Simon-Philipp Merz

About me

I am a post-doctoral researcher in the Applied Cryptography Group of Kenny Paterson at ETH Zürich.

Previously, I did my PhD in the Information Security Group at Royal Holloway, University of London, under the supervision of Simon R. Blackburn and Christophe Petit. My doctoral research concentrated on post-quantum cryptography and cryptanalysis with a special focus on isogeny-based cryptography.

More generally, I am interested in theoretical and practical aspects of post-quantum cryptography and cryptanalysis, computational number theory and various applications of pure mathematics to cryptography.

During the summer of 2022, I interned at IBM Research Zürich in the Foundations of cryptography group under the supervision of Luca De Feo.

Before doing the PhD, I obtained a BSc in Mathematics from the Free University of Berlin, an MSc in Pure Mathematics from Imperial College London and an MSc in Mathematics and Foundations of Computer Science from the University of Oxford.

Publications

• Improved algorithms for finding fixed-degree isogenies between supersingular elliptic curves,
  B. Benčina, P. Kutas, S.‑P. Merz, C. Petit, M. Stopar, C. Weitkämper
  To appear at CRYPTO 2024, ePrint 2023/1618.
• Weak instances of class group action based cryptography via self-pairings,
  W. Castryck, M. Houben, S.‑P. Merz, M. Mula, S. van Buuren, F. Vercauteren
  CRYPTO 2023, ePrint 2023/549.
• SCALLOP: scaling the CSI-FiSh,
  L. De Feo, T.B. Fouotsa, P. Kutas, A. Leroux, S.‑P. Merz, L. Panny, B. Wesolowski
  PKC 2023, ePrint 2023/058.
• Failing to hash into supersingular isogeny graphs,
  J. Booher, R. Bowden, J. Doliskani, T.B. Fouotsa, S.D. Galbraith, S. Kunzweiler, S.‑P. Merz, C. Petit, B. Smith, K.E. Stange, Y.B. Ti, C. Vincent, J.F. Voloch, C. Weitkämper, L. Zobernig, The Computer Journal / CFAIL, ePrint 2022/518.
• On the Isogeny Problem with Torsion Point Information,
  T.B. Fouotsa, P. Kutas, S.‑P. Merz, Y.B. Ti
  PKC 2022, ePrint 2021/153.
• Cryptanalysis of an oblivious PRF from supersingular isogenies,
  A. Basso, P. Kutas, S.‑P. Merz, C. Petit, A. Sanso
  ASIACRYPT 2021, ePrint 2021/706.
• One-way functions and malleability oracles: Hidden shift attacks on isogeny-based protocols,
  P. Kutas, S.‑P. Merz, C. Petit, C. Weitkämper
  EUROCRYPT 2021, ePrint 2021/282.
• On Index Calculus Algorithms for Subfield Curves,
  S.D. Galbraith, R. Granger, S.‑P. Merz, C. Petit
  SAC 2020, ePrint 2020/1315.
• On Adaptive Attacks against Jao-Urbanik's Isogeny-Based Protocol,
  A. Basso, P. Kutas, S.‑P. Merz, C. Petit, C. Weitkämper
  AFRICACRYPT 2020, ePrint 2020/244.
• Another look at some isogeny hardness assumptions,
  S.‑P. Merz, R. Minko, C. Petit
  CT-RSA 2020, ePrint 2019/950.
• Factoring Products of Braids via Garside Normal Form,

  S.‑P. Merz, C. Petit
  PKC 2019, ePrint 2018/1142.

Talks

• Isogeny Club (virtual), 27 February 2024.
  SCALLOP: a somewhat scalable effective group action from isogenies, slides.
• PKC 2023, Atlanta (USA), 8 May 2023.
  SCALLOP: scaling the CSI-FiSh, slides.
• iC2 Seminar, Wollongong (virtual), 24 August 2022.
  Introduction to isogeny-based cryptography, OPRFs and recent cryptanalysis.
• Eötvös Loránd University, Budapest (HUN), 28 July 2022.
  Cryptanalysis of some isogeny-based hardness assumptions.
• IBM Isogeny Day, IBM Research, Zürich (CHE), 07 July 2022.
  Oblivious PRFs from Supersingular Isogenies, slides.
• CWI Student Seminar, CWI Amsterdam, Amsterdam (virtual), 25 March 2022.
  Cryptanalysis of an Oblivious PRF from Supersingular Isogenies, slides.
• Post-Quantum Cryptography Workshop, Birmingham (GBR), 22 March 2022.
  SIDH and its Applications, slides.
• Isogeny-based Cryptography Workshop, Birmingham (GBR), 16 March 2022.
  SIDH and its Applications, slides.
• ISG Research Seminar, Royal Holloway, Egham (virtual), 10 March 2022.
  Cryptanalysis of an Oblivious PRF from Supersingular Isogenies, slides.
• ASIACRYPT 2021, Singapore (virtual), 7 December 2021.
  Cryptanalysis of an Oblivious PRF from Supersingular Isogenies, slides.
• EUROCRYPT 2021, Zagreb (HRV), 18 October 2021.
  One-way functions and malleability oracles: Hidden shift attacks on isogeny-based protocols, slides.
• SAC 2020, Halifax, Nova Scotia (virtual), 23 October 2020.
  On Index Calculus Algorithms for Subfield Curves, slides.
• CT-RSA 2020, San Francisco (USA), 27 February 2020.
  Another look at some isogeny hardness assumptions, slides.
• ISF World Congress 2019, Dublin (IRL), 26 October 2019.
  Invited talk on mathematical problems underlying elliptic curve and isogeny-based cryptography.
• PKC 2019, Beijing (CHN), 16 April 2019.
  Factoring Products of Braids via Garside Normal Form, slides.

Teaching and Refereeing

• Computational Mathematics (FU Berlin), winter semester 2015-2016.
• Algorithms and Probability (ETH Zürich), spring semester 2024.