International Association for Cryptologic Research

International Association
for Cryptologic Research

Advances in Cryptology – ASIACRYPT 2025

Qlapoti: Simple and Efficient Translation of Quaternion Ideals to Isogenies


Giacomo Borin
IBM Research Zurich and University of Zurich, Switzerland

Maria Corte-Real Santos
ENS de Lyon, CNRS, UMPA, France

Jonathan Komada Eriksen
COSIC, KU Leuven, Belgium

Riccardo Invernizzi
COSIC, KU Leuven, Belgium

Marzio Mula
University of the Bundeswehr Munich, Germany

Sina Schaeffler
IBM Research Zurich and ETH Zurich, Switzerland

Frederik Vercauteren
COSIC, KU Leuven, Belgium


Keywords: Isogeny-based cryptography, quaternion algebras, ideal to isogeny translation, SQIsign, PRISM


Abstract

The main building block in isogeny-based cryptography is an algorithmic version of the Deuring correspondence, called IdealToIsogeny. This algorithm takes as input left ideals of the endomorphism ring of a supersingular elliptic curve and computes the associated isogeny. Building on ideas from QFESTA, the Clapoti framework by Page and Robert reduces this problem to solving a certain norm equation. The current state of the art is however unable to efficiently solve this equation, and resorts to a relaxed version of it instead. This impacts not only the efficiency of the IdealToIsogeny procedure, but also its success probability. The latter issue has to be mitigated with complex and memory-heavy rerandomization procedures, but still leaves a gap between the security analysis and the actual implementation of cryptographic schemes employing IdealToIsogenyas a subroutine. For instance, in SQIsign the failure probability is still $2^{-60}$ which is not cryptographically negligible.

The main contribution of this paper is a very simple and efficient algorithm called Qlapoti which approaches the norm equation from Clapoti directly, solving all the aforementioned problems at once. First, it makes the IdealToIsogeny subroutine between $2.2$ and $2.6$ times faster. This significantly improves the speed of schemes using this subroutine, including notably SQIsign and PRISM. On top of that, Qlapoti has a cryptographically negligible failure probability. This eliminates the need for rerandomization, drastically reducing memory consumption, and allows for cleaner security reductions.

Publication

Advances in Cryptology – ASIACRYPT 2025. ASIACRYPT 2025. Lecture Notes in Computer Science, vol 16248. Springer, Singapore.

Paper

Artifact

Artifact number
asiacrypt/2025/a6

Artifact published
December 31, 2025

Badge
IACR Artifacts Functional

README

ZIP (2294850 Bytes)  

View on Github

License
This work is licensed under the Apache License, Version 2.0.

Some files in this archive are licensed under a different license. See the contents of this archive for more information.

Note that license information is supplied by the authors and has not been confirmed by the IACR.

BibTeX How to cite

Borin, G. et al. (2026). Qlapoti: Simple and Efficient Translation of Quaternion Ideals to Isogenies. In: Hanaoka, G., Yang, BY. (eds) Advances in Cryptology – ASIACRYPT 2025. ASIACRYPT 2025. Lecture Notes in Computer Science, vol 16248. Springer, Singapore. https://doi.org/10.1007/978-981-95-5113-2_6. Artifact available at https://artifacts.iacr.org/asiacrypt/2025/a6