 Hello, everyone. I'm Hart, and today I'll be talking about the full quantum equivalence of Group Action Discrete Log and CDH, as well as some related results. This is a joint work with Mark Sandry. Let's start by recalling some basics of cryptographic group actions. A group action is a tuple of a group, a set, and a mapping that satisfies the identity and composability properties, where the composability property is analogous to associativity in groups. To make groups actions cryptographic, we just endow them with straightforward hardness assumptions. Here, we define the discrete log, CDH, and DTH assumptions over group actions, and if you're familiar with how these work over groups, the intuition carries over to group actions in a straightforward manner. The most well-known group action turns out to be group exponentiation. Yes, the same one used in traditional group-based discrete log, CDH, and DTH assumptions. If we treat the group G as a set and the integer exponent as a group, then exponentiation can just be thought of as a standard group action. More interestingly, and more relevant to post-quantum cryptography, certain isogenic-based primitives can be modeled as group actions. For instance, CYFISH and its derivatives are essentially group actions, while CSIDE is a bit more complicated and it is modeled as something called a restricted effective group action. SIDE, on the other hand, is not a group action, and the recent attacks on it do not seem to affect group action-modelable isogenes. So why should we care about group actions? Currently, most of our post-quantum cryptosystems are based on lattices. What if an advance in lattice cryptanalysis renders these schemes more inefficient? Like NIST suggests in their recent call for signature schemes, we don't want to put all of our post-quantum eggs in one basket. A billion group action-based cryptosystems, like those from isogenes, have turned out to be some of the most promising alternatives to lattice-based constructions. However, these constructions are very new and their security is not as well studied as more traditional assumptions. This has led to some surprising and unfortunate attacks, like the recent work Breaking SIDE. So what can we do about this? Can we improve our knowledge of the security of these assumptions? That's what we do in this paper. Our main result is a proof that group action CDH and group action discrete log are quantum polynomial time equivalent for a billion group actions. Since key exchange requires CDH hardness, but security analysis is much easier for discrete log, our result potentially greatly simplifies the security analysis of group action-based key exchanges and signatures. We also partially solve the old open problem, as stated by Bonnet and Lipton, of the equivalence of Diffie-Hellman and discrete log, although we can say nothing about the more famous classical case. So why does this matter? This result gives us more confidence in existing group action protocols and allows simpler security proofs. For instance, breaking certain isogenic-based key exchange protocols would result in a break on essentially the discrete log problem on the underlying isogenes, which we have more confidence is hard. It also makes building new group action-based key exchange protocols easier, since you only need to focus on the discrete log problem for at least theoretical security. We note that this result has already been used for new constructions. And finally, it's also just good to understand group actions better. But wait, there's more. We show that group action DDH and group action CDH are not equivalent. We build a very basic generic group action model, and we conjecture and offer evidence that the dihedral hidden subgroup problem is equivalent to discrete log in this generic model. Finally, we show a number of results on restricted effective group actions, which help explain why a reduction doesn't work directly for them, and offers an explanation in the form of an interesting connection to lattices. So thanks for your time, and I hope to see you all at Asia Crypt.