Simon-Philipp Merz
About me
I am a post-doctoral researcher in the Applied Cryptography Group of Kenny Paterson at ETH Zürich.
Previously, I did my PhD in the Information Security Group at Royal Holloway, University of London, under the supervision of Simon R. Blackburn and Christophe Petit. My doctoral research concentrated on post-quantum cryptography and cryptanalysis with a special focus on isogeny-based cryptography.
More generally, I am interested in theoretical and practical aspects of post-quantum cryptography and cryptanalysis, computational number theory and various applications of pure mathematics to cryptography.
During the summer of 2022, I interned at IBM Research Zürich in the Foundations of cryptography group under the supervision of Luca De Feo.
Before doing the PhD, I obtained a BSc in Mathematics from the Free University of Berlin, an MSc in Pure Mathematics from Imperial College London and an MSc in Mathematics and Foundations of Computer Science from the University of Oxford.
Publications
- Improved algorithms for finding fixed-degree isogenies between supersingular elliptic curves,
B. Benčina, P. Kutas, S.‑P. Merz, C. Petit, M. Stopar, C. Weitkämper
To appear at CRYPTO 2024, ePrint 2023/1618. - Weak instances of class group action based cryptography via self-pairings,
W. Castryck, M. Houben, S.‑P. Merz, M. Mula, S. van Buuren, F. Vercauteren
CRYPTO 2023, ePrint 2023/549. - SCALLOP: scaling the CSI-FiSh,
L. De Feo, T.B. Fouotsa, P. Kutas, A. Leroux, S.‑P. Merz, L. Panny, B. Wesolowski
PKC 2023, ePrint 2023/058. - Failing to hash into supersingular isogeny graphs,
J. Booher, R. Bowden, J. Doliskani, T.B. Fouotsa, S.D. Galbraith, S. Kunzweiler, S.‑P. Merz, C. Petit, B. Smith, K.E. Stange, Y.B. Ti, C. Vincent, J.F. Voloch, C. Weitkämper, L. Zobernig, The Computer Journal / CFAIL, ePrint 2022/518.
- On the Isogeny Problem with Torsion Point Information,
T.B. Fouotsa, P. Kutas, S.‑P. Merz, Y.B. Ti
PKC 2022, ePrint 2021/153. - Cryptanalysis of an oblivious PRF from supersingular isogenies,
A. Basso, P. Kutas, S.‑P. Merz, C. Petit, A. Sanso
ASIACRYPT 2021, ePrint 2021/706. - One-way functions and malleability oracles: Hidden shift attacks on isogeny-based protocols,
P. Kutas, S.‑P. Merz, C. Petit, C. Weitkämper
EUROCRYPT 2021, ePrint 2021/282. - On Index Calculus Algorithms for Subfield Curves,
S.D. Galbraith, R. Granger, S.‑P. Merz, C. Petit
SAC 2020, ePrint 2020/1315. - On Adaptive Attacks against Jao-Urbanik's Isogeny-Based Protocol,
A. Basso, P. Kutas, S.‑P. Merz, C. Petit, C. Weitkämper
AFRICACRYPT 2020, ePrint 2020/244. - Another look at some isogeny hardness assumptions,
S.‑P. Merz, R. Minko, C. Petit
CT-RSA 2020, ePrint 2019/950. - Factoring Products of Braids via Garside Normal Form,
S.‑P. Merz, C. Petit
PKC 2019, ePrint 2018/1142.
Talks
- Isogeny Club (virtual), 27 February 2024.
SCALLOP: a somewhat scalable effective group action from isogenies, slides.
- PKC 2023, Atlanta (USA), 8 May 2023.
SCALLOP: scaling the CSI-FiSh, slides.
- iC2 Seminar, Wollongong (virtual), 24 August 2022.
Introduction to isogeny-based cryptography, OPRFs and recent cryptanalysis.
- Eötvös Loránd University, Budapest (HUN), 28 July 2022.
Cryptanalysis of some isogeny-based hardness assumptions.
- IBM Isogeny Day, IBM Research, Zürich (CHE), 07 July 2022.
Oblivious PRFs from Supersingular Isogenies, slides.
- CWI Student Seminar, CWI Amsterdam, Amsterdam (virtual), 25 March 2022.
Cryptanalysis of an Oblivious PRF from Supersingular Isogenies, slides.
- Post-Quantum Cryptography Workshop, Birmingham (GBR), 22 March 2022.
SIDH and its Applications, slides.
- Isogeny-based Cryptography Workshop, Birmingham (GBR), 16 March 2022.
SIDH and its Applications, slides.
- ISG Research Seminar, Royal Holloway, Egham (virtual), 10 March 2022.
Cryptanalysis of an Oblivious PRF from Supersingular Isogenies, slides.
- ASIACRYPT 2021, Singapore (virtual), 7 December 2021.
Cryptanalysis of an Oblivious PRF from Supersingular Isogenies, slides.
- EUROCRYPT 2021, Zagreb (HRV), 18 October 2021.
One-way functions and malleability oracles: Hidden shift attacks on isogeny-based protocols, slides.
- SAC 2020, Halifax, Nova Scotia (virtual), 23 October 2020.
On Index Calculus Algorithms for Subfield Curves, slides.
- CT-RSA 2020, San Francisco (USA), 27 February 2020.
Another look at some isogeny hardness assumptions, slides.
- ISF World Congress 2019, Dublin (IRL), 26 October 2019.
Invited talk on mathematical problems underlying elliptic curve and isogeny-based cryptography.
- PKC 2019, Beijing (CHN), 16 April 2019.
Factoring Products of Braids via Garside Normal Form, slides.
Teaching and Refereeing
I was a teaching assistant for the courses:- Computational Mathematics (FU Berlin), winter semester 2015-2016.
- Algorithms and Probability (ETH Zürich), spring semester 2024.
For the following conferences I was a (sub)reviewer:
CRYPTO 2019, SAC 2019, MathCrypt 2019, AFRICACRYPT 2019, IMACC 2019, PKC 2020, ANTS 2020, AFRICACRYPT 2020, PKC 2021, PQCrypto 2021, ASIACRYPT 2021, SAC 2021, IMACC 2021, ACNS 2022, AFRICACRYPT 2022, ANTS 2022, ASIACRYPT 2022, EUROCRYPT 2023, PKC 2024
I have been a reviewer for the following journals:
Advances in Mathematics of Communications;
Applicable Algebra in Engineering, Communication and Computing;
Designs, Codes and Cryptography;
IET Information Security;
Mathematical and Computational Applications;