I am currently working as a research expert in the research group COSIC of the Department of Electrical Engineering at KU Leuven. On a voluntary basis, I'm also affiliated with the Department of Mathematics: Algebra and Geometry at Ghent University. My Guust Flater index is two: 1 2.

→ Coordinates:

KU Leuven
Department of Electrical Engineering
Kasteelpark Arenberg 10/2452
3001 Leuven (Heverlee)
Belgium

wouter.castryck(at)esat.kuleuven.be

• KLPT²: algebraic pathfinding in dimension two and applications, with Thomas Decru, Péter Kutas, Abel Laval, Christophe Petit and Yan Bo Ti, preprint ePrint


• PRISM: simple and compact identification and signatures from large prime degree isogenies, with Andrea Basso, Giacomo Borin, Maria Corte-Real Santos, Riccardo Invernizzi, Antonin Leroux, Luciano Maino, Frederik Vercauteren, and Benjamin Wesolowski, Proceedings of Public-Key Cryptography 2025, Lecture Notes in Computer Science, to appear ePrint


• Generalized class group actions on oriented elliptic curves with level structure, with Sarah Arpin, Jonathan Komada Eriksen, Gioella Lorenzon and Frederik Vercauteren, Proceedings of WAIFI 2024, Lecture Notes in Computer Science 15176, to appear ePrint


• SQIsign2D-East: a new signature scheme using 2-dimensional isogenies, with Kohei Nakagawa, Hiroshi Onuki, Mingjie Chen, Riccardo Invernizzi, Gioella Lorenzon, and Frederik Vercauteren, Proceedings of Asiacrypt 2024 Part III, Lecture Notes in Computer Science 15486, pp. 272-303 (2025)


• A polynomial time attack on instances of M-SIDH and FESTA, with Frederik Vercauteren, Proceedings of Asiacrypt 2023 Part VII, Lecture Notes in Computer Science 14444, pp. 127-156 (2023) ePrint


• SoK: On the security of cryptographic problems from linear algebra, with Carl Bootland, Alan Szepieniec, and Frederik Vercauteren, Mathematical Cryptology 3(1), pp. 52-95 (2023) ePrint


• Weak instances of class group action based cryptography via self-pairings, with Marc Houben, Simon-Philipp Merz, Marzio Mula, Sam van Buuren, and Frederik Vercauteren, Proceedings of Crypto 2023 Part III, Lecture Notes in Computer Science 14083, pp. 762-792 (2023) ePrint


• An efficient key recovery attack on SIDH, with Thomas Decru, Proceedings of Eurocrypt 2023 Part V, Lecture Notes in Computer Science 14008, pp. 423-447 (2023) ePrint
  [ Magma code: richelot_aux.m uvtable.m SIKE_challenge.m SIKEp434.m ]
  


• Scrollar invariants, syzygies and representations of the symmetric group, with Floris Vermeulen and Yongqiang Zhao, Journal für die reine und angewandte Mathematik 796, pp. 117-159 (2023) arXiv
  [ Scrollar invariants of resolvents of low degree covers: appendix_resolvents.pdf ]
  [ Magma code supporting Conjecture 44: d6_resolvents.m hirzebruch_predict.m ]


• An infinite class of Neumaier graphs and non-existence results, with Aida Abiad, Maarten De Boeck, Jack Koolen, and Sjanne Zeijlemaker, Journal of Combinatorial Theory, Series A 193, article 105684 (2023) arXiv


• Two remarks on the vectorization problem, with Natan Vander Meeren, Proceedings of Indocrypt 2022, Lecture Notes in Computer Science 13774, pp. 658-678 (2023) ePrint


• Horizontal racewalking using radical isogenies, with Thomas Decru, Marc Houben, and Frederik Vercauteren, Proceedings of Asiacrypt 2022 Part II, Lecture Notes in Computer Science 13792, pp. 67-96 (2023) ePrint


• On the decisional Diffie-Hellman problem for class group actions on oriented elliptic curves, with Marc Houben, Frederik Vercauteren, and Benjamin Wesolowski, Proceedings of ANTS-XV, Research in Number Theory 8(4), article 99 (2022) ePrint


