My research is in the area of elliptic curve cryptography and related number-theoretic questions. I am interested in new cryptographic primitives, new algorithms in computational number theory, new protocols, efficient implementation, and cryptanalysis. The focus of my recent work is on post-quantum cryptography and isogeny-based cryptosystems.

Journal articles

  1. Fast software implementation of bilinear pairings (, with R. Azarderakhsh, D. Fishbein, G. Grewal, S. Hu, P. Longa, and R. Verma, IEEE T. Depend. Secure. (to appear), doi:10.1109/TDSC.2015.2507120 (
  2. Post-quantum cryptography on FPGA based on isogenies on elliptic curves (, with B. Koziel, R. Azarderakhsh, and M. Kermani, IEEE Trans. Circuits Syst. I, Reg. Papers 64(1):86-99, 2017, doi:10.1109/TCSI.2016.2611561 (
  3. Common subexpression algorithms for space-complexity reduction of Gaussian normal basis multiplication (, with R. Azarderakhsh and H. Lee, IEEE Trans. Inf. Theory 61(5):2357-2369, 2015, doi:10.1109/TIT.2015.2409833 (
  4. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies (, with L. De Feo and J. Plût, J. Math. Cryptol. 8(3):209-247, 2014, doi:10.1515/jmc-2012-0015 (
  5. Constructing elliptic curve isogenies in quantum subexponential time (, with A. Childs and V. Soukharev, J. Math. Cryptol. 8(1):1-29, 2014, doi:10.1515/jmc-2012-0016 (
  6. Expander graphs based on GRH with an application to elliptic curve cryptography (, with S. D. Miller and R. Venkatesan, J. Number Theory 129(6):1491-1504, 2009, doi:10.1016/j.jnt.2008.11.006 (
  7. Supersingular primes for points on X0(p) / wp (http:../../wiki/images/d/df/Jnt-2005.pdf), J. Number Theory 113(2):208-225, 2005, doi:10.1016/j.jnt.2004.09.002 (

