Paper 2026/906
An analysis of a weakened version of PRISM
Abstract
PRISM (PKC25) is a hash-and-sign signature scheme whose security relies on the hardness of computing large-prime-degree isogenies originating from a curve of unknown endomorphism ring. In PRISM, the degree of such isogenies is obtained by hashing messages onto a set of large odd integers that pass a primality test. In this work, we investigate the impact of the choice of primality test on the security of PRISM. We first show that when a weak primality test is used, the assumption underlying the security proof in the standard model does not hold. We then extend our analysis to the assumption used in the security proof in the (quantum) random oracle model. In this setting, we argue that the Miller-Rabin test suffices and estimate the minimal number of iterations required for PRISM to achieve the desired security level, thus minimising signing costs.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Contact author(s)
-
jolijncottaar @ gmail com
s galbraith @ auckland ac nz
l maino @ bham ac uk
m trimoska @ tue nl - History
- 2026-05-10: approved
- 2026-05-08: received
- See all versions
- Short URL
- https://ia.cr/2026/906
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2026/906,
author = {Jolijn Cottaar and Steven D. Galbraith and Luciano Maino and Monika Trimoska},
title = {An analysis of a weakened version of {PRISM}},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/906},
year = {2026},
url = {https://eprint.iacr.org/2026/906}
}