Craig Costello

Principal Researcher at Microsoft Research in Redmond, Washington.

Main interests are applications of computational number theory to cryptography: elliptic and hyperelliptic curve cryptography, pairing-based cryptography, isogenies, and zero-knowledge proofs.

Publications

Craig Costello and Gaurish Korpal. Lollipops of pairing-friendly elliptic curves for composition of proof systems. Preprint.
Maria Corte-Real Santos, Craig Costello, and Michael Naehrig. On cycles of pairing-friendly abelian varieties. CRYPTO 2024. Full version.
Maria Corte-Real Santos, Craig Costello, and Benjamin Smith. Efficient (3,3)-isogenies on fast Kummer surfaces. ANTS XVI, to appear.
Maria Corte-Real Santos, Craig Costello, and Sam Frengley. An algorithm for efficient detection of (N, N)-splittings and its application to the isogeny problem in dimension 2. PKC2024. Best Paper Award. Full version.
Giacomo Bruno, Maria Corte-Real Santos, Craig Costello, Jonathan Komada Eriksen, Michael Meyer, Michael Naehrig, and Bruno Sterner. Cryptographic Smooth Neighbors. ASIACRYPT 2023. Full version.
Maria Corte-Real Santos, Craig Costello and Jia Shi. Accelerating the Delfs-Galbraith algorithm with fast subfield root detection. CRYPTO 2022. Full version.
Craig Costello. The Case for SIKE: A Decade of the Supersingular Isogeny Problem. The NIST 3rd Post-Quantum Cryptography Standardization Conference. White paper.
Craig Costello, Michael Meyer and Michael Naehrig. Sieving for twin smooth integers with solutions to the Prouhet-Tarry-Escott problem. EUROCRYPT 2021. Full version.
Craig Costello. B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion. ASIACRYPT 2020. Full version.
Craig Costello and Benjamin Smith. The supersingular isogeny problem in genus 2 and beyond. PQCrypto 2020. Full version.
Craig Costello, Patrick Longa, Michael Naehrig, Joost Renes and Fernando Virdia. Improved classical cryptanalysis of SIKE in practice. PKC 2020. Full version.
Craig Costello. Supersingular isogeny key exchange for beginners. Invited paper at SAC 2019. Full version.
Craig Costello. Computing supersingular isogenies on Kummer surfaces. ASIACRYPT 2018. Full version.
Craig Costello and Huseyin Hisil. A simple and compact algorithm for SIDH with arbitrary degree isogenies. ASIACRYPT 2017. Full version.
Craig Costello and Benjamin Smith. Montgomery curves and their arithmetic: the case of large characteristic fields. Special issue of Journal of Cryptographic Engineering in tribute to Peter L. Montgomery, 2017. Full version.
Craig Costello, David Jao, Patrick Longa, Michael Naehrig, Joost Renes and David Urbanik. Efficient compression of SIDH public keys. EUROCRYPT 2017. Full version.
Joppe Bos, Craig Costello, Léo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan and Douglas Stebila. Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE. ACM CCS 2016. Full version.
Craig Costello, Patrick Longa and Michael Naehrig. Efficient algorithms for supersingular isogeny Diffie-Hellman. CRYPTO 2016. Full version.
Joost Renes, Craig Costello and Lejla Batina. Complete addition formulas for prime order elliptic curves. EUROCRYPT 2016. Full version.
