The 2-Adic CM Method for Genus 2 Curves with Application to Cryptography

  • P. Gaudry
  • T. Houtmann
  • D. Kohel
  • C. Ritzenthaler
  • A. Weng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4284)

Abstract

The complex multiplication (CM) method for genus 2 is currently the most efficient way of generating genus 2 hyperelliptic curves defined over large prime fields and suitable for cryptography. Since low class number might be seen as a potential threat, it is of interest to push the method as far as possible. We have thus designed a new algorithm for the construction of CM invariants of genus 2 curves, using 2-adic lifting of an input curve over a small finite field. This provides a numerically stable alternative to the complex analytic method in the first phase of the CM method for genus 2. As an example we compute an irreducible factor of the Igusa class polynomial system for the quartic CM field ℚ \((i\sqrt{75 + 12\sqrt{17}})\), whose class number is 50. We also introduce a new representation to describe the CM curves: a set of polynomials in (j1,j2,j3) which vanish on the precise set of triples which are the Igusa invariants of curves whose Jacobians have CM by a prescribed field. The new representation provides a speedup in the second phase, which uses Mestre’s algorithm to construct a genus 2 Jacobian of prime order over a large prime field for use in cryptography.

References

  1. 1.
    Arno, S., Bailey, D.H., Ferguson, H.R.P.: Analysis of PSLQ, an integer relation finding algorithm. Math. Comp. 68(225), 351–369 (1999)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Avanzi, R.: Aspects of hyperelliptic curves over large prime fields in software implementations (preprint, 2003), Available at: http://eprint.iacr.org/2003/253
  3. 3.
    Borel, A., Chowla, S., Herz, C.S., Iwasawa, K., Serre, J.-P.: Seminar on complex multiplication. Lecture Notes in Math., vol. 21. Springer, Heidelberg (1966)MATHGoogle Scholar
  4. 4.
    Borevitch, Z.I., Shafarevich, I.R.: Number theory. Pure and Applied Mathematics, vol. 20. Academic Press Inc., New York (1966)Google Scholar
  5. 5.
    Bost, J.-B., Mestre, J.-F.: Moyenne arithmético-géométrique et périodes de courbes de genre 1 et 2. Gaz. Math. Soc. 38, 36–64 (1988)MATHMathSciNetGoogle Scholar
  6. 6.
    Bröker, R., Stevenhagen, P.: Elliptic curves with a given number of points. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 117–131. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Bröker, R.M.: Constructing elliptic curves of prescribed order. Ph.D thesis, Thomas Stieltjes Institute for Mathematics (2006)Google Scholar
  8. 8.
    Carls, R.: A generalized arithmetic geometric mean. Ph.D thesis, Rijksuniversiteit Groningen (2004)Google Scholar
  9. 9.
    Chao, J., Matsuo, K., Kawashiro, H., Tsujii, S.: Construction of hyperelliptic curves with CM and its application to cryptosystems. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 259–273. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Cohen, H.: A course in algorithmic algebraic number theory. Graduate Texts in Mathematics, vol. 138. Springer, Heidelberg (1993); Second corrected printing (1995) Google Scholar
  11. 11.
    Cohen, H., Lenstra Jr., H.W.: Heuristics on class groups of number fields. In: Number theory, Noordwijkerhout 1983. Lecture Notes in Math., vol. 1068, pp. 33–62. Springer, Berlin (1984)CrossRefGoogle Scholar
  12. 12.
    The University of Sydney Computational Algebra Group. Magma online handbook (2006), http://magma.maths.usyd.edu.au/magma/htmlhelp/MAGMA.htm
  13. 13.
    Couveignes, J.-M., Henocq, T.: Action of modular correspondences around CM points. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 234–243. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Deuring, M.: Die Typen der Multiplikatoringe elliptischer Funktionenkörper. Abh. Math. Sem. Hansischen 14, 197–272 (1941)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Dupont, R.: Moyenne arithmético-géométrique, suites de Borchardt et applications. Ph.D thesis, École polytechnique (2006)Google Scholar
  16. 16.
    Eisentrager, K., Lauter, K.: Computing Igusa class polynomials via Chinese Remainder Theorem 2004 (preprint, 2004), Available at: http://arxiv.org/abs/math.NT/0405305
  17. 17.
    Gaudry, P.: Fast genus 2 arithmetic based on Theta functions (preprint, 2005), available at: http://eprint.iacr.org/2005/314
