Trace zero subvarieties of genus 2 curves for cryptosystems

In this paper we present a kind of group suitable for cryptographic applications: the trace zero subvariety. We describe in detail the case of trace zero varieties constructed from genus 2 curves over prime fields. The curve is considered over an extension field of degree 3 and one performs Weil descent from its Jacobian to the prime field leading to a variety of dimension 6. The trace zero variety is a subvariety thereof. As a group it is isomorphic to a subgroup of the Jacobian of the original curve. For appropriately chosen parameters it is as secure as Jacobians of curves of genus g ≤ 3. Its main advantage is that the complexity of computing scalar multiplication is lower than on other curve based groups. This is achieved by making use of the Frobenius endomorphism. Thus the trace zero subvariety can be used efficiently in protocols based on the discrete logarithm problem.

[1]  Tanja Lange,et al.  Speeding up the Arithmetic on Koblitz Curves of Genus Two , 2000, Selected Areas in Cryptography.

[2]  Roberto Maria Avanzi The Complexity of Certain Multi-Exponentiation Techniques in Cryptography , 2004, Journal of Cryptology.

[3]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[4]  Hans-Georg Rück,et al.  On the discrete logarithm in the divisor class group of curves , 1999, Math. Comput..

[5]  Gadiel Seroussi,et al.  Two Topics in Hyperelliptic Cryptography , 2001, Selected Areas in Cryptography.

[6]  Volker Müller Fast Multiplication on Elliptic Curves over Small Fields of Characteristic Two , 1998, Journal of Cryptology.

[7]  Alan G. B. Lauder,et al.  Counting points on varieties over finite fields of small characteristic , 2006, math/0612147.

[8]  K. Kedlaya Counting Points on Hyperelliptic Curves using Monsky-Washnitzer Cohomology , 2001, math/0105031.

[9]  Neal Koblitz,et al.  Hyperelliptic cryptosystems , 1989, Journal of Cryptology.

[10]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[11]  Henning Stichtenoth,et al.  Algebraic function fields and codes , 1993, Universitext.

[12]  Willi Meier,et al.  Efficient Multiplication on Certain Nonsupersingular Elliptic Curves , 1992, CRYPTO.

[13]  R. Zuccherato,et al.  An elementary introduction to hyperelliptic curves , 1996 .

[14]  Alice Silverberg,et al.  Supersingular Abelian Varieties in Cryptology , 2002, CRYPTO.

[15]  G. Frey Applications of Arithmetical Geometry to Cryptographic Constructions , 2001 .

[16]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[17]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[18]  Tanja Lange,et al.  Formulae for Arithmetic on Genus 2 Hyperelliptic Curves , 2005, Applicable Algebra in Engineering, Communication and Computing.

[19]  J. Solinas Low-Weight Binary Representations for Pairs of Integers , 2001 .

[20]  C. Diem,et al.  Attacks A report for the AREHCC project , 2003 .

[21]  Nigel P. Smart Elliptic Curve Cryptosystems over Small Fields of Odd Characteristic , 1999, Journal of Cryptology.

[22]  Jerome A. Solinas An Improved Algorithm for Arithmetic on a Family of Elliptic Curves , 1997, CRYPTO.

[23]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[24]  Dino J. Lorenzini An Invitation to Arithmetic Geometry , 1996 .

[25]  Arjen K. Lenstra,et al.  The XTR Public Key System , 2000, CRYPTO.

[26]  Chris J. Skinner,et al.  A Public-Key Cryptosystem and a Digital Signature System BAsed on the Lucas Function Analogue to Discrete Logarithms , 1994, ASIACRYPT.

[27]  Éric Schost,et al.  Construction of Secure Random Curves of Genus 2 over Prime Fields , 2004, EUROCRYPT.

[28]  Tanja Lange Efficient Arithmetic on Hyperelliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[29]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[30]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[31]  Andre Weimerskirch,et al.  The Application of the Mordell-Weil Group to Cryptographic Systems , 2001 .

[32]  Frederik Vercauteren,et al.  Computing Zeta Functions of Hyperelliptic Curves over Finite Fields of Characteristic 2 , 2002, CRYPTO.

[33]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.