MIKE: An efficient and compact NIKE Based on a Commutative Monoidal Action 

Robert recently described a powerful correspondence between certain (Hermitian) modules and (polarized) abelian varieties, which simultaneously generalizes both the class-group action underlying protocols such as CSIDH, and the Deuring correspondence, underlying protocols such as SQIsign. Using this correspondence, he also proposed how to construct a post-quantum NIKE, called MIKE, which, at a high level, can be viewed as a generalization of the Diffie-Hellman key exchange, based on a commutative monoidal action.

In the first part of the talk, we axiomatize the notion of a cryptographic monoidal action, giving a simpler (but less expressive) framework for constructing novel post-quantum protocols, which can be instantiated with Robert's correspondence. The potential advantage of cryptographic monoidal actions over cryptographic group actions is that, conjecturally, the associated hard problems do not admit subexponential quantum algorithms. In practice, this may lead to smaller parameters and more efficient schemes in certain cases. 

In the second part of the talk, we illustrate this by diving deeper into MIKE itself, discuss how to compute the underlying action efficiently in practice, and present our promising implementation results. The first part of the talk is based on joint work with Emil August Hovd Olaisen, while the second part is with the whole "MIKE-team".