Paper 2019/1288

Threshold Schemes from Isogeny Assumptions

Luca De Feo and Michael Meyer


We initiate the study of threshold schemes based on the Hard Homogeneous Spaces (HHS) framework of Couveignes. Quantum-resistant HHS based on supersingular isogeny graphs have recently become usable thanks to the record class group precomputation performed for the signature scheme CSI-FiSh. Using the HHS equivalent of the technique of Shamir's secret sharing in the exponents, we adapt isogeny based schemes to the threshold setting. In particular we present threshold versions of the CSIDH public key encryption, and the CSI-FiSh signature schemes. The main highlight is a threshold version of CSI-FiSh which runs almost as fast as the original scheme, for message sizes as low as 1880 B, public key sizes as low as 128 B, and thresholds up to 56; other speed-size-threshold compromises are possible.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in PKC 2020
Threshold cryptographyHard homogeneous spacesIsogeny-based cryptographyCSIDHCSI-FiSh
Contact author(s)
luca de-feo @ uvsq fr
michael meyer @ hs-rm de
2020-02-07: revised
2019-11-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Luca De Feo and Michael Meyer},
      title = {Threshold Schemes from Isogeny Assumptions},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1288},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.