Andrea Basso
University of Bristol, IBM Research Europe

Pierrick Dartois
University of Bordeaux, Inria Bordeaux

Luca De Feo
IBM Research Europe

Antonin Leroux
DGA-MI

Luciano Maino
University of Bristol

Giacomo Pope
NCC Group

Damien Robert
University of Bordeaux, Inria Bordeaux

Benjamin Wesolowski
ENS de Lyon

Keywords: Isogenies, Post-quantum, and Signatures.

Abstract

We introduce SQIsign2D-West, a variant of SQIsign using two-dimensional isogeny representations.

SQIsignHD was the first variant of SQIsign to use higher dimensional isogeny representations. Its eight-dimensional variant is geared towards provable security but is deemed unpractical. Its four-dimensional variant is geared towards efficiency and has significantly faster signing times than SQIsign, but considerably slower verification owing to the complexity of the four-dimensional representation. Its authors commented on the apparent difficulty of getting any improvement over SQIsign by using two-dimensional representations.

In this work, we introduce new algorithmic tools that make two-dimensional representations a viable alternative. These lead to a signature scheme with sizes comparable to SQIsignHD, slightly slower signing than SQIsignHD but still much faster than SQIsign, and the fastest verification of any known variant of SQIsign. We achieve this without compromising on the security proof: the assumptions behind SQIsign2D-West are similar to those of the eight-dimensional variant of SQIsignHD. Additionally, like SQIsignHD, SQIsign2D-West favourably scales to high levels of security.

Concretely, for NIST level I we achieve signing times of 80ms and verifying times of 4.5ms, using optimised arithmetic based on intrinsics available to the Ice Lake architecture. For NIST level V, we achieve 470ms for signing and 31ms for verifying.