Arithmetic of hyperelliptic curves

S. Duquesne, T. Lange

Research output: Chapter in Book/Report/Conference proceedingChapterAcademic

Abstract

In Chapter 1 we introduced the discrete logarithm problem and showed that the main operation in a public-key cryptosystem is the computation of scalar multiples in a cyclic group. Chapter 9 showed how the computation of scalar multiples can be reduced to a sequence of additions and doublings in the group. Hence, for an efficient system we need to have groups with efficient group laws. In Chapter 13 we detailed the arithmetic on elliptic curves. This chapter deals with hyperelliptic curves, which can be seen as a generalization of elliptic curves. We first give a brief overview of the main properties of hyperelliptic curves repeating the definitions for the convenience of the reader. The details can be found in Chapter 4 . In the applications, group elements must be stored and transmitted. For restricted environments or restricted bandwidth it might be useful to use compression even though recovering the original coordinates needs some efforts. Accordingly, we consider compression techniques. The main emphasis of this chapter is put on the arithmetic properties, i.e., on algorithms to perform the group operation. We state Cantor’s algorithm, which works for arbitrary ground field and genus of the curve. To obtain better performance one needs to fix the genus and develop explicit formulas as for elliptic curves (cf. Chapters 13.2 and 13.3). We first specialize to considering curves of genus 2 , separately over finite fields of odd and then of even characteristic. For both cases we give formulas for different coordinate systems, namely affine, projective, and new coordinates. The latter two systems allow us to avoid inversions in the group operation. For odd characteristic we also state two possible generalizations of Montgomery coordinates (cf. Section 13.2.3); for even characteristic there is no such generalization yet. Also for genus 3 hyperelliptic curves, explicit formulas have been proposed. We give explicit formulas in affine coordinates in Section 14.6. Also nonhyperelliptic curves of genus 3 have been proposed for cryptographic applications. The final section gives references to these publications and also for genus 4 hyperelliptic curves before we conclude with a comparison and timings.
Original languageEnglish
Title of host publicationHandbook of Elliptic and Hyperelliptic Curve Cryptography
EditorsH. Cohen, G. Frey
Place of PublicationBoca Raton FL, USA
PublisherChapman & Hall/CRC Press
Chapter14
Pages303-353
ISBN (Print)1-58488-518-1
DOIs
Publication statusPublished - 2006

Publication series

NameDiscrete Mathematics and Its Applications
Volume34

Fingerprint Dive into the research topics of 'Arithmetic of hyperelliptic curves'. Together they form a unique fingerprint.

Cite this