• Multiradical isogenies, with Thomas Decru, Proceedings of AGC²T18, Contemporary Mathematics 779, pp. 57-89 (2022) ePrint


• A fusion algorithm for solving the hidden shift problem in finite abelian groups, with Ann Dooms, Carlo Emerencia, and Alexander Lemmens, Proceedings of PQCrypto 2021, Lecture Notes in Computer Science 12841, pp. 133-153 (2021) ePrint


• Lifting low-gonal curves for use in Tuitman's algorithm, with Floris Vermeulen, Proceedings of ANTS-XIV, MSP Open Book Series 4, pp. 109-125 (2020) arXiv
  [ Accompanying files: lifting_lowgonal_3.m lifting_lowgonal_4.m lifting_lowgonal_5.m precomputation_5.m precomputed_5.m ]


• On the security of the Multivariate Ring Learning with Errors problem, with Carl Bootland and Frederik Vercauteren, Proceedings of ANTS-XIV, MSP Open Book Series 4, pp. 57-71 (2020) ePrint


• Radical isogenies, with Thomas Decru and Frederik Vercauteren, Proceedings of Asiacrypt 2020 Part II, Lecture Notes in Computer Science 12492, pp. 493-519 (2020) ePrint


• The dimension growth conjecture, polynomial in the degree and without logarithmic factors, with Raf Cluckers, Philip Dittmann, and Kien Huu Nguyen, Algebra & Number Theory 14(8), pp. 2261-2294 (2020) arXiv
  [ Errata: see Raf's file ]


• Breaking the decisional Diffie-Hellman problem for class group actions using genus theory, with Jana Sotáková and Frederik Vercauteren, Proceedings of Crypto 2020 Part II, Lecture Notes in Computer Science 12171, pp. 92-120 (2020), extended version in Journal of Cryptology 35(4), article 24 (2022) ePrint


• Hash functions from superspecial genus-2 curves using Richelot isogenies, with Thomas Decru and Benjamin Smith, Proceedings of NutMiC 2019, Journal of Mathematical Cryptology 14(1), pp. 268-292 (2020) ePrint


• A framework for cryptographic problems from linear algebra, with Carl Bootland, Alan Szepieniec, and Frederik Vercauteren, Proceedings of NutMiC 2019, Journal of Mathematical Cryptology 14(1), pp. 202-217 (2020) ePrint


• Efficiently processing complex-valued data in homomorphic encryption, with Carl Bootland, Ilia Iliashenko and Frederik Vercauteren, Proceedings of MathCrypt 2018, Journal of Mathematical Cryptology 14(1), pp. 55-65 (2020) ePrint


• Rational isogenies from irrational endomorphisms, with Lorenz Panny and Frederik Vercauteren, Proceedings of Eurocrypt 2020 Part II, Lecture Notes in Computer Science 12106, pp. 523-548 (2020) ePrint


• CSIDH on the surface, with Thomas Decru, Proceedings of PQCrypto 2020, Lecture Notes in Computer Science 12100, pp. 111-129 (2020) ePrint
  [ Summer school notes: summer_school_csurf.pdf ]


• Canonical syzygies of smooth curves on toric surfaces, with Filip Cools, Jeroen Demeyer, and Alexander Lemmens, Journal of Pure and Applied Algebra 224(2), pp. 507-527 (2020) arXiv


• Computing graded Betti tables of toric surfaces, with Filip Cools, Jeroen Demeyer, and Alexander Lemmens, Transactions of the American Mathematical Society 372(10), pp. 6869-6903 (2019) arXiv
  [ Accompanying code: see Jeroen's github ]
  [ Slides: pdf (the conjecture on slide 18 turned out to be incomplete, see Conjecture 1.6 in the paper for an updated statement) ]


• New bounds for exponential sums with a non-degenerate phase polynomial, with Kien Huu Nguyen, Journal de Mathématiques Pures et Appliquées 130, pp. 93-111 (2019) arXiv


