This post is about the paper A polynomial time attack on instances of M-SIDH and FESTA by Wouter Castryck and Frederik Vercauteren. As we all know, SIDH was broken in 2022 by using knowledge of exact images of torsion points … Continue reading → Go to Source

(Apologies I wrote this quickly and there may be typos.) The paper Dlog is Practically as Hard (or Easy) as DH – Solving Dlogs via DH Oracles on EC Standards by Alexander May and Carl Richard Theodor Schneider seems to … Continue reading → Go to Source

Lorenz Panny recently wrote a detailed and interesting blog post with the title CSI‑FiSh really isn’t polynomial‑time. The purpose of this post is to give some more context and discussion, and mention some recent papers. CSIDH is an isogeny-based primitive. … Continue reading → Go to Source

The paper An efficient key recovery attack on SIDH by Wouter Castryck and Thomas Decru is a major breakthrough in isogeny cryptanalysis. This relates to the SIDH protocol by Jao and De Feo, and the NIST round 4 finalist SIKE. … Continue reading → Go to Source

You may feel like you are having trouble keeping up with the news on SIDH/SIKE. So am I! I hope this blog post doesn’t instantly become obsolete due to new advances. To recall, there are now three preprints giving attacks … Continue reading → Go to Source

A new version of the NIST Federal Information Processing Standard (FIPS) for Digital Signatures has been published. Also see here. This version includes EdDSA. There are (at least) two notable features of EdDSA. First, it is more closely related to … Continue reading → Go to Source

I woke up to the news of a new form of timing-side-channel attack based on the dynamic frequency scaling of modern x86 processors. This is the Hertzbleed attack, which will be presented at the USENIX Security Symposium in Boston in … Continue reading → Go to Source