Research

We show that Montgomery ladders compute pairings as a by-product, and explain how a small adjustment to the ladder results in simple and efficient algorithms for the Weil and Tate pairing on elliptic curves using cubical arithmetic. We demonstrate the efficiency of the resulting cubical pairings in several applications from isogeny-based cryptography. Cubical pairings are simpler and more performant than pairings computed using Miller’s algorithm: we get a speed-up of over 40 per cent for use-cases in SQIsign, and a speed-up of about 7 per cent for use-cases in CSIDH. While these results arise from a deep connection to biextensions and cubical arithmetic, in this article we keep things as concrete (and digestible) as possible. We provide a concise and complete introduction to cubical arithmetic as an appendix.

Published in IACR Communications In Cryptology, Volume 2, no. 2, 2025

In a recent preprint, Grigoriev, Monico, and Shpilrain proposed a digital signature protocol based on the use of matrices over the tropical integer semiring. We show some design flaws of the proposed scheme, together with an efficient attack to forge signatures for an arbitrary message, and a key-recovery attack when given access to a list of honest signatures.

Published in Cryptology ePrint Archive, 2026

We demonstrate a general and efficient technique to Hensel-lift a solution to a system of (p‑adically analytic) equations which may be given implicitly in the form of an efficient evaluation algorithm. Contrary to textbook Hensel lifting, we do not require the equations to be represented explicitly; indeed, our main application uses the method for a system of equations that can be exponentially larger than its representation as an arithmetic circuit: we show how to compute traces of elliptic-curve endomorphisms over a finite field GF(q) by constructing an (approximate) lift to Z_q. Our examples include endomorphisms represented as a chain of Vélu, √élu, modular, or radical isogenies, as well as HD‑embedded endomorphisms. The resulting trace-computation algorithm outperforms the state of the art both asymptotically and concretely.

Published in Cryptology ePrint Archive, 2026

Arithmetic on abelian varieties via the use of algebraic theta functions. Algorithms describing the group law, $(2,\dots,2)$-isogenies, pairings. Application of these algorithms on SQIsign2D verification.

SageMath implementation of pairings on genus-2 Jacobians using cubical arithmetic on theta coordinates