, 1: Computing isogeny paths in ? g (?; p) Input: A and A ? in Sg(p) Output: A path ? : A ? A ? in ?g(?; p)

, A to some point B × E in Sg?1(p) × S1(p)

, ? from A ? to some point B ? × E ? in Sg?1(p) × S1(p)

, ? B ? in ?g?1(?; p) using Algorithm 1 recursively if g ? 1 > 1, or elliptic path-finding if g ? 1 = 1

, If b ? e (mod 2), then fail and return ? (or try again with another ? and/or ? ? , ?

. B-×-e-?-b-?-×-e-?,

G. Adj, D. Cervantes-vázquez, J. Chi-domínguez, A. Menezes, and F. Rodríguez-henríquez, On the cost of computing isogenies between supersingular elliptic curves, 25th Conference on Selected Areas in Cryptography (SAC 2018), 2018.

R. Azarderakhsh, B. Koziel, M. Campagna, B. Lamacchia, C. Costello et al., , 2017.

J. Biasse, D. Jao, and A. Sankar, A quantum algorithm for computing isogenies between supersingular elliptic curves, Progress in Cryptology -INDOCRYPT 2014 -15th International Conference on Cryptology in India, vol.8885, pp.428-442, 2014.

G. Bisson, R. Cosset, and D. Robert, AVIsogenies -a library for computing isogenies between abelian varieties, 2012.

M. Boyer, G. Brassard, P. Høyer, and A. Tapp, Tight bounds on quantum searching, Fortschritte der Physik: Progress of Physics, vol.46, issue.4-5, pp.493-505, 1998.

J. W. Cassels and E. V. Flynn, Prolegomena to a middlebrow arithmetic of curves of genus 2, vol.230, 1996.

W. Castryck, T. Decru, and B. Smith, Hash functions from superspecial genus-2 curves using Richelot isogenies, Cryptology ePrint Archive, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02067885

W. Castryck, T. Lange, C. Martindale, L. Panny, and J. Renes, CSIDH: An efficient post-quantum commutative group action, Advances in Cryptology -ASIACRYPT 2018, Part III, pp.395-427, 2018.

D. X. Charles, E. Z. Goren, and K. E. Lauter, Families of Ramanujan graphs and quaternion algebras, Groups and symmetries, from neolithic scots to John McKay, pp.53-80, 2009.

D. X. Charles, K. E. Lauter, and E. Z. Goren, Cryptographic hash functions from expander graphs, Journal of Cryptology, vol.22, issue.1, pp.93-113, 2009.

C. Costello, Computing supersingular isogenies on Kummer surfaces, International Conference on the Theory and Application of Cryptology and Information Security, pp.428-456, 2018.

L. De-feo and S. Galbraith, SeaSign: Compact isogeny signatures from class group actions, Advances in Cryptology -EUROCRYPT 2019, 2019.

L. De-feo, S. Masson, C. Petit, and A. Sanso, Verifiable delay functions from supersingular isogenies and pairings, Cryptology ePrint Archive, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02388349

C. Delfs and S. D. Galbraith, Computing isogenies between supersingular elliptic curves over Fp, Des. Codes Cryptography, vol.78, issue.2, pp.425-440, 2016.

C. Diem, An index calculus algorithm for plane curves of small degree, Algorithmic Number Theory, 7th International Symposium, ANTS-VII, vol.4076, pp.543-557, 2006.

A. Dudeanu, D. Jetchev, D. Robert, and M. Vuille, Cyclic Isogenies for Abelian Varieties with Real Multiplication, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01629829

K. Eisenträger, S. Hallgren, K. Lauter, T. Morrison, and C. Petit, Supersingular isogeny graphs and endomorphism rings: reductions and solutions, Advances in cryptology-EUROCRYPT 2018. Part III, pp.329-368, 2018.

T. , On supersingular curves and abelian varieties, Mathematica Scandinavica, vol.60, pp.151-178, 1987.

E. V. Flynn and Y. B. Ti, Genus two isogeny cryptography, Post-Quantum Cryptography -10th International Conference, vol.11505, pp.286-306, 2019.

S. D. Galbraith, C. Petit, B. Shani, and Y. B. Ti, On the security of supersingular isogeny cryptosystems, Advances in Cryptology -ASIACRYPT 2016 -22nd International Conference on the Theory and Application of Cryptology and Information Security, vol.10031, pp.63-91, 2016.

