On the Complexity of Hyperelliptic Discrete Logarithm Problem

We give a characterization for the intractability of hyperelliptic discrete logarithm problem from a viewpoint of computational complexity theory. It is shown that the language of which complexity is equivalent to that of the hyperelliptic discrete logarithm problem is in NP ∩ co-AM, and that especially for elliptic curves, the corresponding language is in NP ∩ co-NP. It should be noted here that the language of which complexity is equivalent to that of the discrete logarithm problem defined over the multiplicative group of a finite field is also characterized as in NP ∩ co-NP.

[1]  Uwe Schöning Graph Isomorphism is in the Low Hierarchy , 1988, J. Comput. Syst. Sci..

[2]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[3]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[4]  Toshiya Itoh,et al.  A group-theoretic interface to random self-reducibility , 1990 .

[5]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[6]  Vaughan R. Pratt,et al.  Every Prime has a Succinct Certificate , 1975, SIAM J. Comput..

[7]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[8]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[9]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[10]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[11]  Johan Håstad,et al.  Perfect zero-knowledge languages can be recognized in two rounds , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[12]  Gilles Brassard,et al.  A note on the complexity of cryptography (Corresp.) , 1979, IEEE Trans. Inf. Theory.

[13]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[14]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[15]  Uwe Schöning,et al.  A Low and a High Hierarchy within NP , 1983, J. Comput. Syst. Sci..

[16]  Burton S. Kaliski,et al.  A Pseudo-Random Bit Generator Based on Elliptic Logarithms , 1986, CRYPTO.

[17]  Burton S. Kaliski,et al.  Elliptic curves and cryptography: a pseudorandom bit generator and other tools , 1988 .

[18]  J. Pila Frobenius maps of Abelian varieties and finding roots of unity in finite fields , 1990 .

[19]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[20]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[21]  Johan Håstad,et al.  Statistical Zero-Knowledge Languages can be Recognized in Two Rounds , 1991, J. Comput. Syst. Sci..

[22]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[23]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[24]  Eyal Kushilevitz,et al.  A Perfect Zero-Knowledge Proof for a Problem Equivalent to Discrete Logarithm , 1988, CRYPTO.

[25]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[26]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge (Extended Abstract) , 1987, STOC 1987.

[27]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.