Results 1  10
of
22
The 2adic CM method for genus 2 curves with application to cryptography
 in ASIACRYPT ‘06, Springer LNCS 4284
, 2006
"... Abstract. The complex multiplication (CM) method for genus 2 is currently the most efficient way of generating genus 2 hyperelliptic curves defined over large prime fields and suitable for cryptography. Since low class number might be seen as a potential threat, it is of interest to push the method ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
Abstract. The complex multiplication (CM) method for genus 2 is currently the most efficient way of generating genus 2 hyperelliptic curves defined over large prime fields and suitable for cryptography. Since low class number might be seen as a potential threat, it is of interest to push the method as far as possible. We have thus designed a new algorithm for the construction of CM invariants of genus 2 curves, using 2adic lifting of an input curve over a small finite field. This provides a numerically stable alternative to the complex analytic method in the first phase of the CM method for genus 2. As an example we compute an irreducible factor of the Igusa class polynomial system for the quartic CM field Q(i p 75 + 12 √ 17), whose class number is 50. We also introduce a new representation to describe the CM curves: a set of polynomials in (j1, j2, j3) which vanish on the precise set of triples which are the Igusa invariants of curves whose Jacobians have CM by a prescribed field. The new representation provides a speedup in the second phase, which uses Mestre’s algorithm to construct a genus 2 Jacobian of prime order over a large prime field for use in cryptography. 1
The arithmetic of characteristic 2 Kummer surfaces
, 2009
"... The purpose of this paper is a description of a model of Kummer surfaces in characteristic 2, together with the associated formulas for the pseudogroup law. Since the classical model has bad reduction, a renormalization of the parameters is required, that can be justified using the theory of algeb ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
The purpose of this paper is a description of a model of Kummer surfaces in characteristic 2, together with the associated formulas for the pseudogroup law. Since the classical model has bad reduction, a renormalization of the parameters is required, that can be justified using the theory of algebraic theta functions. The formulas that are obtained are very efficient and may be useful in cryptographic applications. We also show that applying the same strategy to elliptic curves gives Montgomerylike formulas in odd characteristic that are of some interest, and we recover already known formulas by Stam in characteristic 2.
CRYPTOGRAPHIC PROTOCOLS ON REAL HYPERELLIPTIC CURVES
"... (Communicated by Edlyn Teske) Abstract. We present publickey cryptographic protocols for key exchange, digital signatures, and encryption whose security is based on the presumed intractability of solving the principal ideal problem, or equivalently, the distance problem, in the real model of a hype ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Communicated by Edlyn Teske) Abstract. We present publickey cryptographic protocols for key exchange, digital signatures, and encryption whose security is based on the presumed intractability of solving the principal ideal problem, or equivalently, the distance problem, in the real model of a hyperelliptic curve. Our protocols represent a significant improvement over existing protocols using real hyperelliptic curves. Theoretical analysis and numerical experiments indicate that they are comparable to the imaginary model in terms of efficiency, and hold much more promise for practical applications than previously believed. 1.
K.: Group Law Computations on Jacobians of Hyperelliptic Curves
 Selected Areas in Cryptography. LNCS
, 2011
"... Abstract. We derive an explicit method of computing the composition step in Cantor’s algorithm for group operations on Jacobians of hyperelliptic curves. Our technique is inspired by the geometric description of the group law and applies to hyperelliptic curves of arbitrary genus. While Cantor’s gen ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
Abstract. We derive an explicit method of computing the composition step in Cantor’s algorithm for group operations on Jacobians of hyperelliptic curves. Our technique is inspired by the geometric description of the group law and applies to hyperelliptic curves of arbitrary genus. While Cantor’s general composition involves arithmetic in the polynomial ring Fq[x], the algorithm we propose solves a linear system over the base field which can be written down directly from the Mumford coordinates of the group elements. We apply this method to give more efficient formulas for group operations in both affine and projective coordinates for cryptographic systems based on Jacobians of genus 2 hyperelliptic curves in general form.
