Efficient explicit formulae for genus 3 hyperelliptic curve cryptosystems over binary fields

The ideal class groups of hyperelliptic curves (HECs) can be used in cryptosystems based on the discrete logarithm problem. Recent developments of computational technologies for scalar multiplications of divisor classes have shown that the performance of hyperelliptic curve cryptosystems (HECC) is compatible to that of elliptic curve cryptosystems. Especially, due to short operand sizes, genus 3 HECC are well suited for all kinds of embedded processor architectures, where resources such as storage, time or power are constrained. In the paper, the acceleration of the divisor class doubling for genus 3 HECs over binary fields is investigated and the number of field operations needed is analysed. By constructing birational transformations of variables, four types of curves which can lead to much faster divisor class doubling are found and the corresponding explicit formulae are given. In particular, for special genus 3 HECs over binary fields with h(X)=1, the fastest explicit doubling formula published so far which only requires one field inversion, ten field multiplications and eleven field squarings, is obtained. Furthermore, comparisons with the known results in terms of field operations and implementations of genus 3 HECC over three different binary fields on a Pentium-4 processor are provided.

[1]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[2]  Kouichi Sakurai,et al.  On the practical performance of hyperelliptic curve cryptosystems in software implementation , 2000 .

[3]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[4]  Tsuyoshi Takagi,et al.  Efficient Hyperelliptic Curve Cryptosystems Using Theta Divisors , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[5]  Guido Bertoni,et al.  Performance of HECC Coprocessors Using Inversion-Free Formulae , 2006, ICCSA.

[6]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[7]  Thomas Josef Wollinger,et al.  Computer Architectures for Cryptosystems Based on Hyperelliptic Curves , 2001 .

[8]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[9]  Koh-ichi Nagao Improving Group Law Algorithms for Jacobians of Hyperelliptic Curves , 2000, ANTS.

[10]  Christof Paar,et al.  Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves , 2003, CHES.

[11]  Christof Paar,et al.  Low Cost Security: Explicit Formulae for Genus-4 Hyperelliptic Curves , 2003, Selected Areas in Cryptography.

[12]  Tanja Lange,et al.  Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae , 2002, IACR Cryptol. ePrint Arch..

[13]  Tanja Lange,et al.  Efficient Doubling on Genus Two Curves over Binary Fields , 2004, Selected Areas in Cryptography.

[14]  P. Lockhart On the discriminant of a hyperelliptic curve , 1994 .

[15]  Jan Pelzl,et al.  Elliptic & Hyperelliptic Curves on Embedded "P , 2003 .

[16]  Tanja Lange,et al.  Montgomery Addition for Genus Two Curves , 2004, ANTS.

[17]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[18]  Neal Koblitz,et al.  A Family of Jacobians Suitable for Discrete Log Cryptosystems , 1988, CRYPTO.

[19]  Tanja Lange Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[20]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[21]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[22]  Leonard M. Adleman,et al.  A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields , 1994, ANTS.

[23]  Tsuyoshi Takagi,et al.  Some Improved Algorithms for Hyperelliptic Curve Cryptosystems Using Degenerate Divisors , 2004, ICISC.

[24]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[25]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[26]  Kouichi Sakurai,et al.  Design of Hyperelliptic Cryptosystems in Small Characteristic and a Software Implementation over F2n , 1998, ASIACRYPT.

[27]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[28]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[29]  Robert Harley,et al.  Counting Points on Hyperelliptic Curves over Finite Fields , 2000, ANTS.

[30]  Thomas Wollinger,et al.  Software and hardware implementation of hyperelliptic curve cryptosystems , 2004 .

[31]  Neal Koblitz,et al.  Hyperelliptic cryptosystems , 1989, Journal of Cryptology.

[32]  Yoonjin Lee,et al.  Fast computation of Tate pairing on general divisors of genus 3 hyperelliptic curves , 2006, IACR Cryptol. ePrint Arch..

