Results 1  10
of
12
Constructing hyperelliptic curves of genus 2 suitable for cryptography
 Math. Comp
, 2003
"... Abstract. In this article we show how to generalize the CMmethod for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1. ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
Abstract. In this article we show how to generalize the CMmethod for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1.
Abelian varieties with prescribed embedding degree
"... Abstract. We present an algorithm that, on input of a CMfield K, an integer k ≥ 1, and a prime r ≡ 1 mod k, constructs a qWeil number π ∈ OK corresponding to an ordinary, simple abelian variety A over the field F of q elements that has an Frational point of order r and embedding degree k with res ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
Abstract. We present an algorithm that, on input of a CMfield K, an integer k ≥ 1, and a prime r ≡ 1 mod k, constructs a qWeil number π ∈ OK corresponding to an ordinary, simple abelian variety A over the field F of q elements that has an Frational point of order r and embedding degree k with respect to r. We then discuss how CMmethods over K can be used to explicitly construct A. 1
Constructing pairingfriendly genus 2 curves over prime fields with ordinary Jacobians
 IN: PROCEEDINGS OF PAIRING 2007, LNCS 4575
, 2007
"... We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large primeorder subgroups, and have small embedding degree. Our algorithm is modeled on the CocksPinch method for constructing pairingfriendly elliptic curves [5], and works for a ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large primeorder subgroups, and have small embedding degree. Our algorithm is modeled on the CocksPinch method for constructing pairingfriendly elliptic curves [5], and works for arbitrary embedding degrees k and prime subgroup orders r. The resulting abelian surfaces are defined over prime fields Fq with q ≈ r 4. We also provide an algorithm for constructing genus 2 curves over prime fields Fq with ordinary Jacobians J having the property that J[r] ⊂ J(Fq) or J[r] ⊂ J(F q k) for any even k.
Computing endomorphism rings of jacobians of genus 2 curves
 In Symposium on Algebraic Geometry and its Applications, Tahiti
, 2006
"... Abstract. We present probabilistic algorithms which, given a genus 2 curve C defined over a finite field and a quartic CM field K, determine whether the endomorphism ring of the Jacobian J of C is the full ring of integers in K. In particular, we present algorithms for computing the field of definit ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
Abstract. We present probabilistic algorithms which, given a genus 2 curve C defined over a finite field and a quartic CM field K, determine whether the endomorphism ring of the Jacobian J of C is the full ring of integers in K. In particular, we present algorithms for computing the field of definition of, and the action of Frobenius on, the subgroups J[ℓ d] for prime powers ℓ d. We use these algorithms to create the first implementation of Eisenträger and Lauter’s algorithm for computing Igusa class polynomials via the Chinese Remainder Theorem [EL], and we demonstrate the algorithm for a few small examples. We observe that in practice the running time of the CRT algorithm is dominated not by the endomorphism ring computation but rather by the need to compute p 3 curves for many small primes p. 1.
Distortion maps for genus two curves
 Proceedings of a workshop on Mathematical Problems and Techniques in Cryptology, CRM
, 2005
"... Abstract. Distortion maps are a useful tool for pairing based cryptography. Compared with elliptic curves, the case of hyperelliptic curves of genus g> 1 is more complicated since the full torsion subgroup has rank 2g. In this paper we prove that distortion maps always exist for supersingular curves ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. Distortion maps are a useful tool for pairing based cryptography. Compared with elliptic curves, the case of hyperelliptic curves of genus g> 1 is more complicated since the full torsion subgroup has rank 2g. In this paper we prove that distortion maps always exist for supersingular curves of genus g> 1 and we give several examples in genus 2.
A Generalized BrezingWeng Algorithm for Constructing PairingFriendly Ordinary Abelian Varieties
"... Abstract. We give an algorithm that produces families of Weil numbers for ordinary abelian varieties over finite fields with prescribed embedding degree. The algorithm uses the ideas of Freeman, Stevenhagen, and Streng to generalize the BrezingWeng construction of pairingfriendly elliptic curves. ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. We give an algorithm that produces families of Weil numbers for ordinary abelian varieties over finite fields with prescribed embedding degree. The algorithm uses the ideas of Freeman, Stevenhagen, and Streng to generalize the BrezingWeng construction of pairingfriendly elliptic curves. We discuss how CM methods can be used to construct these varieties, and we use our algorithm to give examples of pairingfriendly ordinary abelian varieties of dimension 2 and 3 that are absolutely simple and have smaller ρvalues than any previous such example.
Improved CRT algorithm for class polynomials in genus 2.” In: Algorithmic Number Theory — ANTSX. Edited by Everett Howe and Kiran Kedlaya
 Mathematical Science Publishers
"... Abstract. We present a generalization to genus 2 of the probabilistic algorithm in Sutherland [28] for computing Hilbert class polynomials. The improvement over the algorithm presented in [5] for the genus 2 case, is that we do not need to find a curve in the isogeny class with endomorphism ring whi ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. We present a generalization to genus 2 of the probabilistic algorithm in Sutherland [28] for computing Hilbert class polynomials. The improvement over the algorithm presented in [5] for the genus 2 case, is that we do not need to find a curve in the isogeny class with endomorphism ring which is the maximal order: rather we present a probabilistic algorithm for “going up ” to a maximal curve (a curve with maximal endomorphism ring), once we find any curve in the right isogeny class. Then we use the structure of the Shimura class group and the computation of (ℓ, ℓ)isogenies to compute all isogenous maximal curves from an initial one. This article is an extended version of the version published at ANTS X. 1.