S. D. Galbraith, C. Petit, and J. Silva, Identification protocols and signature schemes based on supersingular isogeny problems, Advances in Cryptology -ASIACRYPT 2017 -23rd International Conference on the Theory and Applications of Cryptology and Information Security, vol.10624, pp.3-33, 2017.

P. Gaudry, Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem, J. Symb. Comput, vol.44, issue.12, pp.1690-1702, 2009.
URL : https://hal.archives-ouvertes.fr/inria-00337631

P. Gaudry, E. Thomé, N. Thériault, and C. Diem, A double large prime variation for small genus hyperelliptic index calculus, Math. Comput, vol.76, issue.257, pp.475-492, 2007.
URL : https://hal.archives-ouvertes.fr/inria-00077334

L. K. Grover, A fast quantum mechanical algorithm for database search, Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, pp.212-219, 1996.

S. Hoory, N. Linial, and A. Wigderson, Expander graphs and their applications, Bulletin (New Series) of the American Mathematical Society, vol.43, issue.4, pp.439-561, 2006.

M. Hubert, Superspecial abelian varieties, theta series and the Jacquet-Langlands correspondence, 2005.

D. Jao and L. De-feo, Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies, International Workshop on Post-Quantum Cryptography, pp.19-34, 2011.
URL : https://hal.archives-ouvertes.fr/hal-00652846

S. Jaques and J. M. Schanck, Quantum cryptanalysis in the RAM model: Clawfinding attacks on SIKE, Advances in Cryptology -CRYPTO 2019 -39th Annual International Cryptology Conference, vol.11692, pp.32-61, 2019.

D. Kohel, K. Lauter, C. Petit, and J. Tignol, On the quaternion ?-isogeny path problem, LMS J. Comput. Math, vol.17, pp.418-432, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01257092

D. Lubicz and D. Robert, Arithmetic on abelian and Kummer varieties. Finite Fields and Their Applications, vol.39, pp.130-158, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01057467

C. Petit, Faster algorithms for isogeny problems using torsion point images, Advances in Cryptology -ASIACRYPT 2017 -23rd International Conference on the Theory and Applications of Cryptology and Information Security, vol.10625, pp.330-353, 2017.

A. K. Pizer, Ramanujan graphs and hecke operators, Bull. Am. Math. Soc, vol.23, issue.1, 1990.

B. Smith, Explicit endomorphisms and correspondences, 2005.

B. A. Smith, Isogenies and the discrete logarithm problem in jacobians of genus 3 hyperelliptic curves, J. Cryptology, vol.22, issue.4, pp.505-529, 2009.
URL : https://hal.archives-ouvertes.fr/inria-00537860

A. V. Sutherland, Identifying supersingular elliptic curves, LMS Journal of Computation and Mathematics, vol.15, pp.317-325, 2012.

K. Takashima, Mathematical Modelling for Next-Generation Cryptography: CREST Crypto-Math Project, chapter Efficient Algorithms for Isogeny Sequences and Their Cryptographic Applications, pp.97-114, 2018.

S. Tani, Claw finding algorithms using quantum walk, Theor. Comput. Sci, vol.410, issue.50, pp.5285-5297, 2009.

P. C. Van-oorschot and M. J. Wiener, Parallel collision search with cryptanalytic applications, J. Cryptology, vol.12, issue.1, pp.1-28, 1999.

, Fp:=GF(p)

, Fp2<i>:=ExtensionField<Fp,x|x^2+1>; _<x>:=PolynomialRing(Fp2)

, Next_Walk := function(str) H := SHA1(str)

, Walk_To_Starting_Jacobian:=function(str) steps,H:= Next_Walk(str)

, C0:=HyperellipticCurve(x^5+x)

, J0:=Jacobian(C0)

, =1 to #steps do neighbours:=RichelotIsogenousSurfaces(J0)

, Walk_Until_Found:=function(seed, J0

, H:=seed; found:=false; walks_done:=0; steps_done:=0

, walks and

, =1 to #steps do steps_done+, p.1

, J:=RichelotIsogenousSurfaces(J)

, if Type(J) eq SetCart then found:=true

, return steps,index,walks_done,steps_done

, J0:=Walk_To_Starting_Jacobian

, J0

(. Write and . File_name,

, Write(file_name, walks_done)

(. Write and . File_name,

, Write(file_name, steps_done)

(. Write and . File_name,

, Write(file_name, steps)

(. Write and . File_name,

, Write(file_name, index)

(. Write and . File_name, Elliptic Product=

, Write(file_name, J