Abstract
The digital signature schemes that have been
proposed so far in the setting of the Supersingular Isogeny
Diffie-Hellman scheme (SIDH) were obtained by turning an
interactive identification protocol by De Feo, Jao and Plût into
non-interactive schemes. The security of the resulting schemes
is therefore deduced from that of the base identification
protocol. In this talk, we revisit the proofs that have appeared
in the literature for the special soundness property of the
above-mentioned SIDH-based identification protocol. The
existence of some special cycles in supersingular isogeny graphs
make such previous proofs fail.