Paper 2025/379
A Complete Security Proof of SQIsign
, Aarhus University, IBM Research Europe, Zürich, Switzerland, IBM Research Europe, Zürich, Switzerland, IBM Research India, Bangalore, India, ENS de Lyon, CNRS, UMPA, UMR 5669, Lyon, FranceAbstract
SQIsign is the leading digital signature from isogenies. Despite the many improvements that have appeared in the literature, all its recents variants lack a complete security proof. In this work, we provide the first full security proof of SQIsign, as submitted to the second round of NIST's on-ramp track for digital signatures. To do so, we introduce a new framework, which we call Fiat-Shamir with hints, that captures all those protocols where the simulator needs additional information to simulate a transcript. Using this framework, we show that SQIsign is EUF-CMA secure in the ROM, assuming the hardness of the One Endomorphism problem with hints, or the hardness of the Full Endomorphism Ring problem with hints together with a hint indistinguishability assumption; all assumptions, unlike previous ones in the literature, are non-interactive. Along the way, we prove several intermediate results that may be of independent interest.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint.
- Keywords
- Post-quantumIsogeniesSQIsignSecurity Proof
- Contact author(s)
-
maardal @ cs au dk
andrea basso @ ibm com
crypto25 @ defeo lu
sikhar patranabis @ ibm com
benjamin wesolowski @ ens-lyon fr - History
- 2025-03-04: approved
- 2025-02-27: received
- See all versions
- Short URL
- https://ia.cr/2025/379
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/379,
author = {Marius A. Aardal and Andrea Basso and Luca De Feo and Sikhar Patranabis and Benjamin Wesolowski},
title = {A Complete Security Proof of {SQIsign}},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/379},
year = {2025},
url = {https://eprint.iacr.org/2025/379}
}
