Welcome to the resource topic for
**2024/1453**

**Title:**

Breaking and Repairing SQIsign2D-East

**Authors:**
Wouter Castryck, Mingjie Chen, Riccardo Invernizzi, Gioella Lorenzon, Frederik Vercauteren

**Abstract:**

We present a key recovery attack on SQIsign2D-East that reduces its security level from \lambda to \lambda/2. We exploit the fact that each signature leaks a Legendre symbol modulo the secret degree of the private key isogeny. About \lambda/2 signatures are enough for these Legendre symbols to fully determine the secret degree, which can then be recovered by exhaustive search over a set of size O(2^{\lambda/2}). Once the degree is known, the private key isogeny itself can be found, again by exhaustive search, in time \tilde{O}(2^{\lambda/2}).

We also present a new version of the protocol which does not leak any such information about the private key and show that our modified protocol is more efficient than the original one. Finally, we give a security analysis as well as a new proof of security.

**ePrint:**
https://eprint.iacr.org/2024/1453

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

**Example resources include:**
implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .