Paper 2022/1479

A Note on Constructing SIDH-PoK-based Signatures after Castryck-Decru Attack

Jesús-Javier Chi-Domínguez, Technology Innovation Institute

In spite of the wave of devastating attacks on SIDH, started by Castryck-Decru (Eurocrypt 2023), there is still interest in constructing quantum secure SIDH Proofs of Knowledge (PoKs). For instance, SIDH PoKs for the Fixed Degree Relation, aim to prove the knowledge of a fixed degree d isogeny ω between the elliptic curve E0 and the public keys E1, E2. In such cases, the public keys consist of only the elliptic curves (without image of auxiliary points), which suggests that the Castryck- Decru-like attack does not apply these scenarios. In this paper we focus on the SIDH proof of knowledge of De Feo, Dobson, Galbraith, and Zobernig (Asiacrypt 2022); more precisely, we focus on their first 3-special soundness construction. In this work, we explicitly describe an optimized recoverable Σ-protocol based on their 3-special soundness SIDH-PoK. We also analyze the impact of building a signature scheme based on the optimized protocol and study the impact of moving to B-SIDH and G2SIDH setups, on the signature sizes.

Note: Minor fix concerning G2SIDH size; Minor improvements concerning sizes; Move G2SIDH to Appendix; Fix few typos; Refactor for a better presentation

Available format(s)
Public-key cryptography
Publication info
Isogeny-based cryptographyProof-of-KnowledgeSigma protocolSignature schemeRecoverable Sigma protocol
Contact author(s)
jesus dominguez @ tii ae
2023-07-31: last of 6 revisions
2022-10-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jesús-Javier Chi-Domínguez},
      title = {A Note on Constructing {SIDH}-{PoK}-based Signatures after Castryck-Decru Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1479},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.