Results 1  10
of
39
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 593 (18 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Construction of secure random curves of genus 2 over prime fields
 Advances in Cryptology – EUROCRYPT 2004, volume 3027 of Lecture Notes in Comput. Sci
, 2004
"... Abstract. For counting points of Jacobians of genus 2 curves defined over large prime fields, the best known method is a variant of Schoof’s algorithm. We present several improvements on the algorithms described by Gaudry and Harley in 2000. In particular we rebuild the symmetry that had been broken ..."
Abstract

Cited by 39 (16 self)
 Add to MetaCart
(Show Context)
Abstract. For counting points of Jacobians of genus 2 curves defined over large prime fields, the best known method is a variant of Schoof’s algorithm. We present several improvements on the algorithms described by Gaudry and Harley in 2000. In particular we rebuild the symmetry that had been broken by the use of Cantor’s division polynomials and design a faster division by 2 and a division by 3. Combined with the algorithm by Matsuo, Chao and Tsujii, our implementation can count the points on a Jacobian of size 164 bits within about one week on a PC. 1
Fast genus 2 arithmetic based on theta functions
 J.Math.Cryptol.1 (2007), 243–265. MR2372155 (2009f:11156
"... Abstract. In 1986, D. V. Chudnovsky and G. V. Chudnovsky proposed to use formulae coming from Theta functions for the arithmetic in Jacobians of genus 2 curves. We follow this idea and derive fast formulae for the scalar multiplication in the Kummer surface associated to a genus 2 curve, using a Mon ..."
Abstract

Cited by 32 (7 self)
 Add to MetaCart
(Show Context)
Abstract. In 1986, D. V. Chudnovsky and G. V. Chudnovsky proposed to use formulae coming from Theta functions for the arithmetic in Jacobians of genus 2 curves. We follow this idea and derive fast formulae for the scalar multiplication in the Kummer surface associated to a genus 2 curve, using a Montgomery ladder. Our formulae can be used to design very efficient genus 2 cryptosystems that should be faster than elliptic curve cryptosystems in some hardware configurations.
Abelian varieties with prescribed embedding degree
"... Abstract. We present an algorithm that, on input of a CMfield K, an integer k ≥ 1, and a prime r ≡ 1 mod k, constructs a qWeil number π ∈ OK corresponding to an ordinary, simple abelian variety A over the field F of q elements that has an Frational point of order r and embedding degree k with res ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We present an algorithm that, on input of a CMfield K, an integer k ≥ 1, and a prime r ≡ 1 mod k, constructs a qWeil number π ∈ OK corresponding to an ordinary, simple abelian variety A over the field F of q elements that has an Frational point of order r and embedding degree k with respect to r. We then discuss how CMmethods over K can be used to explicitly construct A. 1
Constructing pairingfriendly genus 2 curves over prime fields with ordinary Jacobians
 IN: PROCEEDINGS OF PAIRING 2007, LNCS 4575
, 2007
"... We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large primeorder subgroups, and have small embedding degree. Our algorithm is modeled on the CocksPinch method for constructing pairingfriendly elliptic curves [5], and works for a ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large primeorder subgroups, and have small embedding degree. Our algorithm is modeled on the CocksPinch method for constructing pairingfriendly elliptic curves [5], and works for arbitrary embedding degrees k and prime subgroup orders r. The resulting abelian surfaces are defined over prime fields Fq with q ≈ r 4. We also provide an algorithm for constructing genus 2 curves over prime fields Fq with ordinary Jacobians J having the property that J[r] ⊂ J(Fq) or J[r] ⊂ J(F q k) for any even k.