Ping Ngai Chung, Craig Costello and Benjamin Smith. Fast, Uniform Scalar Multiplication for Genus 2 Jacobians with Fast Kummers. SAC 2016. Full version.
Craig Costello and Patrick Longa. FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime. ASIACRYPT 2015. Full version.
Paulo S. L. M. Barreto, Craig Costello, Rafael Misoczki, Michael Naehrig, Geovandro C. C. F. Pereira and Gustavo Zanon. Subgroup security in pairing-based cryptography. LATINCRYPT 2015. Full version.
Craig Costello, Cedric Fournet, Jon Howell, Markulf Kohlweiss, Benjamin Kreuter, Michael Naehrig, Bryan Parno, and Samee Zahur. Gepetto: Versatile Verifiable Computation. IEEE S&P2015. Full version.
Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. IEEE S&P2015. Full version.
Joppe W. Bos, Craig Costello, Patrick Longa, and Michael Naehrig. Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis. Journal of Cryptographic Engineering, 2015. Full version.
Huseyin Hisil and Craig Costello. Jacobian Coordinates on Genus 2 Curves. ASIACRYPT 2014 and Journal of Cryptology. Full version.
Craig Costello, Alyson Deines-Schartz, Kristin Lauter, and Tonghai Yang. Constructing Abelian Surfaces for Cryptography via Rosenhain Invariants. ANTS 2014. Full version.
Craig Costello, Huseyin Hisil, and Benjamin Smith. Faster Compact Diffie-Hellman: Endomorphisms on the x-line. EUROCRYPT 2014. Full version.
Joppe W. Bos, Craig Costello, and Andrea Miele. Elliptic and Hyperelliptic Curves: a Practical Security Analysis. PKC 2014. Full version.
Joppe W. Bos, Craig Costello, and Michael Naehrig. Exponentiating in Pairing Groups. SAC 2013. Full version.
Joppe W. Bos, Craig Costello, Huseyin Hisil and Kristin Lauter. High-Performance Scalar Multiplication using 8-Dimensional GLV/GLS Decomposition. CHES 2013. Full version.
Joppe W. Bos, Craig Costello, Huseyin Hisil and Kristin Lauter. Fast Cryptography in Genus 2. EUROCRYPT 2013 and the Journal of Cryptology. Full version.
Craig Costello. Fast formulas for computing cryptographic pairings. Ph.D. thesis.
Craig Costello, Kristin Lauter, and Michael Naehrig. Attractive subfamilies of BLS Curves for Implementing High-Security Pairings. INDOCRYPT 2011. Full version.
Craig Costello and Kristin Lauter. Group Law Computations on Jacobians of Hyperelliptic Curves. SAC 2011. Full version.
Craig Costello and Douglas Stebila. Fixed Argument Pairings. LATINCRYPT 2010. Full version.
Craig Costello, Colin Boyd, Juan Manuel Gonzalez Nieto, and Kenneth Koon-Ho Wong. Delaying mismatched field multiplications in pairing computations. WAIFI 2010. Full version.
Craig Costello, Colin Boyd, Juanma Gonzalez-Nieto, and Kenneth Koon-Ho Wong. Avoiding full extension field arithmetic in pairing computations. AFRICACRYPT 2010. Full version.
Craig Costello, Tanja Lange, and Michael Naehrig. Faster pairing computations on curves with high-degree twists. PKC 2010. Full version.
Craig Costello, Huseyin Hisil, Colin Boyd, Juan Manuel Gonzalez Nieto, and Kenneth Koon-Ho Wong. Faster pairings on special Weierstrass curves. PAIRING 2009. Full version

