Public key cryptosystems are very important tools for data transmission. Their performance and security depend on the underlying crypto primitives. In this paper we describe one such primitive: The Discrete Logarithm (DL) in cyclic groups of prime order (Section 1). To construct DL-systems we use methods from algebraic and arithmetic geometry and especially the theory of abelian varieties over finite fields. It is explained why Jacobian varieties of hyperelliptic curves of genus 4 are candidates for cryptographically "good" abelian varieties (Section 2). In the third section we describe the (constructive and destructive) role played by Galois theory: Local and global Galois representation theory is used to count points on abelian varieties over finite fields and we give some applications of Weil descent and Tate duality.

Abstract. We present an implementation of elliptic curves and of hyperelliptic curves of genus 2 and 3 over prime fields. To achieve a fair comparison between the different types of groups, we developed an ad-hoc arithmetic library, designed to remove most of the overheads that penalize implementations of curve-based cryptography over prime fields. These overheads get worse for smaller fields, and thus for larger genera for a fixed group size. We also use techniques for delaying modular reductions to reduce the amount of modular reductions in the formulae for the group operations. The result is that the performance of hyperelliptic curves of genus 2 over prime fields is much closer to the performance of elliptic curves than previously thought. For groups of 192 and 256 bits the difference is about 14 % and 15 % respectively.

Abstract. In this article we show how to generalize the CM-method for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1.

Abstract. In 1986, D. V. Chudnovsky and G. V. Chudnovsky proposed to use formulae coming from Theta functions for the arithmetic in Jacobians of genus 2 curves. We follow this idea and derive fast formulae for the scalar multiplication in the Kummer surface associated to a genus 2 curve, using a Montgomery ladder. Our formulae can be used to design very efficient genus 2 cryptosystems that should be faster than elliptic curve cryptosystems in some hardware configurations.

. This survey discusses algorithms and explicit calculations for curves of genus at least 2 and their Jacobians, mainly over number fields and finite fields. Miscellaneous examples and a list of possible future projects are given at the end. 1. Introduction An enormous number of people have performed an enormous number of computations on elliptic curves, as one can see from even a perfunctory glance at [29]. A few years ago, the same could not be said for curves of higher genus, even though the theory of such curves had been developed in detail. Now, however, polynomialtime algorithms and sometimes actual programs are available for solving a wide variety of problems associated with such curves. The genus 2 case especially is becoming accessible: in light of recent work, it seems reasonable to expect that within a few years, packages will be available for doing genus 2 computations analogous to the elliptic curve computations that are currently possible in PARI, MAGMA, SIMATH, apec...

Abstract. We present the results of a systematic numerical search for genus two curves defined over the rationals such that their Jacobians are simple and have endomorphism ring equal to the ring of integers of a quartic CM field. Including the well-known example y 2 = x 5 − 1 we find 19 non-isomorphic such curves. We believe that these are the only such curves. 1.

Abstract. — We present a new method for constructing genus 2 curves over a finite field Fn with a given number of points on its Jacobian. This method has important applications in cryptography, where groups of prime order are used as the basis for discrete-log based cryptosystems. Our algorithm provides an alternative to the traditional CM method for constructing genus 2 curves. For a quartic CM field K with primitive CM type, we compute the Igusa class polynomials modulo p for certain small primes p and then use the Chinese remainder theorem (CRT) and a bound on the denominators to construct the class polynomials. We also provide an algorithm for determining endomorphism rings of ordinary Jacobians of genus 2 curves over finite fields, generalizing the work of Kohel for elliptic curves. Résumé (Un algorithme fondé sur le théorème chinois pour construire des courbes de genre 2 sur des corps finis) Nous présentons une nouvelle méthode pour construire des courbes de genre 2 sur un corps fini Fn avec un nombre donné de points sur sa jacobienne. Cette méthode a des applications importantes en cryptographie, où des groupes d’ordre premier sont employés pour former des cryptosystèmes fondés sur le logarithme discret. Notre algorithme fournit une alternative à la méthode traditionnelle de multiplication complexe pour construire des courbes de genre 2. Pour un corps quartique K à multiplication complexe de type primitif, nous calculons les polynômes de classe d’Igusa modulo p pour certain petit premiers p et employons le théorème chinois et une borne sur les dénominateurs pour construire les polynômes de classe. Nous fournissons également un algorithme pour déterminer les anneaux d’endomorphismes des jacobiennes de courbes ordinaires de genre 2 sur des corps finis, généralisant le travail de Kohel pour les courbes elliptiques.

Abstract. The complex multiplication (CM) method for genus 2 is currently the most efficient way of generating genus 2 hyperelliptic curves defined over large prime fields and suitable for cryptography. Since low class number might be seen as a potential threat, it is of interest to push the method as far as possible. We have thus designed a new algorithm for the construction of CM invariants of genus 2 curves, using 2-adic lifting of an input curve over a small finite field. This provides a numerically stable alternative to the complex analytic method in the first phase of the CM method for genus 2. As an example we compute an irreducible factor of the Igusa class polynomial system for the quartic CM field Q(i p 75 + 12 √ 17), whose class number is 50. We also introduce a new representation to describe the CM curves: a set of polynomials in (j1, j2, j3) which vanish on the precise set of triples which are the Igusa invariants of curves whose Jacobians have CM by a prescribed field. The new representation provides a speedup in the second phase, which uses Mestre’s algorithm to construct a genus 2 Jacobian of prime order over a large prime field for use in cryptography. 1

Let C be a curve of genus 2 that admits a non-hyperelliptic involution. We show that there are at most 2 isomorphism classes of elliptic curves that are quotients of degree 2 of the Jacobian of C.

Abstract. In this paper we classify curves of genus two over a perfect field k of characteristic two. We find rational models of curves with a given arithmetic structure for the ramification divisor and we give necessary and sufficient conditions for two models of the same type to be k-isomorphic. As a consequence, we obtain an explicit formula for the number of k-isomorphism classes of curves of genus two over a finite field. Moreover, we prove that the field of moduli of any curve coincides with its field of definition, by exhibiting rational models of curves with any prescribed value of their Igusa invariants. Finally, we use cohomological methods to find, for each rational model, an explicit description of its twists. In this way, we obtain a parameterization of all k-isomorphism classes of curves of genus two in terms of geometric and arithmetic invariants.