Secure hyperelliptic cryptosystems and their performance

  • Yasuyuki Sakai
  • Kouichi Sakurai
  • Hirokazu Ishizuka
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1431)


We investigate the discrete logarithm problem over jacobian varieties of hyperelliptic curves suitable for public-key cryptosystems, and clarify practical advantages of hyperelliptic cryptosystems compared to the elliptic cryptosystems and to RSA. We focus on the curves defined over the ground field of characteristic 2, and we present hyperelliptic cryptosystems from the jacobian associated with curves C : v 2 + v=u 2g+1 of genus g=3 and 11, which are secure against the known attacks. We further discuss the efficiency in implementation of such secure hyperelliptic cryptosystems.


Public key Hyperelliptic curve Discrete logarithm Jacobian 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ADH94]
    L.M. Adleman, J. DeMarrais and M. Huang, ”A Subexponential Algorithm for Discrete Logarithm over the Rational Subgroup of the Jacobians of Large Genus Hyperelliptic Curves over Finite Fields”, Proc. of ANTS1, LNCS, vol. 877, Springer-Verlag, (1994), 28–40Google Scholar
  2. [AMV93]
    G.B. Agnew, R.C. Mullin and S.A. Vanstone, ”An Implementation of Elliptic Curve Cryptosystems Over \(F_{2^{155} }\)”, IEEE J. Selected Areas in Communications11, No.5 (1993), 804–813CrossRefGoogle Scholar
  3. [BeSc91]
    T. Beth and F. Scaefer, ”Non supersingular elliptic curves for public key cryptosystems”, Advances in Cryptology — EUROCRYPT '91, Lecture Notes in Computer Science, 547, pp.316–327 (1991).Google Scholar
  4. [Ca87]
    D.G. Cantor, ”Computing in the Jacobian of a Hyperelliptic Curve”, Math. Comp, 48, No.177 (1987), 95–101MATHCrossRefMathSciNetGoogle Scholar
  5. [CTT94]
    J. Chao, K. Tanaka, and S. Tsujii, ”Design of elliptic curves with control-lable lower boundary of extension degree for reduction attacks”, Advances in Cryptology — Crypto'94, Springer-Verlag, (1994), 50–55.Google Scholar
  6. [Fre97]
    G. Frey, ” Aspects of DL-systems based on hyperelliptic curves”, Keynote Lecture in Waterloo-Workshop on Elliptic Curve Discrete Logarithm Problem, 4th of Nov. (1997).Google Scholar
  7. [FR94]
    G. Frey and H.G. Rück, ”A Remark Concerning m-Divisibility and the Discrete Logarithm in the Divisor Class Group of Curves”, Math. Comp, 62, No.206 (1994), 865–874CrossRefMathSciNetMATHGoogle Scholar
  8. [ITT86]
    T. Itoh, O. Teechai and S. Tsujii, ”A fast algorithm for computing multiplicative inverse in GF(2t) using normal bases” (in Japanese), J. Society for Electronic Communications (Japan), 44, (1986), 31–36.Google Scholar
  9. [Kn81]
    D.E. Knuth, ”The Art of Computer Programing, Vol.2, Seminumerical Algo-rithm”, Addison-Wesley, Reading MA, 2nd edition (1981)Google Scholar
  10. [Ko87]
    N. Koblitz, ”Elliptic curve cryptosystems”, Mathematics of Computation, 48 (1987), 203–209.MATHCrossRefMathSciNetGoogle Scholar
  11. [Ko88]
    N. Koblitz, ”A Family of Jacobians Suitable for Discrete Log Cryptosystems”, Advances in Cryptology — Crypto'88, Springer-Verlag, (1990), 94–99Google Scholar
  12. [Ko89]