Talks

On cycles of pairing-friendly abelian varieties. CRYPTO 2024. August 2024. Video.
Finding twin smooth integers. RMIT Cybersecurity Seminar. March 29, 2022. Video.
Post-quantum key exchange from supersingular isogenies. IPAM Summer School on Post-Quantum Cryptography, UCLA. July 26, 2022. Video.
The Case for SIKE: A Decade of the Supersingular Isogeny Problem. 2nd International Conference on Security and Privacy, November 17, 2021.
Why Hyperelliptic? Isogeny-based cryptography school, September 9, 2021.
Finding twin smooth integers for isogeny-based cryptography. University College London InfoSec Seminar, Feb 11, 2021. Video.
The Case for SIKE: A Decade of the Supersingular Isogeny Problem. NIST 3rd PQC Standardization Conference, June 2021. Video.
B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion. ASIACRYPT 2020, Dec 2020. Video.
The supersingular isogeny problem in genus 2 and beyond. PQCrypto2020, September 2020. Video.
Post-quantum cryptography: supersingular isogenies for beginners. Microsoft Research Webinar, May 2020. Video.
The state of the art in supersingular isogenies: the SIKE protocol and its cryptanalysis. Invited talk at Selected Areas of Cryptography (SAC), Waterloo, Canada – August 16, 2019.
Isogeny-based cryptography: a gentle introduction to post-quantum ECC. Tutorial at SAC Summer School, Waterloo, Canada – August 12, 2019.
A gentle introduction to elliptic curve cryptography. Tutorial at SAC Summer School, Waterloo, Canada – August 12, 2019.
SIKE Round 2. Talk at Oxford Post-Quantum Cryptography Workshop – March 20, 2019.
Classical cryptanalysis of supersingular isogenies. Talk at ASEC 2018, Adelaide, Australia – Dec 10, 2018.
Computing supersingular isogenies on Kummer surfaces. Talk at ASIACRYPT 2018, Brisbane, Australia – Dec 6, 2018.
Supersingular isogenies in cryptography. Talk at Summer School on Real World Crypto and Privacy, Šibenik, Croatia – June 15, 2018.
A gentle introduction to elliptic curve cryptography. Tutorial at Summer School on Real World Crypto and Privacy, Šibenik, Croatia – June 11, 2018.
A simple and compact algorithm for SIDH with arbitrary degree isogenies. Talk at ASIACRYPT 2017, Hong Kong, China- Dec 5, 2017. Video.
Supersingular Isogeny Key Encapsulation. Invited talk at ECC2017, Nijmegen, Netherlands – Nov 14, 2017.
An introduction to supersingular isogeny-based cryptography. Talk at ECC2017, Nijmegen, Netherlands – Nov 10, 2017.
An introduction to supersingular isogeny-based cryptography. Talk at Summer School on Real World Crypto and Privacy, Šibenik, Croatia – June 8, 2017.
A gentle introduction to elliptic curve cryptography. Tutorial at Summer School on Real World Crypto and Privacy, Šibenik, Croatia – June 5, 2017.
Post-quantum key exchange for the Internet based on lattices. Seminar at MSR India, Bangalore, India – Dec 21, 2016.
Practical post-quantum key exchange from supersingular isogenies. Invited talk at SPACE2016, University of Hyderabad, Hyderabad, India – Dec 18, 2016.
A gentle introduction to isogeny-based cryptography. Tutorial talk at SPACE2016, University of Hyderabad, Hyderabad, India – Dec 15, 2016.
A gentle introduction to elliptic curve cryptography. Tutorial talk at SPACE2016, University of Hyderabad, Hyderabad, India – Dec 15, 2016.
Post-quantum key exchange for the Internet based on lattices. Algebra seminar at University of Auckland, Auckland, New Zealand – Nov 16, 2016. Recording.
Efficient algorithms for supersingular isogeny Diffie-Hellman. Talk at CRYPTO2016, Santa Barbara, USA – Aug 17, 2016. Video.
Efficient algorithms for supersingular isogeny Diffie-Hellman. Talk at Radboud University, Nijmegen, Netherlands – May 4, 2016.
Post-quantum key exchange from ideal lattices. Talk at QUT Maths Seminars series, Brisbane, Australia – Apr 1, 2016.
An introduction to elliptic curve cryptography. Talk at QUT Maths Seminars series, Brisbane, Australia – Mar 18, 2016.
FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime. Talk at AsiaCrypt2015, Auckland, New Zealand- Nov 30, 2015.
