Arithmetic of hyperelliptic curves

S. Duquesne, T. Lange

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureHoofdstukAcademic

Samenvatting

In Chapter 1 we introduced the discrete logarithm problem and showed that the main operation in a public-key cryptosystem is the computation of scalar multiples in a cyclic group. Chapter 9 showed how the computation of scalar multiples can be reduced to a sequence of additions and doublings in the group. Hence, for an efficient system we need to have groups with efficient group laws. In Chapter 13 we detailed the arithmetic on elliptic curves. This chapter deals with hyperelliptic curves, which can be seen as a generalization of elliptic curves. We first give a brief overview of the main properties of hyperelliptic curves repeating the definitions for the convenience of the reader. The details can be found in Chapter 4 . In the applications, group elements must be stored and transmitted. For restricted environments or restricted bandwidth it might be useful to use compression even though recovering the original coordinates needs some efforts. Accordingly, we consider compression techniques. The main emphasis of this chapter is put on the arithmetic properties, i.e., on algorithms to perform the group operation. We state Cantor’s algorithm, which works for arbitrary ground field and genus of the curve. To obtain better performance one needs to fix the genus and develop explicit formulas as for elliptic curves (cf. Chapters 13.2 and 13.3). We first specialize to considering curves of genus 2 , separately over finite fields of odd and then of even characteristic. For both cases we give formulas for different coordinate systems, namely affine, projective, and new coordinates. The latter two systems allow us to avoid inversions in the group operation. For odd characteristic we also state two possible generalizations of Montgomery coordinates (cf. Section 13.2.3); for even characteristic there is no such generalization yet. Also for genus 3 hyperelliptic curves, explicit formulas have been proposed. We give explicit formulas in affine coordinates in Section 14.6. Also nonhyperelliptic curves of genus 3 have been proposed for cryptographic applications. The final section gives references to these publications and also for genus 4 hyperelliptic curves before we conclude with a comparison and timings.
Originele taal-2Engels
TitelHandbook of Elliptic and Hyperelliptic Curve Cryptography
RedacteurenH. Cohen, G. Frey
Plaats van productieBoca Raton FL, USA
UitgeverijChapman & Hall/CRC Press
Hoofdstuk14
Pagina's303-353
ISBN van geprinte versie1-58488-518-1
DOI's
StatusGepubliceerd - 2006

Publicatie series

NaamDiscrete Mathematics and Its Applications
Volume34

Vingerafdruk

Duik in de onderzoeksthema's van 'Arithmetic of hyperelliptic curves'. Samen vormen ze een unieke vingerafdruk.

Citeer dit