Refereed conference proceedings

  1. Efficient compression of SIDH public keys (, with C. Costello, P. Longa, M. Naehrig, J. Renes, and D. Urbanik, Eurocrypt 2017 (to appear).
  2. A post-quantum digital signature scheme based on supersingular isogenies (, with Y. Yoo, R. Azarderakhsh, A. Jalali, and V. Soukharev, FC 2017 (to appear).
  3. On fast calculation of addition chains for isogeny-based cryptography (, with B. Koziel, R. Azarderakhsh, and M. Mozaffari-Kermani, Inscrypt 2016, pp. 323-342, doi:10.1007/978-3-319-54705-3_20 (
  4. NEON-SIDH: Efficient implementation of supersingular isogeny Diffie-Hellman key exchange protocol on ARM (, with B. Koziel, R. Azarderakhsh, A. Jalali, and M. Mozaffari-Kermani, CANS 2016, pp. 88-103, doi:10.1007/978-3-319-48965-0_6 (
  5. Key compression for isogeny-based cryptosystems (, with R. Azarderakhsh, K. Kalach, B. Koziel, and C. Leonardi, AsiaPKC 2016, pp. 1-10, doi:10.1145/2898420.2898421 (
  6. Post-quantum security models for authenticated encryption (, with V. Soukharev and S. Seshadri, PQCrypto 2016, pp. 64-78, doi:10.1007/978-3-319-29360-8_5 (
  7. A quantum algorithm for computing isogenies between supersingular elliptic curves (, with J. F. Biasse and A. Sankar, Indocrypt 2014, pp. 428-442, doi:10.1007/978-3-319-13039-2_25 (
  8. Isogeny-based quantum-resistant undeniable signatures (, with V. Soukharev, PQCrypto 2014, pp. 160-179, doi:10.1007/978-3-319-11659-4_10 (
  9. Efficient implementation of bilinear pairings on ARM processors (, with G. Grewal, R. Azarderakhsh, P. Longa, and S. Hu, SAC 2012, pp. 149-165, doi:10.1007/978-3-642-35999-6_11 ( Source code: projective (http:../../relicproj.tar.gz) pairings, affine (http:../../relicaffine.tar.gz) pairings, ARM assembly (http:../../gmp.tar.gz) code, and improved ARM assembly code (http:../../thesis-code.tar.bz2) from D. Fishbein's thesis (
  10. Publicly verifiable secret sharing for cloud-based key management (http:../../wiki/images/9/9c/Indocrypt11.pdf), with R. D'Souza, I. Mironov, and O. Pandey, Indocrypt 2011, pp. 290-309, doi:10.1007/978-3-642-25578-6_21 (
  11. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies (, with L. De Feo, PQCrypto 2011, pp. 19-34, doi:10.1007/978-3-642-25405-5_2 (
  12. A subexponential algorithm for evaluating large degree isogenies (, with V. Soukharev, ANTS IX, pp. 219-233, doi:10.1007/978-3-642-14518-6_19 (
  13. A study of two-party certificateless authenticated key-agreement protocols (http:../../wiki/images/1/1a/Indocrypt09.pdf), with C. Swanson, Indocrypt 2009, pp. 57-71, doi:10.1007/978-3-642-10628-6_4 (
  14. Boneh-Boyen signatures and the Strong Diffie-Hellman problem (, with K. Yoshida, Pairing 2009, pp. 1-16, doi:10.1007/978-3-642-03298-1_1 (
  15. Speeding up pairing computations on genus 2 hyperelliptic curves with efficiently computable automorphisms (http:../../wiki/images/1/1a/Pairing-2008.pdf), with X. Fan and G. Gong, Pairing 2008, pp. 243-264, doi:10.1007/978-3-540-85538-5_17 (
  16. Efficient pairing computation on genus 2 curves in projective coordinates (http:../../wiki/images/b/b5/Sac-2008.pdf), with X. Fan and G. Gong, SAC 2008, pp. 18-34, doi:10.1007/978-3-642-04159-4_2 (
  17. On the bits of elliptic curve Diffie-Hellman keys (http:../../wiki/images/8/82/Indocrypt-2007.pdf), with D. Jetchev and R. Venkatesan, Indocrypt 2007, pp. 33-47, doi:10.1007/978-3-540-77026-8_4 (
  18. Digit set randomization in elliptic curve cryptography (http:../../wiki/images/0/0a/Saga-2007.pdf), with S. R. Raju and R. Venkatesan, SAGA 2007, pp. 105-117, doi:10.1007/978-3-540-74871-7_10 (
  19. Do all elliptic curves of the same order have the same difficulty of discrete log? (http:../../wiki/images/9/91/Asiacrypt-2005.pdf), with S. D. Miller and R. Venkatesan, Asiacrypt 2005, pp. 21-40, doi:10.1007/11593447_2 (
  20. Applications of secure electronic voting to automated privacy-preserving troubleshooting (http:../../wiki/images/2/2e/Ccs-2005.pdf), with Q. Huang and H. J. Wang, CCS 2005, pp. 68-80, doi:10.1145/1102120.1102132 (

Book chapters

  1. Elliptic curve cryptography (http:../../wiki/images/a/a1/Handbook.pdf), in Handbook of Information and Communication Security, pp. 35-57, doi:10.1007/978-3-642-04117-4_3 (

Workshop proceedings

  1. Isogeny-based cryptography on mobile devices (, with D. Fishbein, Proceedings of the 1st ETSI workshop on quantum-safe cryptography (, 2013. (source code (http:../../thesis-code.tar.bz2))
  2. Constructing elliptic curve isogenies in quantum subexponential time (, with A. Childs and V. Soukharev, 14th Workshop on Quantum Information Processing (, 2011.


  1. Systems and protocols for anonymous mobile payments with personal secure devices (, with A. T. Vassilev and D. P. Jetchev, United States patent application no. 2013/0138571 (filed September 25, 2008).
  2. Privacy-preserving data aggregation using homomorphic encryption (, with H. J. Wang and Q. Huang, United States patent 7856100 (issued December 21, 2010).
  3. Aggregating information from a cluster of peers (, with H. J. Wang, N. Borisov, and Q. Huang, United States patent 7743123 (issued June 22, 2010).
  4. Randomized sparse formats for efficient and secure computation on elliptic curves (, with R. Venkatesan, P. Montgomery, and S. R. Raju, United States patent 7664258 (issued February 16, 2010).
  5. Systems and methods for generation and validation of isogeny-based signatures (, with P. Montgomery, R. Venkatesan, and V. Boyko, United States patent 7617397 (issued November 10, 2009); CIPO patent CA 2517807 ( (issued May 13, 2014).
  6. Determining cardinality of a parameter using hash values (, with H. J. Wang, N. Borisov, and Q. Huang, United States patent 7584182 (issued September 1, 2009).
  7. Use of isogenies for design of cryptosystems (, with R. Venkatesan, United States patent 7499544 (issued March 3, 2009); CIPO patent CA 2483486 ( (issued December 24, 2013).