FACTORIZATION WITH GENUS 2 CURVES
, 2009
"... Abstract. The elliptic curve method (ECM) is one of the best factorization methods available. It is possible to use hyperelliptic curves instead of elliptic curves but it is in theory slower. We use special hyperelliptic curves and Kummer surfaces to reduce the complexity of the algorithm. Our imple ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. The elliptic curve method (ECM) is one of the best factorization methods available. It is possible to use hyperelliptic curves instead of elliptic curves but it is in theory slower. We use special hyperelliptic curves and Kummer surfaces to reduce the complexity of the algorithm. Our implementation GMPHECM is faster than GMPECM for factoring large numbers.
Computing (ℓ,ℓ)isogenies in polynomial time on Jacobians of genus 2 curves. 2011. IACR ePrint
"... Abstract. In this paper, we compute ℓisogenies between abelian varieties over a field of characteristic different from 2 in polynomial time in ℓ, when ℓ is an odd prime which is coprime to the characteristic. We use level n symmetric theta structure where n = 2 or n = 4. In a second part of this pa ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Abstract. In this paper, we compute ℓisogenies between abelian varieties over a field of characteristic different from 2 in polynomial time in ℓ, when ℓ is an odd prime which is coprime to the characteristic. We use level n symmetric theta structure where n = 2 or n = 4. In a second part of this paper we explain how to convert between Mumford coordinates of Jacobians of genus 2 hyperelliptic curves to theta coordinates of level 2 or 4. Combined with the preceding algorithm, this gives a method to compute (ℓ, ℓ)isogenies in polynomial time on Jacobians of genus 2 curves. 1.
HighPerformance Scalar Multiplication using 8Dimensional GLV/GLS Decomposition
"... Abstract. This paper explores the potential for using genus 2 curves over quadratic extension fields in cryptography, motivated by the fact that they allow for an 8dimensional scalar decomposition when using a combination of the GLV/GLS algorithms. Besides lowering the number of doublings required ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. This paper explores the potential for using genus 2 curves over quadratic extension fields in cryptography, motivated by the fact that they allow for an 8dimensional scalar decomposition when using a combination of the GLV/GLS algorithms. Besides lowering the number of doublings required in a scalar multiplication, this approach has the advantage of performing arithmetic operations in a 64bit ground field, making it an attractive candidate for embedded devices. We found cryptographically secure genus 2 curves which, although susceptible to index calculus attacks, aim for the standardized 112bit security level. Our implementation results on both highend architectures (Ivy Bridge) and lowend ARM platforms (CortexA8) highlight the practical benefits of this approach. 1
ECM using Edwards curves
"... Abstract. This paper introduces GMPEECM, a fast implementation of the ellipticcurve method of factoring integers. GMPEECM is based on, but faster than, the wellknown GMPECM software. The main changes are as follows: (1) use Edwards curves instead of Montgomery curves; (2) use twisted inverted E ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. This paper introduces GMPEECM, a fast implementation of the ellipticcurve method of factoring integers. GMPEECM is based on, but faster than, the wellknown GMPECM software. The main changes are as follows: (1) use Edwards curves instead of Montgomery curves; (2) use twisted inverted Edwards coordinates; (3) use signedslidingwindow addition chains; (4) batch primes to increase the window size; (5) choose curves with small parameters a, d, X1, Y1, Z1; (6) choose curves with larger torsion.
Genus 2 point counting over prime fields
"... For counting points of jacobians of genus 2 curves over a large prime field, the best known approach is essentially an extension of Schoof’s genus 1 algorithm. We propose various practical improvements to this method and illustrate them with a large scale computation: we counted hundreds of curves, ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
For counting points of jacobians of genus 2 curves over a large prime field, the best known approach is essentially an extension of Schoof’s genus 1 algorithm. We propose various practical improvements to this method and illustrate them with a large scale computation: we counted hundreds of curves, until one was found that is suitable for cryptographic use, with a stateoftheart security level of approximately 2 128 and desirable speed properties. This curve and its quadratic twist have a Jacobian group whose order is 16 times a prime. Key words: Point couting, hyperelliptic curves, SchoofPila algorithm.