Class invariants for quartic CM fields
, 2004
"... Abstract. One can define class invariants for a quartic primitive CM field K as special values of certain Siegel (or Hilbert) modular functions at CM points corresponding to K. Such constructions were given in [DSG] and [Lau]. We provide explicit bounds on the primes appearing in the denominators of ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
(Show Context)
Abstract. One can define class invariants for a quartic primitive CM field K as special values of certain Siegel (or Hilbert) modular functions at CM points corresponding to K. Such constructions were given in [DSG] and [Lau]. We provide explicit bounds on the primes appearing in the denominators of these algebraic numbers. This allows us, in particular, to construct Sunits in certain abelian extensions of a reflex field of K, where S is effectively determined by K, and to bound the primes appearing in the denominators of the Igusa class polynomials arising in the construction of genus 2 curves with CM, as conjectured in [Lau]. 1.
Computing endomorphism rings of jacobians of genus 2 curves
 In Symposium on Algebraic Geometry and its Applications, Tahiti
, 2006
"... Abstract. We present probabilistic algorithms which, given a genus 2 curve C defined over a finite field and a quartic CM field K, determine whether the endomorphism ring of the Jacobian J of C is the full ring of integers in K. In particular, we present algorithms for computing the field of definit ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We present probabilistic algorithms which, given a genus 2 curve C defined over a finite field and a quartic CM field K, determine whether the endomorphism ring of the Jacobian J of C is the full ring of integers in K. In particular, we present algorithms for computing the field of definition of, and the action of Frobenius on, the subgroups J[ℓ d] for prime powers ℓ d. We use these algorithms to create the first implementation of Eisenträger and Lauter’s algorithm for computing Igusa class polynomials via the Chinese Remainder Theorem [EL], and we demonstrate the algorithm for a few small examples. We observe that in practice the running time of the CRT algorithm is dominated not by the endomorphism ring computation but rather by the need to compute p 3 curves for many small primes p. 1.
Genus 2 curves with complex multiplication
 International Mathematics Research Notices
"... While the main goal of this paper is to give a bound on the denominators of Igusa class polynomials of genus 2 curves, our motivation is twofold: on the one hand we are interested in applications to cryptography via the use of genus 2 curves with a prescribed number of points, and on the other han ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
While the main goal of this paper is to give a bound on the denominators of Igusa class polynomials of genus 2 curves, our motivation is twofold: on the one hand we are interested in applications to cryptography via the use of genus 2 curves with a prescribed number of points, and on the other hand, we are interested in construction of class invariants with a view towards
EXPLICIT CMTHEORY FOR LEVEL 2STRUCTURES ON ABELIAN SURFACES
"... Abstract. For a complex abelian surface A with endomorphism ring isomorphic to the maximal order in a quartic CMfield K, the Igusa invariants j1(A), j2(A), j3(A) generate an unramified abelian extension of the reflex field of K. In this paper we give an explicit geometric description of the Galois ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Abstract. For a complex abelian surface A with endomorphism ring isomorphic to the maximal order in a quartic CMfield K, the Igusa invariants j1(A), j2(A), j3(A) generate an unramified abelian extension of the reflex field of K. In this paper we give an explicit geometric description of the Galois action of the class group of this reflex field on j1(A), j2(A), j3(A). Our description can be expressed by maps between various Siegel modular varieties, and we can explicitly compute the action for ideals of small norm. We use the Galois action to modify the CRT method for computing Igusa class polynomials, and our run time analysis shows that this yields a significant improvement. Furthermore, we find cycles in isogeny graphs for abelian surfaces, thereby implying that the ‘isogeny volcano ’ algorithm to compute endomorphism rings of ordinary elliptic curves over finite fields does not have a straightforward generalization to computing endomorphism rings of abelian surfaces over finite fields. 1.
Computing Igusa class polynomials
, 2008
"... We give an algorithm that computes the genus two class polynomials of a primitive quartic CM field K, and we give a runtime bound and a proof of correctness of this algorithm. This is the first proof of correctness and the first runtime bound of any algorithm that computes these polynomials. Our alg ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
We give an algorithm that computes the genus two class polynomials of a primitive quartic CM field K, and we give a runtime bound and a proof of correctness of this algorithm. This is the first proof of correctness and the first runtime bound of any algorithm that computes these polynomials. Our algorithm uses complex analysis and runs in time e O( ∆ 7/2), where ∆ is the discriminant of K. 1