PRISM: Simple and Compact Identification and Signatures from Large Prime Degree Isogenies.

Abstract

The problem of computing an isogeny of large prime degree from a supersingular elliptic curve of unknown endomorphism ring is assumed to be hard both for classical as well as quantum computers. In this work, we first build a two-round identification protocol whose security reduces to this problem. The challenge consists of a random large prime $q$ and the prover simply replies with an efficient representation of an isogeny of degree $q$ from its public key. Using the hash-and-sign paradigm, we then derive a signature scheme with a very simple and flexible signing procedure and prove its security in the standard model. Our optimized C implementation of the signature scheme shows that signing is roughly $1.8\times$ faster than all SQIsign variants, whereas verification is $1.4\times$ times slower. The sizes of the public key and signature are comparable to existing schemes.

PRISM stands for PRime degree ISogeny Mechanism.

Recommended citation: Basso, A. et al. (2025). PRISM: Simple and Compact Identification and Signatures from Large Prime Degree Isogenies. Public-Key Cryptography PKC 2025. doi.org/10.1007/978-3-031-91826-1_10.
Download Paper