A generalized BrezingWeing method for constructing pairingfriendly ordinary abelian varieties: Additional examples
"... Families of pairingfriendly abelian surfaces Below we give data and example curves for all of the families of abelian surfaces with ρ < 8 that we found using Algorithm 3.7 of [1]. For each family we give the following data: • the embedding degree k, • the CM field K and polynomial r(x) input into A ..."
Abstract
 Add to MetaCart
Families of pairingfriendly abelian surfaces Below we give data and example curves for all of the families of abelian surfaces with ρ < 8 that we found using Algorithm 3.7 of [1]. For each family we give the following data: • the embedding degree k, • the CM field K and polynomial r(x) input into Algorithm 3.7, • the π(x) output by the algorithm, and • the ρvalue of the family (π, r). We also give an example curve in each family. We used Algorithm 4.1 of [1] to find a value x0 for which q(x0) = π(x0)π(x0) is prime and r(x0) has a large prime factor. Since we are looking for varieties with primeorder subgroups of at least 160bits, we input the value y0 = 2 ⌊160 / deg r⌋+1 into Algorithm 4.1. Given the output, we then used CM methods to construct a curve over F q(x0) whose Jacobian has the specified number of points. We give our results in the following format: • The values x0 and h output by Algorithm 4.1, as well as the values of a and b used in Step (1) of that algorithm, • a genus 2 curve C over F q(x0) whose Jacobian has CM by K, • the number of points on Jac(C)(F q(x0)), • the bit size of the primeorder subgroup on Jac(C) (i.e., of r(x0)/h), and • the ρvalue of Jac(C) with respect to r(x0)/h. In all cases except the k = 6 example, we started with a curve defined over Q whose Jacobian has CM by K and found the appropriate twist of the curve over F q(x0). Equations for these curves are given by van Wamelen [6]. The remaining case uses a CM field K for which there are no curves over Q with CM by K. In this case we used the database maintained by David Kohel [3] to compute the absolute Igusa invariants of C, and then contructed C via Mestre’s algorithm [5]. We note that some of the van Wamelen’s curve equations are nonmonic and/or of degree 6. Monic, degree5 models of these curves can easily be obtained by a change of variables; we chose to keep van Wamelen’s equations in order to minimize the size of the coefficients. For completeness, we repeat here the examples that appear in Section 5 of [1]. Note that the values of π(x) below may differ from those in the earlier examples due to different choices of αi and βi in Algorithm 3.7. In some cases these will be a permutation of the earlier choices and the q(x) obtained will be the same.
On the Decisional DiffieHellman Problem in genus 2
"... Memòria presentada per optar al grau de Doctor en Matemàtiques. Barcelona, juliol de 2006. Directors: Dra. Paz Morillo, Dr. Steven GalbraithResum En aquesta tesi tractem el problema Decisional de DiffieHellman en el grup de punts de la varietat Jacobiana de corbes supersingulars de gènere dos sobre ..."
Abstract
 Add to MetaCart
Memòria presentada per optar al grau de Doctor en Matemàtiques. Barcelona, juliol de 2006. Directors: Dra. Paz Morillo, Dr. Steven GalbraithResum En aquesta tesi tractem el problema Decisional de DiffieHellman en el grup de punts de la varietat Jacobiana de corbes supersingulars de gènere dos sobre cossos finits. La solució a aquest problema és interessant per a criptografia de clau pública, especialment en signatures digitals i en sistemes de criptografia basada en la identitat. L’existència d’un aparellament bilineal i no degenerat en aquests grups redueix la solució del problema DDH a l’existència de prous funcions de distorsió. Aquestes funcions es troben a l’anell d’endomorfismes de la varietat Jacobiana. Mostrem exemples de corbes supersingulars, sobre cossos finits de característica parell i de carecterística senar, tals que l’àlgebra d’endomorfismes té dimensió 16 sobre els racionals i solucionem el problema DDH en alguns d’aquests exemples.
EVALUATING IGUSA FUNCTIONS
"... Abstract. The moduli space of principally polarized abelian surfaces is parametrized by three Igusa functions. In this article we investigate a new way to evaluate these functions by using Siegel Eisenstein series. We explain how to compute the Fourier coefficients of certain Siegel modular forms us ..."
Abstract
 Add to MetaCart
Abstract. The moduli space of principally polarized abelian surfaces is parametrized by three Igusa functions. In this article we investigate a new way to evaluate these functions by using Siegel Eisenstein series. We explain how to compute the Fourier coefficients of certain Siegel modular forms using classical modular forms of halfintegral weight. One of the results in this paper is an explicit algorithm to evaluate the Igusa functions to a prescribed precision. 1.