOW RIGHT, HOW??
1
Reposted by Krijn Reijnders
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 19
An out-of-schedule update to my quantum landscape chart: sam-jaques.appspot.com/quantum_land..., prompted by
@craiggidney.bsky.social 's new paper: arxiv.org/abs/2505.15917.

A startling jump (20x) in how easy quantum factoring can be!

Also: much improved web design!
A chart for quantum computers, of number of qubits versus error rate, on a logarithmic scale. Broadly it shows a large gap between current quantum computers in the bottom left, and a curve in the top right of the resources they need to break RSA.
3 26 61
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Jun 19
Single author, fifteen pages, reduces the bit complexity of millenia-old UOV instances!!
eprint.ing.bot
ePrint Updates @eprint.ing.bot · Jun 19
Wedges, oil, and vinegar – An analysis of UOV in characteristic 2 (Lars Ran) ia.cr/2025/1143
Abstract. The Unbalanced Oil and Vinegar construction (UOV) has been the backbone of multivariate cryptography since the fall of HFE-based schemes. In fact, 7 UOV-based schemes have been submitted to the NIST additional call for signatures, and 4 of these made it to the second round. For efficiency considerations, most of these schemes are defined over a field of characteristic 2. This has as a side effect that the polar forms of the UOV public maps are not only symmetric, but also alternating. In this work, we propose a new key-recovery attack on UOV in characteristic 2 that makes use of this property. We consider the polar forms of the UOV public maps as elements of the exterior algebra. We show that these are contained in a certain subspace of the second exterior power that is dependent on the oil space. This allows us to define relations between the polar forms and the image of the dual of the oil space under the Plücker embedding. With this, we can recover the secret oil space using sparse linear algebra. This new attack has an improved complexity over previous methods and reduces the security by 4, 11, and 20 bits for uov-Ip, uov-III, and uov-V, respectively. Furthermore, the attack is applicable to MAYO₂ and improves on the best attack by 28 bits. Image showing part 2 of abstract.
1 3 13
Reposted by Krijn Reijnders
eprint.ing.bot
ePrint Updates @eprint.ing.bot · Jun 19
Wedges, oil, and vinegar – An analysis of UOV in characteristic 2 (Lars Ran) ia.cr/2025/1143
Abstract. The Unbalanced Oil and Vinegar construction (UOV) has been the backbone of multivariate cryptography since the fall of HFE-based schemes. In fact, 7 UOV-based schemes have been submitted to the NIST additional call for signatures, and 4 of these made it to the second round. For efficiency considerations, most of these schemes are defined over a field of characteristic 2. This has as a side effect that the polar forms of the UOV public maps are not only symmetric, but also alternating. In this work, we propose a new key-recovery attack on UOV in characteristic 2 that makes use of this property. We consider the polar forms of the UOV public maps as elements of the exterior algebra. We show that these are contained in a certain subspace of the second exterior power that is dependent on the oil space. This allows us to define relations between the polar forms and the image of the dual of the oil space under the Plücker embedding. With this, we can recover the secret oil space using sparse linear algebra. This new attack has an improved complexity over previous methods and reduces the security by 4, 11, and 20 bits for uov-Ip, uov-III, and uov-V, respectively. Furthermore, the attack is applicable to MAYO₂ and improves on the best attack by 28 bits. Image showing part 2 of abstract.
4 6
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Jun 16
Yessss!!!
cosic.bsky.social
COSIC @cosic.bsky.social · Jun 16
Registration for the Leuven Isogeny Days 6 is now open!
📅 10–12 Sept 2025 @ KU Leuven
Morning: research talks
Afternoon: brainstorming sessions
More info: www.esat.kuleuven.be/cosic/projec...
#isogeny #isocrypt #erc #postquantum
1 4
Reposted by Krijn Reijnders
andreavbasso.bsky.social
Andrea Basso @andreavbasso.bsky.social · Jun 10
We (finally) published all the material from this course on SQIsign, including lecture slides and exercise sheets for the Sage laboratory. Available here: github.com/andreavico/S...
1 16 17
Reposted by Krijn Reijnders
eprint.ing.bot
ePrint Updates @eprint.ing.bot · Jun 5
Orient Express: Using Frobenius to Express Oriented Isogenies (Wouter Castryck, Riccardo Invernizzi, Gioella Lorenzon, Jonas Meers, Frederik Vercauteren) ia.cr/2025/1047
Abstract. In this paper we study supersingular elliptic curves primitively oriented by an imaginary quadratic order, where the orientation is determined by an endomorphism that factors through the Frobenius isogeny. In this way, we partly recycle one of the main features of CSIDH, namely the fact that the Frobenius orientation can be represented for free. This leads to the most efficient family of ideal-class group actions in a range where the discriminant is significantly larger than the field characteristic p. Moreover, if we orient with a non-maximal order $\mathcal{O} \subset \mathbb{Q}(\sqrt{-p})$ and we assume that it is feasible to compute the ideal-class group of the maximal order, then also the ideal-class group of 𝒪 is known and we recover the central feature of SCALLOP-like constructions. We propose two variants of our scheme. In the first one, the orientation is by a suborder of the form $\mathbb{Z}[f\sqrt{-p}]$ for some f coprime to p, so this is similar to SCALLOP. In the second one, inspired by the work of Chenu and Smith, the orientation is by an order of the form $\mathbb{Z}[\sqrt{-dp}]$ where d is square-free and not a multiple of p. We give practical ways of generating parameters, together with a proof-of-concept SageMath implementation of both variants, which shows the effectiveness of our construction. Image showing part 2 of abstract.
3 5
krijn.isogeni.es
Krijn Reijnders @krijn.isogeni.es · Jun 5
It took me a while to realise why this series of papers starts at Part IV
1 3
Reposted by Krijn Reijnders
andreavbasso.bsky.social
Andrea Basso @andreavbasso.bsky.social · May 19
Starting in half an hour!
andreavbasso.bsky.social
Andrea Basso @andreavbasso.bsky.social · May 17
Next week @lucianomaino.bsky.social and I will teach a week-long course on SQIsign at the University of Trento.

