Paper 2026/906

An analysis of a weakened version of PRISM

Jolijn Cottaar, Eindhoven University of Technology
Steven D. Galbraith, University of Auckland
Luciano Maino, University of Birmingham
Monika Trimoska, Eindhoven University of Technology
Abstract

PRISM (PKC25) is a hash-and-sign signature scheme whose security relies on the hardness of computing large-prime-degree isogenies originating from a curve of unknown endomorphism ring. In PRISM, the degree of such isogenies is obtained by hashing messages onto a set of large odd integers that pass a primality test. In this work, we investigate the impact of the choice of primality test on the security of PRISM. We first show that when a weak primality test is used, the assumption underlying the security proof in the standard model does not hold. We then extend our analysis to the assumption used in the security proof in the (quantum) random oracle model. In this setting, we argue that the Miller-Rabin test suffices and estimate the minimal number of iterations required for PRISM to achieve the desired security level, thus minimising signing costs.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Contact author(s)
jolijncottaar @ gmail com
s galbraith @ auckland ac nz
l maino @ bham ac uk
m trimoska @ tue nl
History
2026-05-10: approved
2026-05-08: received
See all versions
Short URL
https://ia.cr/2026/906
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2026/906,
      author = {Jolijn Cottaar and Steven D. Galbraith and Luciano Maino and Monika Trimoska},
      title = {An analysis of a weakened version of {PRISM}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/906},
      year = {2026},
      url = {https://eprint.iacr.org/2026/906}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.