FourQ: four-dimensional decompositions on a Q-curve. Talk at NIST Workshop on Elliptic Curve Cryptography Standards, Gaithersburg, Maryland, USA – June 12, 2015. Video.
A brief discussion on selecting new elliptic curves. Talk at NIST Workshop on Elliptic Curve Cryptography Standards, Gaithersburg, Maryland, USA – June 11, 2015. Video.
Genus 2 curves in cryptography: successes and challenges. Talk at AMS Special Session on Arithmetic Geometry, University of Nevada, Las Vegas, USA – April 20, 2015.
Post-quantum key exchange from the ring learning with errors problem. NIST Workshop on Cybersecurity in a Post-Quantum World, Gaithersburg, Maryland, USA – April 3, 2015.
Post-quantum key exchange from the ring learning with errors problem. MSR Annual Privacy Workshop, Redmond, USA – October 29, 2014.
Selecting Elliptic Curves for Cryptography: an Efficiency and Security Analysis. Invited talk at ECC2014, Ramanujan Auditorium, Chennai, India – October 9, 2014.
A quick quiz on cricket and crypto. Rump session talk at ECC2014, Ramanujan Auditorium, Chennai, India – October 8, 2014.
Deterministic Generation of Elliptic Curves (a.k.a. “NUMS” Curves). Talk at ITEF-90, Toronto, Canada – July 23, 2014.
Faster Compact Diffie-Hellman: Endomorphisms on the x-line. EuroCrypt2014, Scandic Hotel, Copenhagen, Denmark – May 12, 2014.
Faster Compact Diffie-Hellman: Endomorphisms on the x-line. MSR Annual Privacy Workshop, Redmond, USA – October 25, 2013.
The State-of-the-Art in Hyperelliptic Curve Cryptography. Workshop on Curves and Applications, Calgary, Canada – August 19, 2013.
Exponentiating in Pairing Groups. SAC2013, Simon Fraser University, Vancouver, Canada – August 16, 2013.
Faster compact Diffie-Hellman. Lunchtime talk at Microsoft Research, Redmond, USA – June 19, 2013.
Fast Cryptography in Genus 2. EuroCrypt2013, Caravel Hotel, Athens, Greece, May 27, 2013.
5 slides on hyperelliptic curve cryptography. Crypto/Security forum, Microsoft Research, Redmond, USA, March 8, 2013.
Efficient arithmetic on Jacobians of genus 2 curves. Joint Mathematics Meetings (JMM), San Diego, USA, January 12, 2013.
Efficient pairing computation at the 192-bit and 256-bit security levels. Invited talk, ECC2012, Queretaro, Mexico, October 30, 2012.
A tribute to Pierrick – Parts 1 and 2… and a tribute to Culture Club. Rump session talk, ECC2012, Queretaro, Mexico, October 29, 2012.
An introduction to elliptic curves and the computation of cryptographic pairings. Introductory course on elliptic curve cryptography, ECC2012 , Queretaro, Mexico, October 28, 2012.
Fast implementations in genus 2. Ei/Psi seminar in Utrecht, the Netherlands – October 21, 2012.
Fast crypto in genus 2. End of internship talk at Microsoft Research, Redmond, USA – August 14, 2012.
Pairings for Cryptographers. Talk at Microsoft Research, Redmond, USA – Aug 15, 2012.
Finding optimal elliptic curves for high-security pairings. Talk at Microsoft Research, Redmond, USA – June 21, 20.
Fast formulas for computing cryptographic pairings. Phd final (defense) seminar, Queensland University of Technology, Australia, May 21, 2012.
Attractive subfamilies of BLS curves for implementing high-security pairings. IndoCrypt2011, Ramanujan Auditorium, Institute of Mathematical Sciences, Chennai, India, December 13, 2011.
Computing cryptographic pairings – the state of the art. Seminar at University of California, Irvine, November 2, 2010.
Fixed argument pairings. LatinCrypt2010, Baroque Hall, Puebla, Mexico, August 9, 2010.
An introduction to computing cryptographic pairings. Invited talk at Izmir Yasar University, Izmir, Turkey, July 1, 2010.
Delaying mismatched field multiplications in pairing computation. WAIFI 2010, Istanbul, Turkey, June, 2010.
Faster pairing computations on curves with high-degree twists. PKC2010, Ecole Normale Superieure, Paris, France, May 27, 2010. Video.
Avoiding full extension field arithmetic in pairing computations. Africacrypt2010, Stellenbosch Institute for Advanced Studies, Stellenbosch, South Africa, May 4, 2010.
Faster pairings on special Weierstrass curves. Pairing2009, Stanford University, Palo Alto, USA, August 14, 2009.

