Maria Corte-Real Santos

And we also have a QROM proof!

GitHub - mariascrs/PRISM_v2: A C implementation of PRISM v2 (the salted variant). A C implementation of PRISM v2 (the salted variant). - mariascrs/PRISM_v2

The second variant (salt-PRISM) is implemented in C.

We find that signing is between 1.4 and 1.6 times faster than SQIsign, whereas verification is between 1.2 times slower to 1.01
times faster.

Notably, for Level V, salt-PRISM is faster than SQIsign in both.

github.com/mariascrs/PR...

New PRISM improvements 🥳

We extended our PRISM paper to present two new variants: one that achieves strong unforgeability, and another that allows for smaller parameters and therefore faster signatures!

eprint.iacr.org/2026/443.pdf

📢📢📢 𝐌𝐚𝐆𝐈𝐂 𝟐𝟎𝟐𝟔

𝐌𝐚𝐫𝐜𝐡𝐞 𝐖𝐨𝐫𝐤𝐬𝐡𝐨𝐩 𝐨𝐧 𝐆𝐫𝐨𝐮𝐩 𝐀𝐜𝐭𝐢𝐨𝐧𝐬 𝐢𝐧 𝐂𝐫𝐲𝐩𝐭𝐨𝐠𝐫𝐚𝐩𝐡𝐲

In May 5-8, let's all gather together to speak about Group Actions!

Early registration until March 8!

Organized with Marco Baldi, @bsky.defeo.lu, @giacomoborin.bsky.social, @andreavbasso.bsky.social

magic-workshop.github.io

The IACR board sent a survey to members last year, and it took us a while to analyze the results and publish findings. You can see them at iacr.org/surveyresults/

The Isogeny Club #7.4 Ihara zeta functions of abstract isogeny graphs and modular curves YouTube video by The Isogeny Club

Catch up on last weeks Isogeny Club talk! We welcomed Eli Orvis who taught us about abstract isogeny graphs: www.youtube.com/watch?v=Gzcc...

The Isogeny Club #7.2 Counting l-isogenies with different modular polynomials YouTube video by The Isogeny Club

Last week at The Isogeny Club we had a great talk by Sebastian Spindler about modular curves! Check it out here: www.youtube.com/watch?v=EDU7...

Be sure to join us again next Tuesday at the usual time :) isogeny.club

The Isogeny Club #7.1 Large smooth twins from short lattice vectors YouTube video by The Isogeny Club

For those who missed it, the recording is live! www.youtube.com/watch?v=lvhh...

The Isogeny Club Season 7 starts today! At 5pm CEST, Bruno Sterner will talk about finding large smooth twins from short lattice vectors. More details at isogeny.club

Announcing The Isogeny Problems!

A curated list of the seven foremost unsolved problems in isogeny-based cryptography. Solving one of these profound questions would mark a monumental advance, and as a resolver you'd get eternal honor and epic rewards!

Full list: isogeni.es/problems

And you solve the failure rate problem, which was a big source of trouble in the previous implementation. And the new algorithm is simpler to implement!

So very exciting result! (Although I had been spoiled already by @jonathan.isogeny.club talk at Bordeaux in May :))

TL;DR: we solve norm equations in a better way and get around a 2x improvement to IdealToIsogeny routines crucial in both SQIsign and PRISM.