The course will be both in-person and online: if you're interested, you can tune in Monday morning at 10:30 at unitn.zoom.us/j/88902079708

(details and full schedule in the image below)
Title of the PhD course: Advances in Cryptography and Codes - Part 1: SQIsign Lecturers: Andrea Basso (IBM Research Zurich, CH), Luciano Maino (University of Bristol, UK) The course in short: The course offers a comprehensive and rigorous introduction to SQIsign, an advanced isogeny-based digital signature scheme designed to resist attacks from quantum computers. The course will present the mathematical foundations on which SQIsign is based and the algorithmic background necessary to understand and evaluate the security of SQIsign and other isogeny-based protocols. Complementing the theoretical material, the course also includes a practical laboratory where students will use SageMath to study and implement various aspects of SQIsign. Where (in presence): Department of Mathematics, University of Trento (IT) Via Sommarive, 5, 38123, Trento (online): https://unitn.zoom.us/j/88902079708 (Passcode: 532383) When: From May 19, 2025 to May 28, 2025 Detailed Program: Monday 19/05 10:30 - 12:30 (Room A205) & 14:30 - 16:30 (Room A221) Tuesday 20/05 10:30 - 12:30 (Room A215) & 14:30 - 16:30 (Room A213) Wednesday 21/05 10:30 - 12:30 (Room A218) & 14:30 - 16:30 (Room A215) Thursday 22/05 10:30 - 12:30 (Room A209) & 14:30 - 16:30 (Room A220) Friday 23/05 10:30 - 12:30 (Room A215) & 14:30 - 16:30 (Room A215) Tuesday 27/05 11:30 - 12:30 – Q&A, optional (Room A218) Wednesday 28/05 11:30 - 12:30 – Q&A, optional (Room A218)
1 2