Decomposition Attack for the Jacobian of a Hyperelliptic Curve over an Extension Field

  • Koh-ichi Nagao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6197)

Abstract

We propose some kind of new attack which gives the solution of the discrete logarithm problem for the Jacobian of a curve defined over an extension field \(\mathbb{F}_{q^{n}}\), considering the set of the union of factor basis and large primes B 0 given by points of the curve whose x-coordinates lie in \(\mathbb{F}_q\). In this attack, an element of the divisor group which is written by a sum of some elements of factor basis and large primes is called (potentially) decomposed and the set of the factors that appear in the sum, is called decomposed factors. So, it will be called decomposition attack. In order to analyze the running of the decomposition attack, a test for the (potential) decomposedness and the computation of the decomposed factors are needed. Here, we show that the test to determine if an element of the Jacobian (i.e., reduced divisor) is written by an ng sum of the elements of the decomposed factors and the computation of decomposed factors are reduced to the problem of solving some multivariable polynomial system of equations by using the Riemann-Roch theorem. In particular, in the case of hyperelliptic curves of genus g, we construct a concrete system of equations, which satisfies these properties and consists of (n 2 − n)g quadratic equations. Moreover, in the case of (g,n) = (1,3),(2,2) and (3,2), we give examples of the concrete computation of the decomposed factors by using the computer algebra system Magma.

Keywords

Decomposition Attack Hyperelliptic curve Discrete logarithm problem Weil descent attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adleman, M., DeMarrais, J., Huang, M.-D.: A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 28–40. Springer, Heidelberg (1994)Google Scholar
  2. 2.
    Cantor, D.G.: Computing in the Jacobian of hyperelliptic curve. Math. Comp. 48, 95–101 (1987)MATHMathSciNetGoogle Scholar
  3. 3.
    Diem, C.: An Index Calculus Algorithm for Plane Curves of Small Degree. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 543–557. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Diem, C.: On the discrete logarithm problem in class groups (2009) (preprint), http://www.math.uni-leipzig.de/~diem/preprints/small-genus.pdf
  5. 5.
    Enge, A., Gaudry, P.: A general framework for subexponential discrete logarithm algorithms. Acta Arith. 102(1), 83–103 (2002)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Gaudry, P.: An algorithm for solving the discrete log problem on hyperelliptic curves. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 19–34. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Gaudry, P., Thomé, E., Thériault, N., Diem, C.: A double large prime variation for small genus hyperelliptic decomposed attack. Math. Comp. 76, 475–492 (2007) Preprint Version, http://eprint.iacr.org/2004/153/ Google Scholar
  8. 8.
    Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. Journal of Symbolic Computation 44(12), 1690–1702 (2009), Preprint version http://eprint.iacr.org/2004/073 Google Scholar
  9. 9.
    Hess, F.: Computing Riemann-Roch spaces in algebraic function fields and related topics. J. Symb. Comp. 11, 1–22 (2001)MathSciNetGoogle Scholar
  10. 10.
    Hindry, M., Silverman, J.H.: Diophantine Geometry An introduction. In: Graduate Texts in Math., vol. 201. Springer, Heidelberg (2000)Google Scholar
  11. 11.
    Granger, R., Vercauteren, F.: On the Discrete Logarithm Problem on Algebraic Tori. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 66–85. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    LaMacchia, B.A., Odlyzko, A.M.: Solving large sparse linear systems over finite fields. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 109–133. Springer, Heidelberg (1991)Google Scholar
  13. 13.
    Nagao, K.: Index calculus for Jacobian of hyperelliptic curve of small genus using two large primes. Japan Journal of Industrial and Applied Mathematics 24(3) (2007); Preprint version entitled by Improvement of Thériault Algorithm of decomposed attack for Jacobian of Hyperelliptic Curves of Small Genus, http://eprint.iacr.org/2004/161
  14. 14.
    Semaev, I.: Summation polynomials and the discrete logarithm problem on elliptic curves (2004) (preprint)Google Scholar
  15. 15.
    Thériault, N.: Index calculus for hyperelliptic curves of small genus. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 75–92. Springer, Heidelberg (2003)Google Scholar
  16. 16.
    Wiedemann, D.H.: Solving sparse linear equations over finite fields. IEEE Trans. Inform. Theory IT-32(1), 54–62 (1986)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Koh-ichi Nagao
    • 1
  1. 1.Dept. of EngineeringKanto Gakuin Univ.YokohamaJapan

Personalised recommendations