Abstract. We present several new algorithms to evaluate modular polynomials of level ℓ modulo a prime p on an input j. More precisely, we introduce two new generic algorithms, sharing the following similarities: they are based on a CRT approach; they make use of supersingular curves and the Deuring correspondence; and, their memory requirements are optimal. The first algorithm combines the ideas behind a hybrid algorithm of Sutherland in 2013 with a recent algorithm to compute modular polynomials using supersingular curves introduced in 2023 by Leroux. The complexity (holding around several plausible heuristic assumptions) of the resulting algorithm matches the O(ℓ³log³ℓ+ℓlogp) time complexity of the best known algorithm by Sutherland, but has an optimal memory requirement. Our second algorithm is based on a sub-algorithm that can evaluate modular polynomials efficiently on supersingular j-invariants defined over 𝔽_(p), and achieves heuristic complexity quadratic in both ℓ and log j, and linear in log p. In particular, it is the first generic algorithm with optimal memory requirement to obtain a quadratic complexity in~ℓ. Additionally, we show how to adapt our method to the computation of other types of modular polynomials such as the one stemming from Weber’s function. Finally, we provide an optimised implementation of the two algorithms detailed in this paper, though we emphasise that various modules in our codebase may find applications outside their use in this paper.

Image showing part 2 of abstract.

Evaluation of Modular Polynomials from Supersingular Elliptic Curves (Maria Corte-Real Santos, Jonathan Komada Eriksen, Antonin Leroux, Michael Meyer, Lorenz Panny) ia.cr/2025/1154

Registration for the Leuven Isogeny Days 6 is now open!
📅 10–12 Sept 2025 @ KU Leuven
Morning: research talks
Afternoon: brainstorming sessions
More info: www.esat.kuleuven.be/cosic/projec...
#isogeny #isocrypt #erc #postquantum

We (finally) published all the material from this course on SQIsign, including lecture slides and exercise sheets for the Sage laboratory. Available here: github.com/andreavico/S...

Registrations for the Decrypting Diversity Summit are open:

decryptingdiversity.com/registration/

The event's focus is to develop actions to better support underrepresented groups in cryptography while showcasing the exceptional career paths and research contributions of these communities.

🥇The paper "PRISM: Simple And Compact Identification and Signatures From Large Prime Degree Isogenies", co-authored by COSIC, has won the best paper award at @IACR_News #PKC 2025 in Røros, Norway. #pkc2025
Link: link.springer.com/chapter/10.1...

The SQIparty starts on Monday, but it's still time to register!

We prepared an exciting program for you with a balanced mix of talks, coding sprints, skillshares and other activities!

www.cig.udl.cat/SQIparty2025...

See you in Lleida!

The mystery guest and myself have made it to Paris! Next stop, Barcelona!

As a surprise for everyone attending, we will even have a mystery guest joining us as well, who you don't want to miss! In fact, we have already started the train journey from Leuven!

Curious about the mystery guest? Well, what are you waiting for, sign up and find out next weekend!

Good news is that we're still accepting brainstorm topics!! If you have a brainstorm idea, send us a short description by email !

Season 6 of the Isogeny Club is officially done! You can catch up with all the talks here: isogeny.club

If, like us, you haven't had enough isogenies for the term, be sure to join us at the Brainstorm Sessions affiliated with Eurocrypt: isogeny.club/eurocrypt

There will be a poster session for which we have an open call for abstract submissions (closing this weekend): decryptingdiversity.com/program/

The posters can be of scientific nature and/or of more community centred nature. Hope to see you all there!

Really excited to share the Decrypting Diversity Summit happening in Montpellier, France from 17-20 June! The goal of the summit is to promote diversity, inclusivity, and gender equality within the cryptography community. For more info: decryptingdiversity.com

Registration is now open! www.cig.udl.cat/SQIparty2025...

sad to have missed it this time!!

Lleida is very well connected by train to Barcelona (1 hour) and to Madrid (2 hours).

Ideal to get acclimated to tapas before going to Eurocrypt and to the Isogeny brainstorm! isogeny.club/eurocrypt

bsky.app/profile/icas...

Cathedral of La Seu Vella in Lleida

Fancy some isogeny crypto?

Join us for a 3-day workshop on isogeny-based cryptography in Lleida, Catalonia, April 28-30

www.cig.udl.cat/icrypto2025_...

Brought to you by ULleida's Cryptography+Graphs group, the SQIsign team and friends!

Registration and program coming soon
Registration is free!

the monoDOOM challenge is awesome

the ever growing pile of "to read" papers...