Principal Researcher at Microsoft Research in Redmond, Washington. Main interests are applications of computational number theory to cryptography: elliptic and hyperelliptic curve cryptography, pairing-based cryptography, isogenies, and zero-knowledge proofs.

Publications

Craig Costello and Gaurish Korpal. Lollipops of pairing-friendly elliptic curves for composition of proof systems. Preprint.

Maria Corte-Real Santos, Craig Costello, and Michael Naehrig. On cycles of pairing-friendly abelian varieties. CRYPTO 2024. Full version.

Maria Corte-Real Santos, Craig Costello, and Benjamin Smith. Efficient (3,3)-isogenies on fast Kummer surfaces. ANTS XVI, to appear.

Maria Corte-Real Santos, Craig Costello, and Sam Frengley. An algorithm for efficient detection of (N, N)-splittings and its application to the isogeny problem in dimension 2. PKC2024. Best Paper Award. Full version.

Giacomo Bruno, Maria Corte-Real Santos, Craig Costello, Jonathan Komada Eriksen, Michael Meyer, Michael Naehrig, and Bruno Sterner. Cryptographic Smooth Neighbors. ASIACRYPT 2023. Full version.

Maria Corte-Real Santos, Craig Costello and Jia Shi. Accelerating the Delfs-Galbraith algorithm with fast subfield root detection. CRYPTO 2022. Full version.

Craig Costello. The Case for SIKE: A Decade of the Supersingular Isogeny Problem. The NIST 3rd Post-Quantum Cryptography Standardization Conference. White paper.

Craig Costello, Michael Meyer and Michael Naehrig. Sieving for twin smooth integers with solutions to the Prouhet-Tarry-Escott problem. EUROCRYPT 2021. Full version.

Craig Costello. B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion. ASIACRYPT 2020. Full version.

Craig Costello and Benjamin Smith. The supersingular isogeny problem in genus 2 and beyond. PQCrypto 2020. Full version.

Craig Costello, Patrick Longa, Michael Naehrig, Joost Renes and Fernando Virdia. Improved classical cryptanalysis of SIKE in practice. PKC 2020. Full version.

Craig Costello. Supersingular isogeny key exchange for beginners. Invited paper at SAC 2019. Full version.

Craig Costello. Computing supersingular isogenies on Kummer surfaces. ASIACRYPT 2018. Full version.

Craig Costello and Huseyin Hisil. A simple and compact algorithm for SIDH with arbitrary degree isogenies. ASIACRYPT 2017. Full version.

Craig Costello and Benjamin Smith. Montgomery curves and their arithmetic: the case of large characteristic fields. Special issue of Journal of Cryptographic Engineering in tribute to Peter L. Montgomery, 2017. Full version.

Craig Costello, David Jao, Patrick Longa, Michael Naehrig, Joost Renes and David Urbanik. Efficient compression of SIDH public keys. EUROCRYPT 2017. Full version.

Joppe Bos, Craig Costello, Léo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan and Douglas Stebila. Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE. ACM CCS 2016. Full version.

Craig Costello, Patrick Longa and Michael Naehrig. Efficient algorithms for supersingular isogeny Diffie-Hellman. CRYPTO 2016. Full version.

Joost Renes, Craig Costello and Lejla Batina. Complete addition formulas for prime order elliptic curves. EUROCRYPT 2016. Full version.

Ping Ngai Chung, Craig Costello and Benjamin Smith. Fast, Uniform Scalar Multiplication for Genus 2 Jacobians with Fast Kummers. SAC 2016. Full version.

Craig Costello and Patrick Longa. FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime. ASIACRYPT 2015. Full version.

Paulo S. L. M. Barreto, Craig Costello, Rafael Misoczki, Michael Naehrig, Geovandro C. C. F. Pereira and Gustavo Zanon. Subgroup security in pairing-based cryptography. LATINCRYPT 2015. Full version.

Craig Costello, Cedric Fournet, Jon Howell, Markulf Kohlweiss, Benjamin Kreuter, Michael Naehrig, Bryan Parno, and Samee Zahur. Gepetto: Versatile Verifiable Computation. IEEE S&P2015. Full version.

Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. IEEE S&P2015. Full version.

