Advertisement

Efficient Doubling on Genus Two Curves over Binary Fields

  • Tanja Lange
  • Marc Stevens
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3357)

Abstract

In most algorithms involving elliptic and hyperelliptic curves, the costliest part consists in computing multiples of ideal classes. This paper investigates how to compute faster doubling over fields of characteristic two.

We derive explicit doubling formulae making strong use of the defining equation of the curve. We analyze how many field operations are needed depending on the curve making clear how much generality one loses by the respective choices. Note, that none of the proposed types is known to be weak – one only could be suspicious because of the more special types. Our results allow to choose curves from a large enough variety which have extremely fast doubling needing only half the time of an addition. Combined with a sliding window method this leads to fast computation of scalar multiples. We also speed up the general case.

Keywords

Hyperelliptic curves fast arithmetic explicit group operations binary fields 

References

  1. [ACD+04]
    Avanzi, R., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: The Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC (2004) (to appear)Google Scholar
  2. [Ava03]
    Avanzi, R.M.: Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations. Cryptology ePrint Archive, Report 2003/253, (2003): to appear in CHES 2004Google Scholar
  3. [Ava04]
    Avanzi, R.M.: Countermeasures against differential power analysis for hyperelliptic curve cryptosystems. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 366–381. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. [BD04]
    Byramjee, B., Duqesne, S.: Classification of genus 2 curves over \(\mathbb{F}_{2^{n}}\) and optimization of their arithmetic. Cryptology ePrint Archive, Report 2004/107 (2004), http://eprint.iacr.org/
  5. [Can87]
    Cantor, D.G.: Computing in the Jacobian of a hyperelliptic curve. Math. Comp. 48, 95–101 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  6. [FL03]
    Frey, G., Lange, T.: Mathematical Background of Public Key Cryptography. Technical Report 10, IEM Essen (2003)Google Scholar
  7. [FR94]
    Frey, G., Rück, H.G.: A remark concerning m-divisibility and the discrete logarithm problem in the divisor class group of curves. Math. Comp. 62, 865–874 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  8. [Gal01]
    Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. [Gau00]
    Gaudry, P.: An algorithm for solving the discrete log problem on hyperelliptic curves. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 19–34. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. [GLS00]
    Günther, C.W., Lange, T., Stein, A.: Speeding up the arithmetic on koblitz curves of genus two. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 106–117. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. [GT04]
    Gaudry, P., Thomé, E.: A double large prime variation for small genus hyperelliptic index calculus. Cryptology ePrint Archive, Report 2004/153 (2004)Google Scholar
  12. [Kob89]
    Koblitz, N.: Hyperelliptic cryptosystems. J. Cryptology 1, 139–150 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  13. [Lan04a]
    Lange, T.: Formulae for Arithmetic on Genus 2 Hyperelliptic Curves, (2004) to appear in J. AAECC, http://www.itsc.ruhr-uni-bochum.de/tanja/preprints.html
  14. [Lan04b]
    Lange, T.: Koblitz curve cryptosystems. Finite Fields and Their Applications, (2004) (to appear)Google Scholar
  15. [Lor96]
    Lorenzini, D.: An Invitation to Arithmetic Geometry. Graduate studies in mathematics, AMS 9 (1996)Google Scholar
  16. [M0̈1]
    Möller, B.: Securing elliptic curve point multiplication against side-channel attacks. In: Proc. of ISC 2001, pp. 324–334 (2001)Google Scholar
  17. [MWZ98]
    Menezes, A.J., Wu, Y.-H., Zuccherato, R.: An Elementary Introduction to Hyperelliptic Curves. In: Koblitz, N. (ed.) Algebraic Aspects of Cryptography, pp. 155–178. Springer, Heidelberg (1998)Google Scholar
  18. [Nag04]
    Nagao, K.: Improvement of Thériault Algorithm of Index Calculus for Jacobian of Hyperelliptic Curves of Small Genus. Cryptology ePrint Archive, Report 2004/161 (2004)Google Scholar
  19. [PWP04]
    Pelzl, J., Wollinger, T., Paar, C.: Special Hyperelliptic Curve Cryptosystems of Genus Two: Efficient Arithmetic and Fast Implementation. In: Embedded Cryptographic Hardware: Design and Security (2004) (to appear)Google Scholar
  20. [Sti93]
    Stichtenoth, H.: Algebraic Function Fields and Codes. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  21. [Thé03]
    Thériault, N.: Index calculus attack for hyperelliptic curves of small genus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 75–92. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Tanja Lange
    • 1
  • Marc Stevens
    • 2
  1. 1.Institute for Information Security and Cryptology (ITSC)Ruhr-Universität BochumBochumGermany
  2. 2.Department of Mathematics and Computer ScienceEindhoven University of TechnologyEindhovenThe Netherlands

Personalised recommendations