Schedule
| Time slot | May 5 | May 6 | May 7 | May 8 |
|---|---|---|---|---|
| 9.00 - 10.40 |
π Invited talk Lorenz Panny: Commutative group actions from isogenies π©π»βπ« Michele Battagliola: LEAST: Linear Equivalence Action Threshold Signature π©π»βπ« Giacomo Borin, PQarrots: Post-Quantum Action for Round RObin Threshold Schemes |
π Invited talk Violetta Weger: How hard is code equivalence really? π©π»βπ« Giuseppe D'Alconzo: Linear Code Equivalence via PlΓΌcker Coordinates π©π»βπ« Ryan Rueger, CORAL: Faster Isogeny Group Action for Post-Quantum NIKE |
π©π»βπ« Paola de Perthuis, Post-Quantum Anonymous Signatures from the Lattice Isomorphism Group Action π©π»βπ« Pierrick Dartois: qt-Pegasis: effective class group action on oriented curves using 4-dimensional isogenies π©π»βπ« Sina Schaffler, Completing qt_pegasis in C: Implementing norm equation and class group π©π»βπ« Etienne Piasecki, A computational framework for principally polarized abelian varieties |
|
| 10.40 - 11.15 | β Coffee break | β Coffee break | β Coffee break | |
| 11.15 - 12.30 |
π Invited talk Krijn Reijnders: From Curves To Codes (and back again) π©π»βπ« Rahmi El Mechri: Half is Enough: halving keys through optimal representation of self-orthogonal code |
π Invited talk Yi Fu Lai Wombat: Post-Quantum Blind Signature from Standard Group Action Assumptions and More π©π»βπ« Li Quan, Sparse Random Matrices over Large Prime Fields for Data Availability Sampling: Bounds and Open Challenges |
π©π»βπ« Gioella Lorenzon, An active attack against the PEARL-SCALLOP group action π¨ Working groups final report |
|
| 12.30 - 14.00 | π Lunch | π Lunch | π Lunch | |
| 14.00 - 15.15 | π¨ Working group topics presentation | π¨ Working groups | π Heading to Rome | |
| 15.15 - 15.50 | β Coffee break | β Coffee break | π Heading to Rome | |
| 15.40 - 16.15 | π¨ Working groups | β°οΈ Social activity | π Heading to Rome | |
| 16.15 - 18.00 | π Greetings | π¨ Working groups | β°οΈ Social activity | π Heading to Rome |
| 18.00 - 19.30 | πΈπ§ Free time | πΈπ§ Free time | β°οΈ Social activity | π Heading to Rome |
| 19.30 - 21.00 | π Dinner | π Dinner | π Dinner |
Excursion
On the afternoon of Thursday, May 7th, we will have an excursion to
the Grotte di Frasassi , a cave system located close to the venue.
See here for a short teaser
We will go there with a private shuttle.
Both the transportation and the entrance
fee will be covered by the workshop sponsors.
Invited speakers
Yi-Fu Lai
Shanghai Jiao Tong University, China
Wombat: Post-Quantum Blind Signature from Standard Group Action Assumptions and More
Krijn Reijnders, From Curves To Codes (and back again)
In this talk, weβll explore constructions of cryptographic group actions, with a particular focus on code equivalence. We define cryptographic group actions and code equivalence on a high-level, and analyse some of the (advanced) protocols built using code equivalence as a building block. We then take inspiration from isogeny-based cryptography, by comparing existing constructions from both fields. Their intersection leads to interesting questions on the potential of non-commutative cryptographic group actions.
Violetta Weger, How hard is code equivalence really?
Many isomorphism problems can be naturally formulated as group actions, yet their computational complexity has been puzzling mathematicians for decades. The graph isomorphism problem is the most prominent example, it was given its own complexity class and was long believed to be hard until the breakthrough result of Babai showed that it can be solved in quasi-polynomial time. In this talk, we turn to a closely related problem: code equivalence. Given two linear codes, can we recover the hidden monomial transformation mapping one to the other? Despite its simple formulation, the true complexity of this problem remains wide open. Beyond its theoretical interest, code equivalence has recently gained attention through its role in post-quantum cryptography, where it underlies the security of the signature scheme LESS. In this talk, we survey its different variants, discuss connections to graph isomorphism and other related problems, and present an overview of known solvers and their cost, together with several directions that might finally determine how hard code equivalence really is.
Yi-Fu Lai, Wombat: Post-Quantum Blind Signature from Standard Group Action Assumptions and More
A recent work at Asiacrypt 2025 introduced a family of blind signature frameworks, collectively called Tanukis, built on non-commutative cryptographic group actions. These frameworks develop new techniques and achieve concurrent security for blind signatures. Straightforward instantiations yield compact schemes in two paradigms: an isogeny-based instantiation, based on CSI-FiSh group action, with signatures of about 4.5 KB, and a code-based instantiation, based on LESS and the code equivalence group action, with signatures around 64 KB. These are the first efficient blind signature constructions in the isogeny-based and code-based literature that support concurrent executions. Despite this advance, the Tanuki frameworks rely on a non-standard and interactive assumption, namely the so-called ``one more'' vectorization assumption. Given several structural attacks and vulnerabilities discovered in various group action instantiations, relying on non-standard assumptions can raise concerns. In this work we present a new framework that achieves concurrent security while achieving better performance, and relying only on the standard group action hardness assumption, the vectorization problem (also known as the group action inversion problem). For the LESS instantiation, we apply dedicated code-based techniques to reduce signature sizes by a factor of 14.5. These improvements come with rigorous reductions to the standard problem, do not weaken the security claims, and are directly applicable to the LESS instantiations of Tanuki. As a result, our isogeny-based and code-based instantiations yield signature sizes of 8.89 and 8.84 KB, respectively, and retain concurrent security under the standard group-action inversion assumption.
Lorenz Panny, Commutative group actions from isogenies
In this introductory presentation I will summarize the concepts underlying isogeny-based commutative group actions, such as CSIDH and its more recent cousins (qt-)PEGASIS, with a non-isogeny-expert audience in mind. If time permits, I will also sketch some of the roadblocks surrounding Kuperberg's algorithm that render a precise and reliable quantum security analysis for those schemes relatively difficult (in comparison to other constructions).