Joppe W. Bos, Craig Costello, Patrick Longa, and Michael Naehrig. Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis. Journal of Cryptographic Engineering, 2015. Full version.

Huseyin Hisil and Craig Costello. Jacobian Coordinates on Genus 2 Curves. ASIACRYPT 2014 and Journal of Cryptology. Full version.

Craig Costello, Alyson Deines-Schartz, Kristin Lauter, and Tonghai Yang. Constructing Abelian Surfaces for Cryptography via Rosenhain Invariants. ANTS 2014. Full version.

Craig Costello, Huseyin Hisil, and Benjamin Smith. Faster Compact Diffie-Hellman: Endomorphisms on the x-line. EUROCRYPT 2014. Full version.

Joppe W. Bos, Craig Costello, and Andrea Miele. Elliptic and Hyperelliptic Curves: a Practical Security Analysis. PKC 2014. Full version.

Joppe W. Bos, Craig Costello, and Michael Naehrig. Exponentiating in Pairing Groups. SAC 2013. Full version.

Joppe W. Bos, Craig Costello, Huseyin Hisil and Kristin Lauter. High-Performance Scalar Multiplication using 8-Dimensional GLV/GLS Decomposition. CHES 2013. Full version.

Joppe W. Bos, Craig Costello, Huseyin Hisil and Kristin Lauter. Fast Cryptography in Genus 2. EUROCRYPT 2013 and the Journal of Cryptology. Full version.

Craig Costello. Fast formulas for computing cryptographic pairings. Ph.D. thesis.

Craig Costello, Kristin Lauter, and Michael Naehrig. Attractive subfamilies of BLS Curves for Implementing High-Security Pairings. INDOCRYPT 2011. Full version.

Craig Costello and Kristin Lauter. Group Law Computations on Jacobians of Hyperelliptic Curves. SAC 2011. Full version.

Craig Costello and Douglas Stebila. Fixed Argument Pairings. LATINCRYPT 2010. Full version.

Craig Costello, Colin Boyd, Juan Manuel Gonzalez Nieto, and Kenneth Koon-Ho Wong. Delaying mismatched field multiplications in pairing computations. WAIFI 2010. Full version.

Craig Costello, Colin Boyd, Juanma Gonzalez-Nieto, and Kenneth Koon-Ho Wong. Avoiding full extension field arithmetic in pairing computations. AFRICACRYPT 2010. Full version.

Craig Costello, Tanja Lange, and Michael Naehrig. Faster pairing computations on curves with high-degree twists. PKC 2010. Full version.

Craig Costello, Huseyin Hisil, Colin Boyd, Juan Manuel Gonzalez Nieto, and Kenneth Koon-Ho Wong. Faster pairings on special Weierstrass curves. PAIRING 2009. Full version

Talks

On cycles of pairing-friendly abelian varieties. CRYPTO 2024. August 2024. Video.

Finding twin smooth integers. RMIT Cybersecurity Seminar. March 29, 2022. Video.

Post-quantum key exchange from supersingular isogenies. IPAM Summer School on Post-Quantum Cryptography, UCLA. July 26, 2022. Video.

The Case for SIKE: A Decade of the Supersingular Isogeny Problem. 2nd International Conference on Security and Privacy, November 17, 2021.

Why Hyperelliptic? Isogeny-based cryptography school, September 9, 2021.

Finding twin smooth integers for isogeny-based cryptography. University College London InfoSec Seminar, Feb 11, 2021. Video.

The Case for SIKE: A Decade of the Supersingular Isogeny Problem. NIST 3rd PQC Standardization Conference, June 2021. Video.

B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion. ASIACRYPT 2020, Dec 2020. Video.

The supersingular isogeny problem in genus 2 and beyond. PQCrypto2020, September 2020. Video.

Post-quantum cryptography: supersingular isogenies for beginners. Microsoft Research Webinar, May 2020. Video.

The state of the art in supersingular isogenies: the SIKE protocol and its cryptanalysis. Invited talk at Selected Areas of Cryptography (SAC), Waterloo, Canada – August 16, 2019.

Isogeny-based cryptography: a gentle introduction to post-quantum ECC. Tutorial at SAC Summer School, Waterloo, Canada – August 12, 2019.

