A zero-knowledge argument for arithmetic circuit satisfiability with a communication complexity that grows logarithmically in the size of the circuit and an optimized version of the constant round square root complexity argument of Groth CRYPTO 2009, which reduces both communication and round complexity.Expand

A highly efficient instantiation of the generic construction in the random oracle model is given by meticulously combining Camenisch's group signature scheme CRYPTO 1997 with a generalization of the one-out-of-many proofs of knowledge by Groth and Kohlweiss EUROCRYPT 2015.Expand

This work gives a very powerful active attack on the supersingular isogeny encryption scheme, and shows that the security of all schemes of this type depends on the difficulty of computing the endomorphism ring of asupersingular elliptic curve.Expand

Two new Verifiable Delay Functions (VDF) based on assumptions from elliptic curve cryptography are presented and their practicality is demonstrated with a proof-of-concept implementation.Expand

This paper revisits a class of polynomial systems introduced by Faugere, Perret, Petit and Renault and conjecture that their degrees of regularity are only slightly larger than the original degrees of the equations, resulting in a very low complexity compared to generic systems.Expand

A probabilistic algorithm which, for a given left $\mathcal{O}$ -ideal, computes a representative in its left ideal class of $\ell $ -power norm, which solves the underlying problem for a quaternion analog of the Charlesâ€“Gorenâ€“Lauter hash function, and has security implications for the original CGL construction in terms of supersingular elliptic curves.Expand

Two signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves are presented, both of them based on interactive identification protocols that lead to signatures that are existentially unforgeable under chosen message attacks.Expand

There is a recent trend in cryptography to construct protocols based on the hardness of computing isogenies between supersingular elliptic curves. Two prominent examples are Jao-De Feoâ€™s key exchangeâ€¦ Expand

This work believes this work provides a first interesting example of the way the algorithmic design of a cryptographic scheme influences its side-channel resistance.Expand

A new signature scheme, SQISign, (for Short Quaternion and Isogeny Signature) from isogeny graphs of supersingular elliptic curves of known endomorphism rings is introduced, and it is proved that the resulting identification protocol is zero-knowledge.Expand