Date: 18 May 2001

Efficient Algorithms for the Construction of Hyperelliptic Cryptosystems

Abstract

The jacobian of hyperelliptic curves, including elliptic curves as a special case, offers a good primitive for cryptosystems, since cryptosystems (discrete logarithms) based on the jacobians seem to be more intractable than those based on conventional multiplicative groups. In this paper, we show that the problem to determine the group structure of the jacobian can be characterized to be in NP ∩ co-NP, when the jacobian is a non-degenerate type (“non-half-degenerate”). We also show that the hyperelliptic discrete logarithm can be characterized to be in NP ∩ co-NP, when the group structure is non-half-degenerate. Moreover, we imply the reducibility of the hyperelliptic discrete logarithm to a multiplicative discrete logarithm. The extended Weil pairing over the jacobian is the key tool for these algorithms.