Results 1  10
of
39
An algorithm for solving the discrete log problem on hyperelliptic curves
, 2000
"... Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we de ..."
Abstract

Cited by 91 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we describe our breaking of a cryptosystem based on a curve of genus 6 recently proposed by Koblitz. 1
Formulae for Arithmetic on Genus 2 Hyperelliptic Curves
 Applicable Algebra in Engineering, Communication and Computing
, 2003
"... The ideal class group of hyperelliptic curves can be used in cryptosystems based on the discrete logarithm problem. In this article we present explicit formulae to perform the group operations for genus 2 curves. The formulae are completely general but to achieve the lowest number of operations we t ..."
Abstract

Cited by 56 (4 self)
 Add to MetaCart
(Show Context)
The ideal class group of hyperelliptic curves can be used in cryptosystems based on the discrete logarithm problem. In this article we present explicit formulae to perform the group operations for genus 2 curves. The formulae are completely general but to achieve the lowest number of operations we treat odd and even characteristic separately. We present 3 different coordinate systems which are suitable for different environments, e. g. on a smart card we should avoid inversions while in software a limited number is acceptable. The presented formulae render genus two hyperelliptic curves very useful in practice. The first system are affine coordinates where each group operation needs one inversion. Then we consider projective coordinates avoiding inversions on the cost of more multiplications and a further coordinate. Finally, we introduce a new system of coordinates and state algorithms showing that doublings are comparably cheap and no inversions are needed. A comparison between the systems concludes the paper.
Applications of Arithmetical Geometry to Cryptographic Constructions
 Proceedings of the Fifth International Conference on Finite Fields and Applications
"... Public key cryptosystems are very important tools for data transmission. Their performance and security depend on the underlying crypto primitives. In this paper we describe one such primitive: The Discrete Logarithm (DL) in cyclic groups of prime order (Section 1). To construct DLsystems we use me ..."
Abstract

Cited by 47 (1 self)
 Add to MetaCart
(Show Context)
Public key cryptosystems are very important tools for data transmission. Their performance and security depend on the underlying crypto primitives. In this paper we describe one such primitive: The Discrete Logarithm (DL) in cyclic groups of prime order (Section 1). To construct DLsystems we use methods from algebraic and arithmetic geometry and especially the theory of abelian varieties over finite fields. It is explained why Jacobian varieties of hyperelliptic curves of genus 4 are candidates for cryptographically "good" abelian varieties (Section 2). In the third section we describe the (constructive and destructive) role played by Galois theory: Local and global Galois representation theory is used to count points on abelian varieties over finite fields and we give some applications of Weil descent and Tate duality.
Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves
 Workshop on Cryptographic Hardware and Embedded Systems — CHES 2003
, 2003
"... For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements ha ..."
Abstract

Cited by 41 (12 self)
 Add to MetaCart
(Show Context)
For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements have been made, mainly restricted to curves of genus 2. The work at hand advances the stateoftheart considerably in several aspects. First, we generalize and improve the closed formulae for the group operation of genus 3 for HEC defined over fields of characteristic two. For certain curves we achieve over 50% complexity improvement compared to the best previously published results. Second, we introduce a new complexity metric for ECC and HECC defined over characteristic two fields which allow performance comparisons of practical relevance. It can be shown that the HECC performance is in the range of the performance of an ECC; for specific parameters HECC can even possess a lower complexity than an ECC at the same security level. Third, we describe the first implementation of a HEC cryptosystem on an embedded (ARM7) processor. Since HEC are particularly attractive for constrained environments, such a case study should be of relevance.
Constructing hyperelliptic curves of genus 2 suitable for cryptography
 Math. Comp
, 2003
"... Abstract. In this article we show how to generalize the CMmethod for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1. ..."
Abstract

Cited by 34 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In this article we show how to generalize the CMmethod for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1.
Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae
 In Cryptology ePrint archive, Report 2002/121
, 2002
"... We extend the explicit formulae for arithmetic on genus two curves of [13, 21] to fields of even characteristic and to arbitrary equation of the curve. These formulae can be evaluated faster than the more general Cantor algorithm and allow to obtain faster arithmetic on a hyperelliptic genus 2 curve ..."
Abstract

Cited by 33 (4 self)
 Add to MetaCart
(Show Context)
We extend the explicit formulae for arithmetic on genus two curves of [13, 21] to fields of even characteristic and to arbitrary equation of the curve. These formulae can be evaluated faster than the more general Cantor algorithm and allow to obtain faster arithmetic on a hyperelliptic genus 2 curve than on elliptic curves. We give timings for implementations using various libraries for the field arithmetic.
On the performance of hyperelliptic cryptosystems
, 1999
"... In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of ellip ..."
Abstract

Cited by 31 (5 self)
 Add to MetaCart
(Show Context)
In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of elliptic curve based digital signature schemes and schemes based on hyperelliptic curves. We conclude that, at present, hyperelliptic curves offer no performance advantage over elliptic curves.
Examples of genus two CM curves defined over the rationals
 Math. Comp
, 1999
"... Abstract. We present the results of a systematic numerical search for genus two curves defined over the rationals such that their Jacobians are simple and have endomorphism ring equal to the ring of integers of a quartic CM field. Including the wellknown example y 2 = x 5 − 1 we find 19 nonisomorp ..."
Abstract

Cited by 23 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present the results of a systematic numerical search for genus two curves defined over the rationals such that their Jacobians are simple and have endomorphism ring equal to the ring of integers of a quartic CM field. Including the wellknown example y 2 = x 5 − 1 we find 19 nonisomorphic such curves. We believe that these are the only such curves. 1.
A CRT algorithm for constructing genus 2 curves over finite fields
, 2007
"... Abstract. — We present a new method for constructing genus 2 curves over a finite field Fn with a given number of points on its Jacobian. This method has important applications in cryptography, where groups of prime order are used as the basis for discretelog based cryptosystems. Our algorithm prov ..."
Abstract

Cited by 21 (8 self)
 Add to MetaCart
(Show Context)
Abstract. — We present a new method for constructing genus 2 curves over a finite field Fn with a given number of points on its Jacobian. This method has important applications in cryptography, where groups of prime order are used as the basis for discretelog based cryptosystems. Our algorithm provides an alternative to the traditional CM method for constructing genus 2 curves. For a quartic CM field K with primitive CM type, we compute the Igusa class polynomials modulo p for certain small primes p and then use the Chinese remainder theorem (CRT) and a bound on the denominators to construct the class polynomials. We also provide an algorithm for determining endomorphism rings of ordinary Jacobians of genus 2 curves over finite fields, generalizing the work of Kohel for elliptic curves. Résumé (Un algorithme fondé sur le théorème chinois pour construire des courbes de genre 2 sur des corps finis) Nous présentons une nouvelle méthode pour construire des courbes de genre 2 sur un corps fini Fn avec un nombre donné de points sur sa jacobienne. Cette méthode a des applications importantes en cryptographie, où des groupes d’ordre premier sont employés pour former des cryptosystèmes fondés sur le logarithme discret. Notre algorithme fournit une alternative à la méthode traditionnelle de multiplication complexe pour construire des courbes de genre 2. Pour un corps quartique K à multiplication complexe de type primitif, nous calculons les polynômes de classe d’Igusa modulo p pour certain petit premiers p et employons le théorème chinois et une borne sur les dénominateurs pour construire les polynômes de classe. Nous fournissons également un algorithme pour déterminer les anneaux d’endomorphismes des jacobiennes de courbes ordinaires de genre 2 sur des corps finis, généralisant le travail de Kohel pour les courbes elliptiques.