    N. Koblitz, ”Hyperelliptic Cryptosystems”, J.Cryptology, 1 (1989), 139–150MATHCrossRefMathSciNetGoogle Scholar
  13. [Ko97]
    N. Koblitz, ”A Very Easy Way to Generate Curves over Prime Fields for Hyperelliptic Cryptosystems”, Crypto'97 Rump Talk (1997)Google Scholar
  14. [Mil85]
    V. Miller, ”Uses of elliptic curves in cryptography”, Lecture Notes in Computer Science, 218 (1986), 417–426. (Advances in Cryptology — CRYPTO '85.)MATHCrossRefGoogle Scholar
  15. [MCT97]
    K. Matsuo, J. Chao and S.Tsujii, ”Design of Cryptosystems Based on Abelian Varieties over Extension Fields”, IEICE ISEC, 97–30 (1997), 9–18Google Scholar
  16. [Miy92]
    A. Miyaji, ”Elliptic curve over Fp suitable for cryptosystems”, Advances in Cryptology — Asiacrypt'92, Springer-Verlag, (1993), 479–491.Google Scholar
  17. [Miy93]
    A. Miyaji, ”Elliptic curve cryptosystems immune to any reduction into the discrete logarithm problem”, IEICE Trans., Fundamentals, E76-A (1993), pp. 50–54.Google Scholar
  18. [MOV93]
    A.J. Menezes, T. Okamoto and S.A. Vanstone, ”Reducing elliptic curve logarithm to logarithm in a finite field”, IEEE Trans. on IT, 39, (1993), 1639–1646MathSciNetMATHGoogle Scholar
  19. [MOVW88]
    R.C. Mullin, I.M. Onyszchuk, S.A. Vanstone and R.M. Wilson,”Optimal Normal Bases in GF(pn)”, Discrete Applied Mathematics, 22, (1988/89), 149–161CrossRefMathSciNetGoogle Scholar
  20. [Od85]
    A. Odlyzko, ”Discrete logarithm and their cryptographic significance”, Advances in Cryptology — Eurocrypto'84, Springer-Verlag, (1985), 224–314Google Scholar
  21. [Pil90]
    J. Pila, ”Frobenius maps of abelian varieties and finding roots of unity in finite fields”, Math. Comp, 55, No.206 (1990), 745–763.MATHCrossRefMathSciNetGoogle Scholar
  22. [PH78]
    S.C. Pohlig and M.E. Hellman, ”An improved algorithm for computing logarithms over GF(p) and its cryptographic significance”, IEEE Trans. on IT, 24, (1978), 106–110MathSciNetMATHGoogle Scholar
  23. [LN87]
    R. Lidl and H. Niederreiter, ”Finite Fields”, Encyclopedia of Mathematics and Its Application, (1987)Google Scholar
  24. [RSA97]
    http://www.rsa.comGoogle Scholar
  25. [Ru97]
    H.G. Rück, ”On the discrete logarithms in the divisor class group of curves”, To appear in Math. Comp. (1997)Google Scholar
  26. [SA97]
    T. Satoh and K. Araki, ”Fermat Quotients and the Polynomial Time Discrete Log Algorithm for Anomalous Elliptic Curves”, preprint, (1997)Google Scholar
  27. [Sem98]
    I.A. Semaev, ”Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p”, Math. Comp., Vol.76 (1998),pp.353–356.CrossRefMathSciNetGoogle Scholar
  28. [Sch85]
    R. Schoof, ”Elliptic curves over finite fields and the computation of square root mod p”, Math. Comp, 44, (1985), 483–494.MATHCrossRefMathSciNetGoogle Scholar
  29. [Sma97]
    N.P. Smart, ”The Discrete Logarithm Problem on Elliptic Curves of Trace One”, preprint, (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Yasuyuki Sakai
    • 1
  • Kouichi Sakurai
    • 2
  • Hirokazu Ishizuka
    • 1
  1. 1.Mitsubishi Electric CorporationKanagawaJapan
  2. 2.Kyushu UniversityFukuokaJapan

Personalised recommendations