# Construction of Hyperelliptic Curves with CM and Its Application to Cryptosystems

## Abstract

Construction of secure hyperelliptic curves is of most important yet most dificult problem in design of cryptosystems based on the discrete logarithm problems on hyperelliptic curves. Presently the only accessible approach is to use CM curves. However, to find models of the CM curves is nontrivial. The popular approach uses theta functions to derive a projective embedding of the Jacobian varieties, which needs to calculate the theta functions to very high precision. As we show in this paper, it costs computation time of an exponential function in the discriminant of the CM field. This paper presents new algorithms to find explicit models of hyperelliptic curves with CM. Algorithms for CM test of Jacobian varieties of algebraic curves and to lift from small finite fields both the models and the invariants of CM curves are presented. We also show that the proposed algorithm for invariants lifting has complexity of a polynomial time in the discriminant of the CM field.

## Keywords

Elliptic Curf Theta Function Abelian Variety Algebraic Number Minimal Polynomial## References

- 1.L. M. Adleman, M. D. A. Huang, “Primality Testing and Abelian Varieties Over Finite Fields,” Springer-Verlag, (1992.)Google Scholar
- 2.L. M. Adleman, J. DeMarrais, M. D. Huang, “A Subexponential Algorithms for Discrete Logarithms over the Rational Subgroup of the Jacobians of Large Genus Hyperelliptic Curves over Finite Fields,” Proc. of ANTS95, Springer, (1995)Google Scholar
- 3.L. M. Adleman, M. D. Huang, “Counting rational points on curves and Abelian varieties over finite fields” Henri Cohen (Ed) “Algorithmic number theory” Lecture Notes in Computer Science, 1122, Second International Symposium, ANTS-II, Proceedings, p.1–16. 1996Google Scholar
- 4.S. Arita, “Public key cryptosystems with
*C*_{ab}curve (II)” IEICE, Symposium on Cryptography and Information Security, SCIS’98, 7.1–B, 1998–1.Google Scholar - 5.A. O. L. Atkin, F. Morain, “Elliptic Curves and Primality Proving”, Research Report 1256, INRIA, (1990).Google Scholar
- 6.D. Cantor, “Computing in the jacobian of hyperelliptic curve,” Math. Comp., vol.48, p.95–101, (1987)zbMATHCrossRefMathSciNetGoogle Scholar
- 7.J. Chao, N. Matsuda, S. Tsujii, “Efficient construction of secure hyperelliptic discrete logarithm problems” Springer-Verlag Lecture Notes on Computer Science, Vol.1334, pp.292–301, “Information and Communication Security” Y. Han, T. Okamoto, S. Qing (Eds.) Proceedings of First International Conference ICICS’97, Beijing, China, Nov. 1997.Google Scholar
- 8.J. Chao, K. Matsuo, S. Tsujii “Fast construction of secure discrete logarithm problems over Jacobian varieties,” Information Security for Global Information Infrastructures: IFIP TC 11 16th Annual Working Conference on Information Security, S. Qing and J. Elo. (Eds.), Kluwer, July 2000.Google Scholar
- 9.H. Cohen “A course in computational algebraic number theory,” Springer, GTM-138, 1995.Google Scholar
- 10.J. de Jong, R. Noot, “Jacobians with complex multiplication,” Arithmetic Algebraic Geometry, Birkhäuser PM89, pp.177–192, 1991.Google Scholar
- 11.Duursma, Gaudry, Morain, “Speeding up the discrete log computation on curves with automorphism”, Proceeding. Asiacrypt-99, 1999.Google Scholar
- 12.G. Frey, H.G. Rück, “A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves,” Math. Comp., 62, 865–874, 1994.zbMATHCrossRefMathSciNetGoogle Scholar
- 13.G. Frey, M. Müller, “Arithmetic of modular curves and applications,” Preprint, 1998.Google Scholar
- 14.P. Gaudry “A variant of the Adelman-DeMarrais-Huang algorithm and its application to small genera,” Preliminary version, June 1999.Google Scholar