[33]  Christof Paar,et al.  Hardware architectures proposed for cryptosystems based on hyperelliptic curves , 2002, 9th International Conference on Electronics, Circuits and Systems.

[34]  Tanja Lange Weighted Coordinates on Genus 2 Hyperelliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[35]  Masanobu Katagi,et al.  Efficient Implementation of Genus Three Hyperelliptic Curve Cryptography over GF(2n) , 2003, IACR Cryptol. ePrint Arch..

[36]  Kouichi Sakurai,et al.  Secure Hyperelliptic Cryptosystems and Their Performances , 1998, Public Key Cryptography.

[37]  Xinxin Fan,et al.  Efficient Doubling on Genus 3 Curves over Binary Fields , 2006, CT-RSA.

[38]  Kazumaro Aoki,et al.  Improvements of Addition Algorithm on Genus 3 Hyperelliptic Curves and Their Implementation , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[39]  W. J. Harvey,et al.  TATA LECTURES ON THETA I (Progress in Mathematics, 28) , 1986 .

[40]  Alfred Menezes,et al.  Cryptographic implications of Hess' generalized GHS attack , 2005, Applicable Algebra in Engineering, Communication and Computing.

[41]  T. Lange Efficient Arithmetic on Hyperelliptic Koblitz Curves , 2001 .

[42]  Tanja Lange,et al.  Formulae for Arithmetic on Genus 2 Hyperelliptic Curves , 2005, Applicable Algebra in Engineering, Communication and Computing.

[43]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[44]  Koh-ichi Nagao,et al.  Improvement of ThéLeriault Algorithm of Index Calculus for Jacobian of Hyperelliptic Curves of Small Genus , 2004, IACR Cryptol. ePrint Arch..

[45]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[46]  Christof Paar,et al.  Cantor versus Harley: optimization and analysis of explicit formulae for hyperelliptic curve cryptosystems , 2005, IEEE Transactions on Computers.

[47]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[48]  P. Gaudry,et al.  A general framework for subexponential discrete logarithm algorithms , 2002 .

[49]  Tanja Lange Koblitz curve cryptosystems , 2005, Finite Fields Their Appl..

[50]  Tanja Lange Efficient Arithmetic on Hyperelliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[51]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[52]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[53]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[54]  Christof Paar,et al.  Hyperelliptic Curve Coprocessors on a FPGA , 2004, WISA.

[55]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[56]  Tsuyoshi Takagi,et al.  A Complete Divisor Class Halving Algorithm for Hyperelliptic Curve Cryptosystems of Genus Two , 2005, ACISP.

[57]  Tsuyoshi Takagi,et al.  Novel Efficient Implementations of Hyperelliptic Curve Cryptosystems Using Degenerate Divisors , 2004, WISA.

[58]  D. Mumford Tata Lectures on Theta I , 1982 .

[59]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[60]  Christof Paar,et al.  Generalizations of the Karatsuba Algorithm for Efficient Implementations , 2006, IACR Cryptol. ePrint Arch..

[61]  Christof Paar,et al.  Chapter I Special Hyperelliptic Curve Cryptosystems of Genus Two : Efficient Arithmetic and Fast Implementation , 2004 .

[62]  Nigel P. Smart On the Performance of Hyperelliptic Cryptosystems , 1999, EUROCRYPT.

[63]  Anne-Monika Spallek,et al.  Kurven vom Geschlecht 2 und ihre Anwendung in Public-Key-Kryptosystemen , 1994 .

[64]  Kazuto Matsuo,et al.  Fast Genus Three Hyperelliptic Curve Cryptosystems , 2002 .

[65]  Jasper Scholten,et al.  Hyperelliptic Curves in Characteristic 2 , 2000 .

[66]  Sachar Paulus,et al.  Sieving in Function Fields , 1999, Exp. Math..

[67]  Florian Hess,et al.  The GHS Attack Revisited , 2003, EUROCRYPT.

[68]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.