We present signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves. We give two schemes, both of them based on interactive identification protocols. The first identification protocol is due to De Feo, Jao and Plût. The second one, and the main contribution of the paper, makes novel use of an algorithm of Kohel, Lauter, Petit and Tignol for the quaternion version of the $$\ell $$ ℓ -isogeny problem, for which we provide a more complete description and analysis, and is based on a more standard and potentially stronger computational problem. Both identification protocols lead to signatures that are existentially unforgeable under chosen message attacks in the random oracle model using the well-known Fiat-Shamir transform, and in the quantum random oracle model using another transform due to Unruh. A version of the first signature scheme was independently published by Yoo, Azarderakhsh, Jalali, Jao and Soukharev. This is the full version of a paper published at ASIACRYPT 2017.

中文翻译：

---

基于超奇异同基因问题的识别协议和签名方案

我们提出了签名方案，其安全性依赖于与超奇异椭圆曲线的同基因图相关的计算假设。我们给出了两种方案，它们都基于交互式识别协议。第一个识别协议归功于 De Feo、Jao 和 Plût。第二个，也是本文的主要贡献，新颖地使用了 Kohel、Lauter、Petit 和 Tignol 的算法来解决 $$\ell $$ ℓ -isogeny 问题的四元数版本，为此我们提供了一个更完整的描述和分析，并基于更标准和潜在更强的计算问题。两种识别协议都导致签名在使用众所周知的 Fiat-Shamir 变换的随机预言机模型中的选定消息攻击下是不可伪造的，在量子随机预言模型中，由于 Unruh 使用了另一个变换。Yoo、Azarderakhsh、Jalali、Jao 和 Soukharev 独立出版了第一个签名方案的一个版本。这是 ASIACRYPT 2017 上发表的论文的完整版本。