Unconditional foundations for supersingular isogeny-based cryptography

Arthur Herl\'edan Le Merdy (ENS de Lyon; UMPA-ENSL); Benjamin Wesolowski (ENS de Lyon; CNRS; UMPA-ENSL)

arXiv:2502.17010·cs.CR·February 3, 2026

Unconditional foundations for supersingular isogeny-based cryptography

Arthur Herl\'edan Le Merdy (ENS de Lyon, UMPA-ENSL), Benjamin Wesolowski (ENS de Lyon, CNRS, UMPA-ENSL)

PDF

TL;DR

This paper establishes unconditionally that key problems in supersingular isogeny-based cryptography are computationally equivalent and hard on average, strengthening the theoretical foundations of this cryptographic approach.

Contribution

It provides the first unconditional polynomial-time reductions showing equivalence among core problems in supersingular isogeny cryptography, extending the understanding of their average-case hardness.

Findings

01

Proved unconditional polynomial-time reductions between Isogeny, EndRing, MaxOrder, and HomModule problems.

02

Extended the equivalence to average-case hardness for random instances.

03

Strengthened the theoretical basis for the security assumptions in isogeny-based cryptography.

Abstract

In this paper, we prove that the supersingular isogeny problem (Isogeny), endomorphism ring problem (EndRing) and maximal order problem (MaxOrder) are equivalent under probabilistic polynomial time reductions, unconditionally. Isogeny-based cryptography is founded on the presumed hardness of these problems, and their interconnection is at the heart of the design and analysis of cryptosystems like the SQIsign digital signature scheme. Previously known reductions relied on unproven assumptions such as the generalized Riemann hypothesis. In this work, we present unconditional reductions, and extend this network of equivalences to the problem of computing the lattice of all isogenies between two supersingular elliptic curves (HomModule). For cryptographic applications, one requires computational problems to be hard on average for random instances. It is well-known that if Isogeny is hard…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.