A gentle introduction to elliptic curve cryptography. Tutorial at SAC Summer School, Waterloo, Canada – August 12, 2019.

SIKE Round 2. Talk at Oxford Post-Quantum Cryptography Workshop – March 20, 2019.

Classical cryptanalysis of supersingular isogenies. Talk at ASEC 2018, Adelaide, Australia – Dec 10, 2018.

Computing supersingular isogenies on Kummer surfaces. Talk at ASIACRYPT 2018, Brisbane, Australia – Dec 6, 2018.

Supersingular isogenies in cryptography. Talk at Summer School on Real World Crypto and Privacy, Šibenik, Croatia – June 15, 2018.

A gentle introduction to elliptic curve cryptography. Tutorial at Summer School on Real World Crypto and Privacy, Šibenik, Croatia – June 11, 2018.

A simple and compact algorithm for SIDH with arbitrary degree isogenies. Talk at ASIACRYPT 2017, Hong Kong, China- Dec 5, 2017. Video.

Supersingular Isogeny Key Encapsulation. Invited talk at ECC2017, Nijmegen, Netherlands – Nov 14, 2017.

An introduction to supersingular isogeny-based cryptography. Talk at ECC2017, Nijmegen, Netherlands – Nov 10, 2017.

An introduction to supersingular isogeny-based cryptography. Talk at Summer School on Real World Crypto and Privacy, Šibenik, Croatia – June 8, 2017.

A gentle introduction to elliptic curve cryptography. Tutorial at Summer School on Real World Crypto and Privacy, Šibenik, Croatia – June 5, 2017.

Post-quantum key exchange for the Internet based on lattices. Seminar at MSR India, Bangalore, India – Dec 21, 2016.

Practical post-quantum key exchange from supersingular isogenies. Invited talk at SPACE2016, University of Hyderabad, Hyderabad, India – Dec 18, 2016.

A gentle introduction to isogeny-based cryptography. Tutorial talk at SPACE2016, University of Hyderabad, Hyderabad, India – Dec 15, 2016.

A gentle introduction to elliptic curve cryptography. Tutorial talk at SPACE2016, University of Hyderabad, Hyderabad, India – Dec 15, 2016.

Post-quantum key exchange for the Internet based on lattices. Algebra seminar at University of Auckland, Auckland, New Zealand – Nov 16, 2016. Recording.

Efficient algorithms for supersingular isogeny Diffie-Hellman. Talk at CRYPTO2016, Santa Barbara, USA – Aug 17, 2016. Video.

Efficient algorithms for supersingular isogeny Diffie-Hellman. Talk at Radboud University, Nijmegen, Netherlands – May 4, 2016.

Post-quantum key exchange from ideal lattices. Talk at QUT Maths Seminars series, Brisbane, Australia – Apr 1, 2016.

An introduction to elliptic curve cryptography. Talk at QUT Maths Seminars series, Brisbane, Australia – Mar 18, 2016.

FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime. Talk at AsiaCrypt2015, Auckland, New Zealand- Nov 30, 2015.

FourQ: four-dimensional decompositions on a Q-curve. Talk at NIST Workshop on Elliptic Curve Cryptography Standards, Gaithersburg, Maryland, USA – June 12, 2015. Video.

A brief discussion on selecting new elliptic curves. Talk at NIST Workshop on Elliptic Curve Cryptography Standards, Gaithersburg, Maryland, USA – June 11, 2015. Video.

Genus 2 curves in cryptography: successes and challenges. Talk at AMS Special Session on Arithmetic Geometry, University of Nevada, Las Vegas, USA – April 20, 2015.

Post-quantum key exchange from the ring learning with errors problem. NIST Workshop on Cybersecurity in a Post-Quantum World, Gaithersburg, Maryland, USA – April 3, 2015.

Principal Researcher at Microsoft Research in Redmond, Washington.

Main interests are applications of computational number theory to cryptography: elliptic and hyperelliptic curve cryptography, pairing-based cryptography, isogenies, and zero-knowledge proofs.