# On the Complexity of Hyperelliptic Discrete Logarithm Problem

## Abstract

We give a characterization for the intractability of hyperelliptic discrete logarithm problem from a viewpoint of computational complexity theory. It is shown that the language of which complexity is equivalent to that of the hyperelliptic discrete logarithm problem is in \( \mathcal{N}\mathcal{P} \cap co - \mathcal{A}\mathcal{M} \), and that especially for elliptic curves, the corresponding language is in \( \mathcal{N}\mathcal{P} \cap co - \mathcal{N}\mathcal{P} \). It should be noted here that the language of which complexity is equivalent to that of the discrete logarithm problem defined over the multiplicative group of a finite field is also characterized as in \( \mathcal{N}\mathcal{P} \cap co - \mathcal{N}\mathcal{P} \).

## References

- [AH]W. Aiello and J. Håstad, “Statistical zero-knowledge languages can be recognized in two rounds,” Proc. 28th FOCS, pp.439–448 (1987).Google Scholar
- [Ba]László Babai, “Trading group theory to randomness,” Proc. 17th STOC, pp.421–429 (1985).Google Scholar
- [Br]Gilles Brassard, “A note on the complexity of cryptography,” IEEE Trans. Inf. Theory, vol.IT-25, no.2, pp.232–233 (1979).CrossRefMathSciNetGoogle Scholar
- [Ca]David G. Cantor, “Computing in the Jacobian of a hyperelliptic curve,” Math. Comp., vo1.48, no.177, pp.95–101 (1987).zbMATHCrossRefMathSciNetGoogle Scholar
- [DH]W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans. Inf. Theory, vol.IT-22, no.6, pp.644–654 (1976).CrossRefMathSciNetGoogle Scholar
- [Fo]Lance J. Fortnow, “The complexity of perfect zero-knowledge,” Proc. 19th STOC, pp.204–209 (1987).Google Scholar
- [GK]O. Goldreich and E. Kushilevitz, “A perfect zero-knowledge interactive proof for a problem equivalent to discrete logarithm,” Proc. CRYPT0’88 (1988).Google Scholar
- [GMR]S. Goldwasser, S. Micali, and C. Rackoff, “The zero-knowledge complexity of interactive proof-systems,” Proc. 17th STOC, pp.291–304 (1985).Google Scholar
- [GMW1]O. Goldreich, S. Micali, and A. Wigderson, “Proofs that yield nothing but their validity and a methodology of cryptographic protocol design,” Proc. 27th FOCS, pp.174–187 (1986).Google Scholar
- [GMWS]O. Goldreich, S. Micali, and A. Wigderson, “Proofs that yield nothing but their validity or All languages in \( \mathcal{N}\mathcal{P} \) have zero-knowledge proofs,” Technical Report 554, Technion (1989).Google Scholar
- [GS]S. Goldwasser and M. Sipser, “Private coins versus public coins in interactive proof systems,” Proc. 18th STOC, pp.59–68 (1986).Google Scholar
- [Ka1]Burton S. Kaliski, Jr., “A pseudo-random bit generator based on elliptic logarithms,” Proc. CRYPT0’86, pp.84–103 (1986).Google Scholar
- [Ka2]Burton S. Kaliski, Jr., “Elliptic curves and cryptography: a pseudorandom bit generator and other tools,” MIT/LCS/ TR-411, MIT (1988).Google Scholar
- [Ko1]Neal Koblitz, “Elliptic curve cryptosystems,” Math. Comp., vo1.48, no.177, pp.203–209 (1987).zbMATHCrossRefMathSciNetGoogle Scholar
- [Ko2]Neal Koblitz, “A Course in Number Theory and Cryptography,” GTM114, Springer-Verlag, New York (1987).zbMATHGoogle Scholar
- [Ko3]Neal Koblitz, “Hyperelliptic cryptosystems,” J. Cryptology, vol.1, no.3, pp. 139–150 (1989).zbMATHCrossRefMathSciNetGoogle Scholar
- [Mi1]Victor S. Miller, “Use of elliptic curves in cryptography,” Proc. CRYPT0’85, pp.417–426 (1985).Google Scholar
- [Mi2]Victor S. Miller, “Short programs for functions on curves,” manuscript (1986).Google Scholar
- [MOV]A. Menezes, T. Okamoto, and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field,” announced at CRYPTO’90 rump session (1990) (to appear in Proc. STOC’91).Google Scholar
- [OS]T. Okamoto and K. Sakurai, “On the complexity of problems associated with hyperelliptic curves,” Proc. SCIS91, 9C (1991).Google Scholar
- [Pi]Jonathan S. Pila, “Frobenius maps of abelian varieties and finding roots of unity in finite fields,” Ph.D Thesis, Stanford University (to appear in Math. Comp.) (1988).Google Scholar
- [Pr]Pratt, V., “Every Prime has a succinct certificate,” SIAM J. COMPUT. vo1.4, pp.214–220 (1975).zbMATHCrossRefMathSciNetGoogle Scholar
- [Sc1]Uwe Schöning, “A low and high hierarchy within \( \mathcal{N}\mathcal{P} \),” J. Comp. Syst. Sci., vo1.27, pp.14–28 (1983).zbMATHCrossRefGoogle Scholar
- [Sc2]Uwe Schöning, “Graph isomorphism is in the low hierarchy,” J. Comp. Syet., vo1.37, pp.312–323 (1988).zbMATHCrossRefGoogle Scholar
- [Sch]René Schoof, “Elliptic curves over finite field and the computation of square roots mod
*p*,” Math. Comp., vo1.44, pp.483–494 (1985).zbMATHCrossRefMathSciNetGoogle Scholar - [Shi]Hiroki Shizuya, “Zero-knowledge interactive proofs for hyper-and ellipticdiscrete logarithm problems,” Proc. WCIS’89, pp. 143–152 (1989).Google Scholar
- [SI]H. Shieuya, and T. Itoh, “A group-theoretic interface to random self-reducibility,” Trans. IEICE, vol.E-73, no.7, pp.1087–1091 (1990).Google Scholar
- [Sil]Joseph H. Silverman, “The Arithmetic of Elliptic Curves,” GTM 106, Springer-Verlag, New York (1986).zbMATHGoogle Scholar
- [TW]M. Tompa and H. Woll, “Random self-reducibility and zero knowledge interactive proofs for possession of information,” Proc. 28th FOCS, pp.472–482 (1987).Google Scholar