• CSIDH: an efficient post-quantum commutative group action, with Tanja Lange, Chloe Martindale, Lorenz Panny and Joost Renes, Proceedings of Asiacrypt 2018 Part III, Lecture Notes in Computer Science 11274, pp. 395-427 (2018) ePrint


• Translating between the roots of the identity in quantum circuits, with Jeroen Demeyer, Alexis De Vos, Oliver Keszöcse and Mathias Soeken, Proceedings of IEEE 48th ISMVL, pp. 254-259 (2018) arXiv


• Homomorphic SIM²D operations: Single Instruction Much More Data, with Ilia Iliashenko and Frederik Vercauteren, Proceedings of Eurocrypt 2018 Part I, Lecture Notes in Computer Science 10820, pp. 338-359 (2018) ePrint


• Point counting on curves using a gonality preserving lift, with Jan Tuitman, The Quarterly Journal of Mathematics 69(1), pp. 33-74 (2018) arXiv
  [ Accompanying code: see Jan's homepage ]


• Faster homomorphic function evaluation using non-integral base encoding, with Charlotte Bonte, Carl Bootland, Joppe W. Bos, Ilia Iliashenko, and Frederik Vercauteren, Proceedings of CHES 2017, Lecture Notes in Computer Science 10529, pp. 579-600 (2017) ePrint


• Hypersurfaces in weighted projective spaces over finite fields with applications to coding theory, with Yves Aubry, Sudhir R. Ghorpade, Gilles Lachaud, Michael E. O'Sullivan, and Samrith Ram, Proceedings of Algebraic Geometry for Cryptography and Coding Theory, Association for Women in Mathematics Series 9, pp. 25-61 (2017) arXiv


• The holomorphy conjecture for nondegenerate surface singularities, with Denis Ibadula and Ann Lemahieu, Nagoya Mathematical Journal 227(3), pp. 160-188 (2017) arXiv


• Linear pencils encoded in the Newton polygon, with Filip Cools, International Mathematics Research Notices 2017(10), pp. 2998-3049 (2017) arXiv
  [ Accompanying Magma files: basic_commands.m gonal.m neargonal.m ]
  [ Erratum: pdf ]


• Privacy-friendly forecasting for the smart grid using homomorphic encryption and the group method of data handling, with Joppe W. Bos, Ilia Iliashenko, and Frederik Vercauteren, Proceedings of Africacrypt 2017, Lecture Notes in Computer Science 10239, pp. 184-201 (2017) ePrint


• Intrinsicness of the Newton polygon for smooth curves on P¹ x P¹, with Filip Cools, Revista Matemática Complutense 30(2), pp. 233-258 (2017) arXiv


• A lower bound for the gonality conjecture, Mathematika 63(2), pp. 561-563 (2017) arXiv


• On error distributions in ring-based LWE, with Ilia Iliashenko and Frederik Vercauteren, Proceedings of ANTS-XII, LMS Journal of Computation and Mathematics 19, Special Issue A, pp. 130-145 (2016) ePrint


• Provably weak instances of Ring-LWE revisited, with Ilia Iliashenko and Frederik Vercauteren, Proceedings of Eurocrypt 2016 Part I, Lecture Notes in Computer Science 9665, pp. 147-167 (2016) ePrint
  [ Slides: pdf ]


• A combinatorial interpretation for Schreyer's tetragonal invariants, with Filip Cools, Documenta Mathematica 20, pp. 903-918 (2015) arXiv


• The lattice size of a lattice polygon, with Filip Cools, Journal of Combinatorial Theory, Series A 136, pp. 64-95 (2015) arXiv


• A minimal set of generators for the canonical ideal of a non-degenerate curve, with Filip Cools, Journal of the Australian Mathematical Society 98(3), pp. 311-323 (2015) arXiv
  [ Accompanying file: canonical.m ]


• New equidistribution estimates of Zhang type, with D.H.J. Polymath, Algebra & Number Theory 8(9), pp. 2067-2199 (2014) arXiv


• Curves in characteristic 2 with non-trivial 2-torsion, with Marco Streng and Damiano Testa, Proceedings of Geocrypt 2013, Advances in Mathematics of Communications 8(4), pp. 479-495 (2014) arXiv


