Paper 2023/433

Efficiency of SIDH-based signatures (yes, SIDH)

Wissam Ghantous, University of Oxford
Federico Pintore, University of Bari
Mattia Veroni, Norwegian University of Science and Technology

In this note we assess the efficiency of a SIDH-based digital signature built on a weakened variant of a recent identification protocol proposed by Basso et al. Despite the devastating attacks against (the mathematical problem underlying) SIDH, this identification protocol remains secure, as its security is backed by a different (and more standard) isogeny-finding problem. We conduct our analysis by applying some known cryptographic techniques to decrease the signature size by about $70\%$ for all parameter sets (obtaining signatures of approximately 21 KB for SIKEp434). Moreover, we propose a minor optimisation to compute many isogenies in parallel from the same starting curve. Our assessment confirms that the problem of designing a practical isogeny-based signature scheme remains largely open. However, concretely determine the current state of the art which future optimisations can compare to appears to be of relevance for a problem which has witnessed only small steps towards a solution.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. CIFRIS23
Post-quantum CryptographyIsogeny-based CryptographyDigital Signature
Contact author(s)
wissam ghantous @ maths ox ac uk
federico pintore @ uniba it
mattia veroni @ ntnu no
2023-08-17: last of 2 revisions
2023-03-24: received
See all versions
Short URL
No rights reserved


      author = {Wissam Ghantous and Federico Pintore and Mattia Veroni},
      title = {Efficiency of {SIDH}-based signatures (yes, {SIDH})},
      howpublished = {Cryptology ePrint Archive, Paper 2023/433},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.