more compact representation of isogeny paths

Question

more compact representation of isogeny paths

Closed this issue 5 years ago · 2 comments

As it stands, I use the representation number 2. (on page 7) of isogeny paths, whereby every other j-invariant is sent. My understanding is that significantly smaller signature sizes could be achieved using one of the other methods, e.g. number 3. This could be a good task for the future.

Answer 1 · 2019-02-20T03:00:17.000Z

Another good task could be to properly serialize all isogeny paths into (hexademical) bytes, instead of printing / reading the naive LiDIA sting representations.

Answer 2 · 2019-09-30T12:28:22.000Z

completed (at least the original comment, that is) by d989fc7. there is somewhat of a performance cost during signing and verifying, as modular polynomials must now be factored (though they split over F_p^2 so it's not bad). As a side benefit, signature size is much smaller. In fact, for lambda = 8, absent this fix the sizes were so large that Unruh transform demanded nonexistently-large hashes (i.e., the numbers N_0 and N_1 from GPS were > 512 bits).

Proper serialization is still in order, but I'll close the issue for now.