Talks and presentations

In this talk, we present an efficient recipe to lift an isogeny defined over a finite field of characteristic p to an isogeny over a p-adic field, with arbitrarily high precision. This recipe is general and applies to all isogeny representations used in isogeny-based cryptography (e.g. Vélu chains, HD representations). As an application, we adapt the approach of Satoh’s point counting algorithm to the problem of computing traces of separable endomorphisms of elliptic curves over finite fields by p-adically lifting these endomorphisms. The resulting trace computation algorithm is faster than the Schoof-style state-of-the-art. Based on joint work with Lorenz Panny and Damien Robert.

Pairings are an important tool in elliptic curve- and isogeny-based cryptography. We show pairing computations can be practical even over generic elliptic curves and field characteristics without optimized parameters, via an approach proposed by Robert (2024). Using cubical arithmetic on an elliptic curve, resulting from a small adjustment to standard projective x-only point arithmetic, pairing information comes as a direct by-product of Montgomery ladders. Cubical pairings are simpler and more performant than state-of-the-art pairings computed using Miller’s algorithm, in the case of generic base fields and curves. We observe speedups in use-cases in isogeny based cryptography (around 1.7x in SQIsign, 1.075x in CSIDH) and we discuss the practicality of the new approach when applied to other contexts.

Discussion of eprint 2025/672, with focus on the relevant aspects to pairing-based cryptography.

Pairings are an important tool in elliptic curve- and isogeny-based cryptography. We show pairing computations can be practical even over generic elliptic curves and field characteristics without optimized parameters, via an approach proposed by Robert (2024). Using cubical arithmetic on an elliptic curve, resulting from a small adjustment to standard projective x-only point arithmetic, pairing information comes as a direct by-product of Montgomery ladders. Cubical pairings are simpler and more performant than state-of-the-art pairings computed using Miller’s algorithm, in the case of generic base fields and curves. We observe speedups in use-cases in isogeny based cryptography (around 1.7x in SQIsign, 1.075x in CSIDH) and we discuss the practicality of the new approach when applied to other contexts.