Lorenz Panny recently wrote a detailed and interesting blog post with the title CSI‑FiSh really isn’t polynomial‑time. The purpose of this post is to give some more context and discussion, and mention some recent papers. CSIDH is an isogeny-based primitive. … Continue reading → Go to Source

(Apologies I wrote this quickly and there may be typos.) The paper Dlog is Practically as Hard (or Easy) as DH – Solving Dlogs via DH Oracles on EC Standards by Alexander May and Carl Richard Theodor Schneider seems to … Continue reading → Go to Source

A new version of the NIST Federal Information Processing Standard (FIPS) for Digital Signatures has been published. Also see here. This version includes EdDSA. There are (at least) two notable features of EdDSA. First, it is more closely related to … Continue reading → Go to Source

You may feel like you are having trouble keeping up with the news on SIDH/SIKE. So am I! I hope this blog post doesn’t instantly become obsolete due to new advances. To recall, there are now three preprints giving attacks … Continue reading → Go to Source

The paper An efficient key recovery attack on SIDH by Wouter Castryck and Thomas Decru is a major breakthrough in isogeny cryptanalysis. This relates to the SIDH protocol by Jao and De Feo, and the NIST round 4 finalist SIKE. … Continue reading → Go to Source

I woke up to the news of a new form of timing-side-channel attack based on the dynamic frequency scaling of modern x86 processors. This is the Hertzbleed attack, which will be presented at the USENIX Security Symposium in Boston in … Continue reading → Go to Source