Sabrina Kunzweiler

About me

I am a tenured research scientist (ISFP) at Inria Bordeaux in France and member of the Canari team. Before joining Inria, I was part of the cryptography group at Ruhr University Bochum in Germany. I completed my PhD in December 2020 at the Institute of Algebra and Number Theory at Ulm University under the supervision of Stefan Wewers.

News and upcoming events

Our paper Radical 2-isogenies and cryptographic hash functions in dimensions 1, 2 and 3 was accepted at PKC 2025.

Our paper Computing modular polynomials by deformation is now published in Research in Number Theory .

I will teach a course on isogeny-based cryptography at the summer school on post-quantum cryptography in Bilbao (June 23 - 27).

Applications for the Preliminary Arizona Winter School are now open. I will give a lecture series about mathematical cryptography. .

Education

Most of my academic degrees are from Ulm University in Germany. But I also studied one year at the Universidad de Cantabria in Spain during my Bachelor, and participated in a double-degree program with Syracuse University in the United States during my Master.

Ph.D. in Mathematics, Ulm University, 2020

M.S. in Mathematics, Ulm University, 2018

M.S. in Mathematics, Syracuse University, 2017

B.S. in Mathematics, Ulm University, 2015

Research interests

I'm interested in computational aspects of number theory, algebraic geometry and the applications to cryptography. Some of my research topics:

Higher dimensional isogenies

I'm currently working on algorithms for computing isogenies of principally polarized abelian varieties. These algorithms have applications in isogeny-based cryptography which is one of the proposals for post-quantum cryptography. In general, I'm interested in investigating higher-dimensional analogues of cryptographic protocols based on elliptic curves.
Cryptography with group actions

I study cryptographic protocols based on group actions, in particular the CSIDH group action. This includes the security analysis of such schemes, the development of generic models, and the design of new protocols.
Curves over local fields

During my PhD I studied the computation of models of curves and developed algorithms for computing the lattice of integral differential forms. Related to this topic, I also like to think about conductor-discriminant inequalities.

PhD thesis

Google Scholar

Github

Publications

Differential forms on hyperelliptic curves with semistable reduction Research in Number Theory. 2020.
Reduction types of genus-3 curves in a special stratum of their moduli space, with I. Bouw, N. Coppola, P. Kılıçer, E. Lorenzo García and A. Somoza. Women in Numbers Europe III. 2021.
Secret keys in genus-2 SIDH, with Y.B. Ti and C. Weitkämper. SAC 2021.
A user's guide to the local arithmetic of hyperelliptic curves, with A. Best, L.A. Betts, M. Bisatt, R. van Bommel, V. Dokchitser, O. Faraggi, C. Maistret, A. Morgan, S. Muselli, S. Nowell. Bulletin of the London Mathematical Society. 2022.
Password-authenticated key exchange from group actions, with M. Abdalla, T. Eisenhofer, E. Kiltz, D. Riepel. Crypto 2022. (slides)
Failing to hash into supersingular isogeny graphs, with J. Booher, R. Bowden, J. Doliskani, T. Fouotsa, S. Galbraith, S.-P. Merz, C. Petit, B. Smith, K. Stange, Y. B. Ti, C. Vincent, J. Voloch, C. Weitkämper, L. Zobernig. CFAIL 2022 (extended abstract), The Computer Journal 2024 (full version).
Group action key encapsulation and non-interactive key exchange in the QROM, with J. Duman, D. Hartmann, E. Kiltz, J. Lehmann, D. Riepel. AsiaCrypt 2022.
Generic models for group actions, with J. Duman, D. Hartmann, E. Kiltz, J. Lehmann, D. Riepel. PKC 2023.
Low Memory Attacks on Small Key CSIDH, with J.J. Chi-Domínguez, A. Esser, and A May. ACNS 2023. (slides)

Efficient computation of (3ⁿ,3ⁿ)-isogenies, with Thomas Decru. AfricaCrypt 2023. (slides)
Efficient computation of (2ⁿ,2ⁿ)-isogenies. Designs, Codes and Cryptography. 2024. (slides)
Computing modular polynomials by deformation, with Damien Robert. Research in Number Theory. 2025. (slides)
Radical 2-isogenies and cryptographic hash functions in dimensions 1, 2 and 3, with L. Maino, T. Moriya, C. Petit, G. Pope, D. Robert, M. Stopar, and Y. B. Ti. Accepted at PKC 2025. (slides)

Code

Most of my work includes some explicit computations, algorithms or formulas. Here, you'll find links to the code supporting the publications (written by my coauthors or me).

Superelliptic curves (with my PhD advisor Stefan Wewers). This SageMath package can be used to compute the lattice of integral differentials of a superelliptic curve. Checkout my thesis for more details.
SageMath package about cluster pictures by Alex J. Best and Raymond van Bommel. The package includes my formulas for computing integral differentials on hyperelliptic curves with semistable reduction; and you can also compute many more local invariants (see our User's guide to the local arithmetic of hyperelliptic curves).
Ciani quartics This repository contains some extra material for our paper Reduction types of genus-3 curves in a special stratum of their moduli space. In particular, there is SageMath code to compute the semistable reduction of a given Ciani quartic.
(3,3)-isogenies (with Thomas Decru). The repository contains symbolic proofs for the splitting and gluing formulas that we found, and an implementation of our algorithm for computing (3,3)-isogeny chains. You can use it to break the SIKE challenges!
Richelot isogenies The repository contains different algorithms for computing chains of (2,2)-isogenies. This includes the algorithms developed in Efficient computation of (2ⁿ,2ⁿ)-isogenies, and some newer versions, working on the Kummer surface. You can also use this to break the SIKE challenges.
Modular polynomials (with Damien Robert). This SageMath Package contains the implementation of a new algorithm for computing modular polynomials of elliptic curves. The algorithm is based on the theory of deformations and also uses the (2,2)-isogeny chains from above.
ThetaCGL This repository contains an implementation in Rust of our cryptographic hash function ThetaCGL using radical isogenies in dimensions 1,2 and 3. We also provide an implementation in SageMath which is meant as an educational resource.

Teaching

Summer schools

I taught or led research groups at the following events.

Women in SAGE - Nigeria: collaborative conference addressed to young African researchers (University of Ibadan, Nigeria)
Autumn School on Isogenies: school preceding the ECC Workshop 2024 (Academia Sinica, Taiwan)
Effective Algebra and the LMFDB: CIMPA school (Makerere University, Uganda)

Teaching assistant

In Ulm and Syracuse, I was a teaching assistant for the following courses.

Calculus II at Syracuse University (Fall 2016, Spring 2017)
Elements of Abstract Algebra at Ulm University (Fall 2017)
Seminar about geometry at Ulm University (Fall 2017)
Elementary Number Theory at Ulm University (Spring 2018, Spring 2020)
Seminar about primality testing at Ulm University (Spring 2018)
Linear algebra I at Ulm University (Fall 2018, Fall 2019)
Linear algebra II at Ulm University (Spring 2019)
Diophantine Equations at Ulm University (Fall 2019)