Compact Isogeny PQC can replace HD wallets, key-tweaking, silent payments

In exploring the nuances of zero-knowledge proofs of knowledge (zkpok) and their relation to isogenies, a significant distinction emerges between the perceived functionality of isogenies and their actual cryptographic utility. Isogenies themselves are not inherently one-way functions as previously assumed. The ability to invert an isogeny given its application on a point suggests that, contrary to initial beliefs, knowing how to compute the isogeny allows for its inversion, challenging the notion that isogenies serve directly as one-way functions. However, an alternative perspective considers the codomain of an isogeny as a potential one-way function, contingent upon the assumption that solving the Supersingular Isogeny Path Problem (SIPP) is computationally hard. This perspective underscores that while the output curve of an isogeny can be determined, reconstructing the isogeny from its codomain presents a significant challenge.

The discussion progresses to address the non-homomorphic nature of isogenies when examining their addition or composition in the context of elliptic curves. Although isogenies can be added or composed under specific conditions, such operations do not lend themselves to a homomorphic property with respect to the codomain function of isogenies, primarily due to the complexity involved in "composing" elliptic curves in a manner that meaningfully connects them through an isogeny path. This complexity is further exemplified by the challenges associated with connecting arbitrary elliptic curves through isogeny paths without revealing secret data, a task likened to solving the SIPP. The inherent difficulty in establishing a homomorphic relationship or composing curves in this manner highlights the intricate structure of isogenies and their resistance to quantum computer attacks, attributed to the absence of an abelian structure between curves.

Further exploration into sigma identification protocols, specifically comparing Schnorr and SQIsign protocols, illuminates the application of isogenies within cryptographic schemes. Both protocols demonstrate the principle of proving knowledge of a witness for a given statement, albeit through different mechanisms and parameters. This comparison draws attention to the underlying sigma relations and commitment-challenge-response sequences that define each protocol, revealing the adaptability of isogeny-based signatures within cryptographic frameworks.

Concerns regarding the long-term security and viability of isogeny-based cryptographic schemes emerge, particularly in light of assumptions made beyond the hardness of the SIPP. Questions surrounding the ease of generating isogenies of arbitrary degrees and the potential information leakage about a curve's endomorphism ring prompt critical examination of current security proofs and assumptions. The contrasting security foundations of SQIsign and PRISM, alongside speculative cryptanalytic breakthroughs, underscore the ongoing debate and research into the robustness of isogeny-based cryptography against both classical and quantum computational advances. The discourse culminates in acknowledging the intricate relationship between foundational problems like SIPP and ERP, and the broader implications for cryptographic schemes leveraging isogenies, highlighting the dynamic and evolving landscape of cryptographic research and its challenges.