My research is in the area of elliptic curve cryptography and related number-theoretic questions. I am interested in new cryptographic primitives, new algorithms in computational number theory, new protocols, efficient implementation, and cryptanalysis. The focus of my recent work is on post-quantum cryptography and isogeny-based cryptosystems.

Journal articles

  1. Towards isogeny-based password-authenticated key establishment, with O. Taraskin, V. Soukharev, and J. LeGrow, J. Math. Cryptol. 15(1):18-30, 2021, doi:10.1515/jmc-2020-0071 ( (open access).
  2. x-only point addition formula and faster compressed SIKE (, with G. Pereira and J. Doliskani, J. Cryptogr. Eng. (2020), doi:10.1007/s13389-020-00245-4 (
  3. A subexponential-time, polynomial quantum space algorithm for inverting the CM group action, with J. LeGrow, C. Leonardi, and L. Ruiz-Lopez, J. Math. Cryptol. 14(1):129-138, 2020, doi:10.1515/jmc-2015-0057 ( (open access).
  4. New Techniques for SIDH-based NIKE, with D. Urbanik, J. Math. Cryptol. 14(1):120-128, 2020, doi:10.1515/jmc-2015-0056 ( (open access).
  5. ARMv8 SIKE: Optimized Supersingular Isogeny Key Encapsulation on ARMv8 processors (, with A. Jalali, R. Azarderakhsh, M. Mozaffari Kermani, and M. Campagna, IEEE Trans. Circuits Syst. I, Reg. Papers 66(11):4209-4218, 2019, doi:10.1109/TCSI.2019.2920869 (
  6. Supersingular Isogeny Diffie-Hellman Key Exchange on 64-bit ARM (, with A. Jalali, R. Azarderakhsh, and M. Mozaffari-Kermani, IEEE T. Depend. Secure. 16(5):902-912, 2019, doi:10.1109/TDSC.2017.2723891 (
  7. Fast software implementation of bilinear pairings (, with R. Azarderakhsh, D. Fishbein, G. Grewal, S. Hu, P. Longa, and R. Verma, IEEE T. Depend. Secure. 14(6):605-619, 2017, doi:10.1109/TDSC.2015.2507120 (
  8. Post-quantum cryptography on FPGA based on isogenies on elliptic curves (, with B. Koziel, R. Azarderakhsh, and M. Mozaffari-Kermani, IEEE Trans. Circuits Syst. I, Reg. Papers 64(1):86-99, 2017, doi:10.1109/TCSI.2016.2611561 (
  9. Common subexpression algorithms for space-complexity reduction of Gaussian normal basis multiplication (, with R. Azarderakhsh and H. Lee, IEEE Trans. Inf. Theory 61(5):2357-2369, 2015, doi:10.1109/TIT.2015.2409833 (
  10. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies (, with L. De Feo and J. Plût, J. Math. Cryptol. 8(3):209-247, 2014, doi:10.1515/jmc-2012-0015 (
  11. Constructing elliptic curve isogenies in quantum subexponential time (, with A. Childs and V. Soukharev, J. Math. Cryptol. 8(1):1-29, 2014, doi:10.1515/jmc-2012-0016 ( Errata: Remark 5.5 in the arXiv version (respectively, Remark 4.6 in the published version) is incorrect as stated. For full discussion see section 7.0.1. See also subsequent work of doi:10.1515/jmc-2015-0057 (
  12. Expander graphs based on GRH with an application to elliptic curve cryptography (, with S. D. Miller and R. Venkatesan, J. Number Theory 129(6):1491-1504, 2009, doi:10.1016/j.jnt.2008.11.006 (
  13. Supersingular primes for points on X0(p) / wp (https:../../wiki/images/d/df/Jnt-2005.pdf), J. Number Theory 113(2):208-225, 2005, doi:10.1016/j.jnt.2004.09.002 (

