Skip to main content
SpringerLink
Log in

Novel Efficient Implementations of Hyperelliptic Curve Cryptosystems Using Degenerate Divisors

  • Conference paper
Book cover Information Security Applications (WISA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3325))

Included in the following conference series:

Abstract

It has recently been reported that the performance of hyperelliptic curve cryptosystems (HECC) is competitive to that of elliptic curve cryptosystems (ECC). However, it is expected that HECC still can be improved due to their mathematically rich structure. We consider here the application of degenerate divisors of HECC to scalar multiplication. We investigate the operations of the degenerate divisors in the Harley algorithm and the Cantor algorithm of genus 2. The timings of these operations are reported. We then present a novel efficient scalar multiplication method using the degenerate divisors. This method is applicable to cryptosystems with fixed base point, e.g., ElGamal-type encryption, sender of Diffie-Hellman, and DSA. Using a Xeon processor, we found that the double-and-add-always method using the degenerate base point can achieve about a 20% increase in speed for a 160-bit HECC. However, we mounted an timing attack using the time difference to designate the degenerate divisors. The attack assumes that the secret key is fixed and the base point can be freely chosen by the attacker. Therefore, the attack is applicable to ElGamal-type decryption and single-pass Diffie-Hellman – SSL using a hyperelliptic curve could be vulnerable to the proposed attack. Our experimental results show that one bit of the secret key for a 160-bit HECC can be recovered by calling the decryption oracle 500 times.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akishita, T., Takagi, T.: Zero-Value Point Attacks on Elliptic Curve Cryptosystem. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 218–233. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Avanzi, R.: Countermeasures against Differential Power Analysis for Hyperelliptic Curve Cryptosystems. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 366–381. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Avanzi, R.: Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations. Cryptology ePrint Archive, 2003/253, IACR (2003)

    Google Scholar 

  4. Cantor, D.: Computing in the Jacobian of a Hyperelliptic Curve. Mathematics of Computation 48, 95–101 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  5. Cohen, H., Miyaji, A., Ono, T.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  6. Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  7. Dhem, J.F., Koeune, F., Leroux, P.A., Mestré, P., Quisquater, J.J., Willems, J.L.: A Practical Implementation of the Timing Attack. UCL Crypto Group Technical Report CG 1998/1 (1998)

    Google Scholar 

  8. GMP, GNU MP Library GMP, http://www.swox.com/gmp

  9. Goubin, L.: A Refined Power-Analysis Attack on Elliptic Curve Cryptosystem. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Harley, R.: Adding.text (2000), http://cristal.inria.fr/~harley/hyper/

  11. Harley, R.: Doubling.c (2000), http://cristal.inria.fr/~harley/hyper/

  12. Hess, F., Seroussi, G., Smart, N.: Two Topics in Hyperelliptic Cryptography. CSTR-00-008, Depart. of Computer Science, University of Bristol (2000)

    Google Scholar 

  13. Izu, T., Takagi, T.: Exceptional Procedure Attack on Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 224–239. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Joye, M., Tymen, C.: Protection against Differential Analysis for Elliptic Curve Cryptography. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. Katagi, M., Kitamura, I., Akishita, T., Takagi, T.: Novel Efficient Implementations of Hyperelliptic Curve Cryptosystems using Degenerate Divisors. Cryptology ePrint Archive, IACR (2004), http://eprint.iacr.org/

  16. Koblitz, N.: Hyperelliptic Cryptosystems. Journal of Cryptology 1, 139–150 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  17. Kocher, C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  18. Kocher, C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  19. Kuroki, J., Gonda, M., Matsuo, K., Chao, J., Tsujii, S.: Fast Genus Three Hyperelliptic Curve Cryptosystems. In: Proc. of SCIS 2002 (2002)

    Google Scholar 

  20. Lange, T.: Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae. Cryptology ePrint Archive, 2002/121, IACR (2002)

    Google Scholar 

  21. Lange, T.: Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves. Cryptology ePrint Archive, 2002/147, IACR (2002)

    Google Scholar 

  22. Lange, T.: Weighed Coordinate on Genus 2 Hyperellipitc Curve. Cryptology ePrint Archive, 2002/153, IACR (2002)

    Google Scholar 

  23. Mumford, D.: Tata Lectures on Theta II. In: Progress in Mathematics 43, Birkhäuser, Basel (1984)

    Google Scholar 

  24. Matsuo, K., Chao, J., Tsuji, S.: Fast Genus Two Hyperelliptic Curve Cryptosystems. Technical Report ISEC2001-31, IEICE Japan, pp. 89–96 (2001)

    Google Scholar 

  25. Nagao, N.: Improving Group Law Algorithms for Jacobians of Hyperelliptic Curves. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 439–448. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  26. NTL: A Library for Doing Number Theory, http://www.shoup.net/ntl

  27. Pelzl, J.: Hyperelliptic Cryptosystems on Embedded Microprocessors. Diploma Thesis, Rühr-Universität Bochum (2002)

    Google Scholar 

  28. Pelzl, J., Wollinger, T., Guajardo, J., Paar, C.: Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 351–365. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  29. Sugizaki, T., Matsuo, K., Chao, J., Tsujii, S.: An Extension of Harley Addition Algorithm for Hyperelliptic Curves over Finite Fields of Characteristic Two. Technical Report ISEC2002-9, IEICE Japan, pp. 49–56 (2002)

    Google Scholar 

  30. Schindler, W.: A Timing Attack against RSA with the Chinese Remainder Theorem. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 109–124. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  31. Schindler, W.: A Combined Timing and Power Attack. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 263–279. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  32. Schindler, W., Koeune, F., Quisquater, J.-J.: Improving Divide and Conquer Attacks against Cryptosystems by Better Error Detection/Correction Strategies. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 245–267. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Sony Corporation, 6-7-35 Kitashinagawa Shinagawa-ku, Tokyo, 141-0001, Japan

    Masanobu Katagi, Izuru Kitamura & Toru Akishita

  2. Fachbereich Informatik, Technische Universität Darmstadt, Alexanderstr. 10, D-64283, Darmstadt, Germany

    Tsuyoshi Takagi

Authors
  1. Masanobu Katagi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Izuru Kitamura
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Toru Akishita
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Engineering, Sejong University, 143-747, Seoul, Korea

    Chae Hoon Lim

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Katagi, M., Kitamura, I., Akishita, T., Takagi, T. (2005). Novel Efficient Implementations of Hyperelliptic Curve Cryptosystems Using Degenerate Divisors. In: Lim, C.H., Yung, M. (eds) Information Security Applications. WISA 2004. Lecture Notes in Computer Science, vol 3325. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31815-6_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31815-6_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24015-0

  • Online ISBN: 978-3-540-31815-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation