Abstract
It is widely believed that genus four hyperelliptic curve cryptosystems (HECC) are not attractive for practical applications because of their complexity compared to systems based on lower genera, especially elliptic curves. Our contribution shows that for low cost security applications genus-4 hyperelliptic curves (HEC) can outperform genus-2 HEC and that we can achieve a performance similar to genus-3 HEC. Furthermore our implementation results show that a genus-4 HECC is an alternative cryptosystem to systems based on elliptic curves.
In the work at hand we present for the first time explicit formulae for genus-4 HEC, resulting in a 60% speed-up compared to the best published results. In addition we implemented genus-4 HECC on a Pentium4 and an ARM microprocessor. Our implementations on the ARM show that for genus four HECC are only a factor of 1.66 slower than genus-2 curves considering group order ≈ 2190. For the same group order ECC and genus-3 HECC are about a factor of 2 faster than genus-4 curves on the ARM. The two most surprising results are: 1) for low cost security application, namely considering an underlying group of order 2128, HECC with genus 4 outperform genus-2 curves by a factor of 1.46 and has similar performance to genus-3 curves on the ARM and 2) when compared to genus-2 and genus-3, genus-4 HECC are better suited to embedded microprocessors than to general purpose processors.
Chapter PDF
References
Adlemann, L.M., DeMarrais, J., Huang, M.-D.: A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 28–40. Springer, Heidelberg (1994)
Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. In: Jantke, K.P. (ed.) AII 1986. LNCS, vol. 265, Springer, Heidelberg (1987)
Borriello, G., Want, R.: Embedded computation meets the world wide web. Communications of the ACM 43(5), 59–66 (2000)
Boston, N., Clancy, T., Liow, Y., Webster, J.: Genus Two Hyperelliptic Curve Coprocessor. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 400–414. Springer, Heidelberg (2003)
Cantor, D.G.: Computing in Jacobian of a Hyperelliptic Curve. Mathematics of Computation 48(177), 95–101 (1987)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)
Enge, A.: Computing discrete logarithms in high-genus hyperelliptic jacobians in provably subexponential time (1999) (preprint), Available at http://www.math.waterloo.ca/Cond0_Dept/CORR/corr99.html
Enge, A., Gaudry, P.: A general framework for subexponential discrete logarithm algorithms. Acta Arith. 102, 83–103 (2002)
Estrin, D., Govindan, R., Heidemann, J.: Embedding the Internet. Communications of the ACM 43(5), 39–41 (2000)
Flassenberg, R., Paulus, S.: Sieving in function fields (1997), To appear in Experimental Mathematics, Available at ftp://ftp.informatik.tu-darmstadt.de/pub/TI/TR/TI-97-13.rafla.ps.gz ;
Frey, G., Rück, H.-G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation 62(206), 865–874 (1994)
Galbraith, S.D.: Supersingular Curves in Cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–517. Springer, Heidelberg (2001)
Gallant, R., Lambert, R., Vanstone, S.: Improving the parallelized Pollard lambda search on anomalous binary curves. Mathematics of Computation 69(232), 1699–1705 (2000)
Gaudry, P.: An algorithm for solving the discrete log problem on hyperelliptic curves. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 19–34. Springer, Heidelberg (2000)
Gaudry, P., Harley, R.: Counting Points on Hyperelliptic Curves over Finite Fields. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 297–312. Springer, Heidelberg (2000)
Harley, R.: Fast Arithmetic on Genus Two Curves (2000), Available at http://cristal.inria.fr/~harley/hyper/
Koblitz, N.: Elliptic Curve Cryptosystems. Mathematics of Computation 48, 203–209 (1987)
Koblitz, N.: A Family of Jacobians Suitable for Discrete Log Cryptosystems. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 94–99. Springer, Heidelberg (1990)
Koblitz, N.: Hyperelliptic Cryptosystems. Brickell, E.F. (ed.) Journal of Cryptology, 139–150 (1989)
Koblitz, N.: Algebraic Aspects of Cryptography. Algorithms and Computation in Mathematics. Springer, Heidelberg (1998)
Krieger, U.: signature.c. Master’s thesis, Universität Essen, Fachbereich 6 (Mathematik und Informatik) (February 1997) (Diplomarbeit)
