Improved Digital Signatures Based on Elliptic Curve Endomorphism Rings

Abstract

In AsiaCrypt 2017, Galbraith-Petit-Silva proposed a digital signature scheme based on the problem of computing the endomorphism ring of a supersingular elliptic curve. This problem is more standard than that of the De Feo-Jao-Plût SIDH scheme, since it lacks the auxiliary points which lead to the adaptive active attack of Galbraith-Petit-Shani-Ti. The GPS signature scheme applies the Fiat-Shamir or Unruh transformation to the raw identification protocol obtained from the endomorphism ring problem, and makes use of the Kohel-Lauter-Petit-Tignol quaternion isogeny path algorithm to find a new ideal. However, the GPS signature scheme is not very practical. In this paper, we take a first step towards quantifying the efficiency of the GPS signature scheme. We propose some improvements in the underlying algorithms for the GPS scheme, along with a new method which trades off key size for signature size to decrease the signature size from around 11 kB to 1 kB at the 128-bit security level by using multi-bit challenges. We also provide a concrete implementation of the GPS signature scheme using Sage and CoCalc.