- 15.P. Gaudry, R. Harley, “Counting points on hyperelliptic curves over finite fields,” Preprint, 2000.Google Scholar
- 16.T. Haga, K. Matsuo, J. Chao, S. Tsujii, “Construction of CM hyperelliptic curves using ordinary lifting,” Proc. of SCIS’2000, IEICE Japan, 2000.Google Scholar
- 17.M. D. Huang, D. Ierardi, “Counting Rational Point on Curves over Finite Fields,” Proc. 32nd IEEE Symp. on the Foundations of Computers Science, 1993.Google Scholar
- 18.J. Igusa, “Arithmetic variety of for genus two,” Ann. of Math., vol.72, No.3, p.612–649, (1960)CrossRefMathSciNetGoogle Scholar
- 19.K. Kamio, H. Kawashiro, J. Chao, S. Tsujii, “A fast algorithm of model lifting for CM hyperelliptic curves,” Proc. SCIS’99, IEICE, Japan, 1999.Google Scholar
- 20.N. Koblitz, “Hyperelliptic cryptosystems,” J. of Cryptology, vol.1, p.139–150, (1989)zbMATHCrossRefMathSciNetGoogle Scholar
- 21.S. Lang, “Complex multiplication,” Springer-Verlag, (1983)Google Scholar
- 22.K. Matsuo, J. Chao and S. Tsujii, “On lifting of CM hyperelliptic curves,” Proc. of SCIS’99, W3-1.4, IEICE Japan (1999).Google Scholar
- 23.A. Menezes, S. Vanstone, T. Okamoto, “Reducing Elliptic Curve Logarithms to Logarithms in a Finite Fields,” Proc. of STOC, p.80–89, (1991).Google Scholar
- 24.V. Müller, A. Stein, C. Thiel, “Computing discrete logarithms in real quadratic congruence function fields of large genus,” Preprint, Nov. 13, (1997)Google Scholar
- 25.D. Mumford, “Tata Lectures on Theta I,” Birkhäuser, Boston, (1983).Google Scholar
- 26.D. Mumford, “Tata Lectures on Theta II,” Birkhäuser, Boston, (1984).Google Scholar
- 27.K. Nagao, “Construction of the Jacobians of Curves
*Y*^{2}=*X*^{5}+*k*/**F**_{p}with Prime Order,” Manuscript, 1998.Google Scholar - 28.O. Nakamura, N. Matsuda, J. Chao, S. Tsujii, “On cryptosystems based on abeian varieties with CM,” IEICE, Symposium on Cryptography and Information Security, SCIS’97, 12-E, 1997–1. IEICE, Tech. rep. ISEC-96-81, 1997–3.Google Scholar
- 29.J. Pila, “Frobenius maps of abelian varieties and finding roots of unity in finite fields,” Math. Comp., vol.55, p. 745–763, (1990)zbMATHCrossRefMathSciNetGoogle Scholar
- 30.H. G. Rück, “on the discrete logarithm problem in the divisor class group of curves,” Preprint, 1997.Google Scholar
- 31.J. P. Serre, J. Tate, “Good reduction of abelian varieties,” Ann. of Math. (2), 88 (1968), page 492–517.CrossRefMathSciNetGoogle Scholar
- 32.G. Shimura: “Abelian Varieties with Complex Multiplication and Modular Functions”, Princeton Univ. Press, 1998.Google Scholar
- 33.A-M. Spallek, “Kurven vom Geschlecht 2 und ihre Anwendung in Public-Key-Kryptosystemen,” Dissertation, preprint, No. 18, 1994.Google Scholar
- 34.J. Tate, “Endomorphisms of Abelian varieties over finite fields,” Invent. Math. 2, p.134–144, (1966)zbMATHCrossRefMathSciNetGoogle Scholar
- 35.E. J. Volcheck, “Computing in the Jacobian of a plane algebraic curve,” Proc. of ANT-1, p.221–233, LNCS-877, (1994).Google Scholar
- 36.P. V. Wamelen, “Examples of genus two CM curves defined over the rationals,” Math. Comp., 68(225), pp. 308–320, 1999.CrossRefGoogle Scholar
- 37.P. S. Wang, “A
*p*-adic algorithm for univariate partial fractions,” Proc. of ACM SYMSAC’81, ACM, 212–217, 1981.Google Scholar - 38.X. Wang, “2-dimensional simple factors of
*J*_{o}*(N)*,” Manuscripta Mathematica, 87:179–197, 1995.zbMATHGoogle Scholar - 39.H. J. Weber, “Hyperellptic simple factors of
*J*_{o}*(N)*with dimension at least 3,” Experimental Math. vol. 6, No.4, 273–287, 1997.zbMATHGoogle Scholar - 40.H. Yoshida, “Hecke characters and models of abelian varieties with complex multiplication,” J. Fac. Sci. Univ. of Tokyo, Sec. IA, 28, 633–649 (1982).Google Scholar