Kuroki, J., Gonda, M., Matsuo, K., Chao, J., Tsujii, S.: Fast Genus Three Hyperelliptic Curve Cryptosystems. In: The 2002 Symposium on Cryptography and Information Security, SCIS 2002, Japan, January 29-February 1 (2002)
Lange, T.: Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae. Cryptology ePrint Archive, Report 2002/121 (2002), http://eprint.iacr.org/
Lange, T.: Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves. Cryptology ePrint Archive, Report 2002/147 (2002), http://eprint.iacr.org/
Lange, T.: Weighted Coordinates on Genus 2 Hyperelliptic Curves. Cryptology ePrint Archive, Report 2002/153 (2002), http://eprint.iacr.org/
Lenstra, A., Verheul, E.: Selecting Cryptographic Key Sizes. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 446–465. Springer, Heidelberg (2000)
Matsuo, K., Chao, J., Tsujii, S.: Fast Genus Two Hyperelliptic Curve Cryptosystems. In: ISEC 2001-31, IEICE (2001)
Menezes, J., Wu, Y.-H., Zuccherato, R.: An elementary introduction to hyperelliptic curves. In: Koblitz, N. (ed.) Algebraic Aspects of Cryptography, Springer, Heidelberg (1996)
Miller, V.: Uses of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Miyamoto, Y., Doi, H., Matsuo, K., Chao, J., Tsuji, S.: A Fast Addition Algorithm of Genus Two Hyperelliptic Curves. In: SCIS, IEICE Japan, pp. 497–502 (2002) (in Japanese)
Mumford, D.: Tata lectures on theta II. In: Prog. Math., vol. 43, Birkhäuser, Basel (1984)
Nagao, K.: Improving group law algorithms for Jacobians of hyperelliptic curves. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 439–448. Springer, Heidelberg (2000)
Pelzl, J.: Hyperelliptic Cryptosystems on Embedded Microprocessors. Master’s thesis, Fakultät für Elektrotechnik und Informationstechnik, Ruhr-Universität Bochum (September 2002) (Diplomarbeit)
Pelzl, J., Wollinger, T., Guajardo, J., Paar, C.: Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 351–365. Springer, Heidelberg (2003)
Pollard, J.M.: Monte Carlo methods for index computation mod p. Mathematics of Computation 32(143), 918–924 (1978)
Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Rück, H.-G.: On the discrete logarithm in the divisor class group of curves. Mathematics of Computation 68(226), 805–806 (1999)
Sakai, Y., Sakurai, K.: Design of Hyperelliptic Cryptosystems in small Characteristic and a Software Implementation over \(\mathbb{F}_{2^n}\). In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 80–94. Springer, Heidelberg (1998)
Sakai, Y., Sakurai, K.: On the Practical Performance of Hyperelliptic Curve Cryptosystems in Software Implementation. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E83-A(4), 692–703 (2000)
Scholten, J., Zhu, J.: Hyperelliptic curves in characteristic 2. International Mathematics Research Notices 2002(17), 905–917 (2002)
Shoup, V.: NTL: A libary for doing Number Theory, version 5.0c (2001), http://www.shoup.net/ntl/index.html
Smart, N.P.: On the Performance of Hyperelliptic Cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 165–175. Springer, Heidelberg (1999)
Takahashi, M.: Improving Harley Algorithms for Jacobians of Genus 2 Hyperelliptic Curves. In: SCIS, IEICE Japan (2002) ( in Japanese)
Thériault, N.: Index calculus attack for hyperelliptic curves of small genus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 75–92. Springer, Heidelberg (2003)
Wiedemann, D.H.: Solving Sparse Linear Equations Over Finite Fields. IEEE Transactions on Information Theory IT-32(1), 54–62 (1986)
Wollinger, T.: Computer Architectures for Cryptosystems Based on Hyperelliptic Curves. Master’s thesis, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA (May 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pelzl, J., Wollinger, T., Paar, C. (2004). Low Cost Security: Explicit Formulae for Genus-4 Hyperelliptic Curves. In: Matsui, M., Zuccherato, R.J. (eds) Selected Areas in Cryptography. SAC 2003. Lecture Notes in Computer Science, vol 3006. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24654-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-24654-1_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21370-3
Online ISBN: 978-3-540-24654-1
eBook Packages: Springer Book Archive