Refereed conference proceedings

  1. Towards post-quantum key-updatable public-key encryption via supersingular isogenies (, with E. Eaton, C. Komlo, and Y. Mokrani, SAC 2021, pp. 461-482, doi:10.1007/978-3-030-99277-4_22 (
  2. How not to create an isogeny-based PAKE (, with R. Azarderakhsh, D. Jao, B. Koziel, J. LeGrow, V. Soukharev, and O. Taraskin, ACNS 2020, pp. 169-186, doi:10.1007/978-3-030-57808-4_9 (
  3. Improved digital signatures based on elliptic curve endomorphism rings, with X. Xu, C. Leonardi, A. Teh, K. Wang, W. Yu, and R. Azarderakhsh, ISPEC 2019, pp. 293-309, doi:10.1007/978-3-030-34339-2_16 (
  4. Towards optimized and constant-time CSIDH on embedded devices (, with A. Jalali, R. Azarderakhsh, and M. Mozaffari-Kermani, COSADE 2019, pp. 215-231, doi:10.1007/978-3-030-16350-1_12 (
  5. EdSIDH: Supersingular Isogeny Diffie-Hellman key exchange on Edwards curves (https:../../wiki/images/f/ff/Space-2018.pdf), with R. Azarderakhsh, E. Bakos Lang, and B. Koziel, SPACE 2018, pp. 125-141, doi:10.1007/978-3-030-05072-6_8 (
  6. SoK: The problem landscape of SIDH (, with D. Urbanik, AsiaPKC 2018, pp. 53-60, doi:10.1145/3197507.3197516 (
  7. An exposure model for Supersingular Isogeny Diffie-Hellman key exchange (https:../../wiki/images/f/f0/Ctrsa-2018.pdf), with B. Koziel and R. Azarderakhsh, CT-RSA 2018, pp. 452-469, doi:10.1007/978-3-319-76953-0_24 (
  8. Post-quantum static-static key agreement using multiple protocol instances (, with R. Azarderakhsh and C. Leonardi, SAC 2017, pp. 45-63, doi:10.1007/978-3-319-72565-9_3 (
  9. Side-channel attacks on quantum-resistant Supersingular Isogeny Diffie-Hellman (, with B. Koziel and R. Azarderakhsh, SAC 2017, pp. 64-81, doi:10.1007/978-3-319-72565-9_4 (
  10. Efficient compression of SIDH public keys (, with C. Costello, P. Longa, M. Naehrig, J. Renes, and D. Urbanik, Eurocrypt 2017, Part I, pp. 679-706, doi:10.1007/978-3-319-56620-7_24 ( (source code (
  11. A post-quantum digital signature scheme based on supersingular isogenies (, with Y. Yoo, R. Azarderakhsh, A. Jalali, and V. Soukharev, FC 2017, pp. 163-181, doi:10.1007/978-3-319-70972-7_9 ( (source code (
  12. On fast calculation of addition chains for isogeny-based cryptography (, with B. Koziel, R. Azarderakhsh, and M. Mozaffari-Kermani, Inscrypt 2016, pp. 323-342, doi:10.1007/978-3-319-54705-3_20 (
  13. NEON-SIDH: Efficient implementation of supersingular isogeny Diffie-Hellman key exchange protocol on ARM (, with B. Koziel, R. Azarderakhsh, A. Jalali, and M. Mozaffari-Kermani, CANS 2016, pp. 88-103, doi:10.1007/978-3-319-48965-0_6 ( (source code (
  14. Key compression for isogeny-based cryptosystems (, with R. Azarderakhsh, K. Kalach, B. Koziel, and C. Leonardi, AsiaPKC 2016, pp. 1-10, doi:10.1145/2898420.2898421 (
  15. Post-quantum security models for authenticated encryption (, with V. Soukharev and S. Seshadri, PQCrypto 2016, pp. 64-78, doi:10.1007/978-3-319-29360-8_5 (
  16. A quantum algorithm for computing isogenies between supersingular elliptic curves (, with J. F. Biasse and A. Sankar, Indocrypt 2014, pp. 428-442, doi:10.1007/978-3-319-13039-2_25 (
  17. Isogeny-based quantum-resistant undeniable signatures (, with V. Soukharev, PQCrypto 2014, pp. 160-179, doi:10.1007/978-3-319-11659-4_10 ( Note: The hardness assumptions in this paper have been completely broken, and the scheme itself partially broken, by 2019/950 (
  18. Efficient implementation of bilinear pairings on ARM processors (, with G. Grewal, R. Azarderakhsh, P. Longa, and S. Hu, SAC 2012, pp. 149-165, doi:10.1007/978-3-642-35999-6_11 ( Source code: projective (https:../../relicproj.tar.gz) pairings, affine (https:../../relicaffine.tar.gz) pairings, ARM assembly (https:../../gmp.tar.gz) code, and improved ARM assembly code (https:../../thesis-code.tar.bz2) from D. Fishbein's thesis (
  19. Publicly verifiable secret sharing for cloud-based key management (https:../../wiki/images/9/9c/Indocrypt11.pdf), with R. D'Souza, I. Mironov, and O. Pandey, Indocrypt 2011, pp. 290-309, doi:10.1007/978-3-642-25578-6_21 (
  20. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies (, with L. De Feo, PQCrypto 2011, pp. 19-34, doi:10.1007/978-3-642-25405-5_2 (
  21. A subexponential algorithm for evaluating large degree isogenies (, with V. Soukharev, ANTS IX, pp. 219-233, doi:10.1007/978-3-642-14518-6_19 (
  22. A study of two-party certificateless authenticated key-agreement protocols (https:../../wiki/images/1/1a/Indocrypt09.pdf), with C. Swanson, Indocrypt 2009, pp. 57-71, doi:10.1007/978-3-642-10628-6_4 (
  23. Boneh-Boyen signatures and the Strong Diffie-Hellman problem (, with K. Yoshida, Pairing 2009, pp. 1-16, doi:10.1007/978-3-642-03298-1_1 (
  24. Speeding up pairing computations on genus 2 hyperelliptic curves with efficiently computable automorphisms (https:../../wiki/images/1/1a/Pairing-2008.pdf), with X. Fan and G. Gong, Pairing 2008, pp. 243-264, doi:10.1007/978-3-540-85538-5_17 (
  25. Efficient pairing computation on genus 2 curves in projective coordinates (https:../../wiki/images/b/b5/Sac-2008.pdf), with X. Fan and G. Gong, SAC 2008, pp. 18-34, doi:10.1007/978-3-642-04159-4_2 (
  26. On the bits of elliptic curve Diffie-Hellman keys (https:../../wiki/images/8/82/Indocrypt-2007.pdf), with D. Jetchev and R. Venkatesan, Indocrypt 2007, pp. 33-47, doi:10.1007/978-3-540-77026-8_4 (
  27. Digit set randomization in elliptic curve cryptography (https:../../wiki/images/0/0a/Saga-2007.pdf), with S. R. Raju and R. Venkatesan, SAGA 2007, pp. 105-117, doi:10.1007/978-3-540-74871-7_10 (
  28. Do all elliptic curves of the same order have the same difficulty of discrete log? (https:../../wiki/images/9/91/Asiacrypt-2005.pdf), with S. D. Miller and R. Venkatesan, Asiacrypt 2005, pp. 21-40, doi:10.1007/11593447_2 (
  29. Applications of secure electronic voting to automated privacy-preserving troubleshooting (https:../../wiki/images/2/2e/Ccs-2005.pdf), with Q. Huang and H. J. Wang, CCS 2005, pp. 68-80, doi:10.1145/1102120.1102132 (