• Constraints on counterexamples to the Casas-Alvero conjecture, and a verification in degree 12, with Robert Laterveer and Myriam Ounaïes, Mathematics of Computation 83(290), pp. 3017-3037 (2014) arXiv
  [ Accompanying files: badprimes7.txt CAbadprimes7test.m precompscenarios12.zip CAdeg12.m CAbadprimes.m ]
  [ Slides: pptx ]


• The distribution of the number of points modulo an integer on elliptic curves over finite fields, with Hendrik Hubrechts, The Ramanujan Journal 30(2), pp. 223-242 (2013) pdf


• The probability that the number of points on the Jacobian of a genus 2 curve is prime, with Amanda Folsom, Hendrik Hubrechts, and Andrew V. Sutherland, Proceedings of the London Mathematical Society 104(6), pp. 1235-1270 (2012) arXiv


• Newton polygons and curve gonalities, with Filip Cools, Journal of Algebraic Combinatorics 35(3), pp. 345-366 (2012) + erratum, ibid., pp. 367-372 arXiv


• Moving out the edges of a lattice polygon, Discrete and Computational Geometry 47(3), pp. 496-518 (2012) pdf
  [ Accompanying files: Polygon_commands.m readme.pdf Polygons1to30.zip ]


• Toric forms of elliptic curves and their arithmetic, with Frederik Vercauteren, Journal of Symbolic Computation 46(8), pp. 943-966 (2011) pdf


• Nondegenerate curves of low genus over small finite fields, with John Voight, Proceedings of AGC²T12, Contemporary Mathematics 521, pp. 21-28 (2010) arXiv


• On nondegeneracy of curves, with John Voight, Algebra & Number Theory 3(3), pp. 255-281 (2009) arXiv
  [ Addenda and errata: nondeg_remarks.pdf ]


• Computing zeta functions in families of C_a,b curves using deformation, with Hendrik Hubrechts and Frederik Vercauteren, Proceedings of ANTS-VIII, Lecture Notes in Computer Science 5011, pp. 296-311 (2008) pdf
  [ Errata: cab_erratum.pdf ]


• A shortened classical proof of the quadratic reciprocity law, American Mathematical Monthly 115(6), pp. 550-551 (2008) pdf


• Computing zeta functions of nondegenerate curves, with Jan Denef and Frederik Vercauteren, International Mathematics Research Papers 2006, pp. 1-57 (2006) arXiv ePrint

• Breaking and repairing SQIsign2D-East, with Mingjie Chen, Riccardo Invernizzi, Gioella Lorenzon, and Frederik Vercauteren, unpublished note (2024) ePrint


• Processing encrypted data using homomorphic encryption, with Anthony Barnett, Charlotte Bonte, Carl Bootland, Joppe W. Bos, Anamaria Costache, Louis Goubin, Ilia Iliashenko, Tancrède Lepoint, Michele Minelli, Pascal Paillier, Nigel P. Smart, Frederik Vercauteren, Srinivas Vivek and Adrian Waller, online publication for Data Mining with Secure Computation (Horizon 2020 SODA project, 2017) link


• The "bounded gaps between primes" Polymath project - a retrospective, with D.H.J. Polymath, Newsletter of the European Mathematical Society 94, pp. 13-23 (2014) arXiv


• La conjecture de Casas-Alvero, Les conjectures du trimestre, Images des Maths (2013) link


• Efficient arithmetic on elliptic curves using a mixed Edwards-Montgomery representation, with Steven Galbraith and Reza Farashahi, unpublished note (2008) ePrint

• Smooth curves in toric surfaces, Habilitation à Diriger des Recherches, under the supervision of Raf Cluckers, Université de Lille-1 (2017) pdf of extended preface
  [ Facts and conjectures on Betti tables of toric surfaces: png ]


• Point counting on nondegenerate curves, Ph.D. thesis, under the supervision of Jan Denef, KU Leuven (2006) pdf
  [ Errata: thesis_erratum.pdf ]