  18. 18.
    Gaudry, P., Schost, É.: Construction of secure random curves of genus 2 over prime fields. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 239–256. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Goren, E.Z.: On certain reduction problems concerning abelian surfaces. Manuscripta math. 94, 33–43 (1997)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Goren, E.Z., Lauter, K.: Class invariants for quartic CM fields (preprint, 2004), available at: http://arxiv.org/abs/math.NT/0404378
  21. 21.
    Koblitz, N.: p-adic Numbers, p-adic Analysis and Zeta-Functions. Graduate Texts in Mathematics, vol. 58. Springer, Heidelberg (1984)Google Scholar
  22. 22.
    Lange, T., Stevens, M.: Efficient doubling on genus two curves over binary fields. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 170–181. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Lercier, R., Lubicz, D.: A quasi quadratic time algorithm for hyperelliptic curve point counting. J. Ramanujan Math. Soc. (to appear)Google Scholar
  24. 24.
    Lercier, R., Riboulet-Deyris, E.: Elliptic curves with complex multiplication. Posting to the Number Theory List (2004), Avaliable at: http://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind0401&L=nmbrthry&P=R305
  25. 25.
    Lubin, J., Serre, J.-P., Tate, J.: Elliptic curves and formal groups. Lecture notes prepared in connection with the seminars held at the Summer Institute on Algebraic Geometry, Whitney Estate, Woods Hole, Massachusetts, July 6-July 31(1964), Scanned copies available at: http://www.ma.utexas.edu/users/voloch/lst.html
  26. 26.
    Mestre, J.-F.: Algorithmes pour compter des points de courbes en petite caractéristique et en petit genre. Talk given in Rennes in March 2002, Notes written by Lubicz, D.(2002)Google Scholar
  27. 27.
    Mestre, J.-F.: Utilisation de l’AGM pour le calcul de \(E(F_{2^n})\). Lettre adressée à Gaudry et Harley (Décember 2000)Google Scholar
  28. 28.
    Mestre, J.-F.: Construction de courbes de genre 2 à partir de leurs modules. In: Mora, T., Traverso, C. (eds.) Effective methods in algebraic geometry. Progr. Math., vol. 94, pp. 313–334. Birkhäuser, Basel (1991)Google Scholar
  29. 29.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundamentals E84-A(5) (May 2001)Google Scholar
  30. 30.
    Nguên, P.Q., Stehlé, D.: Floating-Point LLL Revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Pelzl, J., Wollinger, T., Guajardo, J., Paar, C.: Hyperelliptic curve cryptosystems: Closing the performance gap to elliptic curves (preprint, 2003)Google Scholar
  32. 32.
    Satoh, T.: The canonical lift of an ordinary elliptic curve over a finite field and its point counting. J. Ramanujan Math. Soc. 15(4), 247–270 (2000)MATHMathSciNetGoogle Scholar
  33. 33.
    Shimura, G.: Abelian Varieties with complex multiplication and modular functions, revised edition. Princeton University Press, Princeton (1998)MATHGoogle Scholar
  34. 34.
    Shoup, V.: NTL: A library for doing number theory, http://www.shoup.net/ntl/
  35. 35.
    Spallek, A.-M.: Kurven vom Geschlecht 2 und ihre Anwendung in Public-Key-Kryptosystemen. Ph.D thesis, Universität Gesamthochschule Essen (July 1994)Google Scholar
  36. 36.
    Stehlé, D.: fplll-1.2 a lattice LLL-reduction program (2006), Available at: http://www.loria.fr/~stehle
  37. 37.
    Thomé, E.: Multi-Precision for LOCal-fields library, still under development (2006), see http://www.loria.fr/~thome
  38. 38.
    van Wamelen, P.: Examples of genus two CM curves defined over the rationals. Math. Comp. 68(225), 307–320 (1999)MATHCrossRefMathSciNetGoogle Scholar
  39. 39.
    Vercauteren, F.: Computing zeta functions of curves over finite fields. Ph.D thesis, Katholieke Universiteit Leuven (2003)Google Scholar
  40. 40.
    Weng, A.: Konstruktion kryptographisch geeigneter Kurven mit komplexer Multiplikation. Ph.D thesis, Universität GH Essen (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • P. Gaudry
    • 1
    • 2
  • T. Houtmann
    • 2
  • D. Kohel
    • 3
  • C. Ritzenthaler
    • 4
  • A. Weng
    • 2
  1. 1.LORIA – Projet SPACESVandoeuvre-lès-Nancy CedexFrance
  2. 2.Laboratoire d’Informatique (LIX), École polytechniquePalaiseau CedexFrance
  3. 3.School of Mathematics and StatisticsThe University of SydneyAustralia
  4. 4.Institut de Mathématiques de LuminyMarseille Cedex 9France

Personalised recommendations