Book chapters

  1. Elliptic curve cryptography (https:../../wiki/images/a/a1/Handbook.pdf), in Handbook of Information and Communication Security, pp. 35-57, doi:10.1007/978-3-642-04117-4_3 (

Workshop proceedings

  1. Isogeny-based cryptography on mobile devices (, with D. Fishbein, Proceedings of the 1st ETSI workshop on quantum-safe cryptography (, 2013. (source code (https:../../thesis-code.tar.bz2))
  2. Constructing elliptic curve isogenies in quantum subexponential time (, with A. Childs and V. Soukharev, 14th Workshop on Quantum Information Processing (, 2011.


  1. Systems and protocols for anonymous mobile payments with personal secure devices (, with A. T. Vassilev and D. P. Jetchev, United States patent application no. 2013/0138571 (filed September 25, 2008).
  2. Privacy-preserving data aggregation using homomorphic encryption (, with H. J. Wang and Q. Huang, United States patent 7856100 (issued December 21, 2010).
  3. Aggregating information from a cluster of peers (, with H. J. Wang, N. Borisov, and Q. Huang, United States patent 7743123 (issued June 22, 2010).
  4. Randomized sparse formats for efficient and secure computation on elliptic curves (, with R. Venkatesan, P. Montgomery, and S. R. Raju, United States patent 7664258 (issued February 16, 2010).
  5. Systems and methods for generation and validation of isogeny-based signatures (, with P. Montgomery, R. Venkatesan, and V. Boyko, United States patent 7617397 (issued November 10, 2009); CIPO patent CA 2517807 ( (issued May 13, 2014).
  6. Determining cardinality of a parameter using hash values (, with H. J. Wang, N. Borisov, and Q. Huang, United States patent 7584182 (issued September 1, 2009).
  7. Use of isogenies for design of cryptosystems (, with R. Venkatesan, United States patent 7499544 (issued March 3, 2009); CIPO patent CA 2483486 ( (issued December 24, 2013).