Faster SeaSign Signatures Through Improved Rejection Sampling

  • Thomas DecruEmail author
  • Lorenz Panny
  • Frederik Vercauteren
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11505)


We speed up the isogeny-based “SeaSign” signature scheme recently proposed by De Feo and Galbraith. The core idea in SeaSign is to apply the “Fiat–Shamir with aborts” transform to the parallel repeated execution of an identification scheme based on CSIDH. We optimize this general transform by allowing the prover to not answer a limited number of said parallel executions, thereby lowering the overall probability of rejection. The performance improvement ranges between factors of approximately 4.4 and 65.7 for various instantiations of the scheme, at the expense of roughly doubling the signature sizes.


Isogeny-based cryptography Signatures SeaSign Rejection sampling Group actions 



We are thankful to Steven Galbraith for his observation about shorter signatures in Remark 2, and to Taechan Kim for pointing out an error in an earlier version of the script in Appendix A.

Supplementary material


  1. 1.
    Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIA-CRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). Scholar
  2. 2.
    Couveignes, J.M.: Hard homogeneous spaces. IACR Cryptology ePrint Archive 2006/291 (1997).
  3. 3.
    De Feo, L.: Mathematics of isogeny based cryptography (2017).
  4. 4.
    De Feo, L., Galbraith, S.D.: SeaSign: compact isogeny signatures from class group actions. IACR Cryptology ePrint Archive 2018/824 (2018).
  5. 5.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). Scholar
  6. 6.
    Jao, D., et al.: SIKE. Submission to [10].
  7. 7.
    Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). Scholar
  8. 8.
    Lyubashevsky, V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIA-CRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009). Scholar
  9. 9.
    Meyer, M., Reith, S.: A faster way to the CSIDH. In: Chakraborty, D., Iwata, T. (eds.) INDOCRYPT 2018. LNCS, vol. 11356, pp. 137–152. Springer, Cham (2018). Scholar
  10. 10.
    National Institute of Standards and Technology. Post-quantum cryptography standardization, December 2016.
  11. 11.
    Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. IACR Cryptology ePrint Archive 2006/145 (2006).
  12. 12.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). Scholar
  13. 13.
    Stolbunov, A.: Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Adv. Math. Commun. 4(2), 215–235 (2010)MathSciNetCrossRefGoogle Scholar
  14. 14.
    The Sage Developers. SageMath, the sage mathematics software system (version 8.4) (2018).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Thomas Decru
    • 1
    Email author
  • Lorenz Panny
    • 2
  • Frederik Vercauteren
    • 1
  1. 1.imec-COSIC, ESAT, KU LeuvenLeuvenBelgium
  2. 2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenThe Netherlands

Personalised recommendations