Algebraic curves and cryptography

Algebraic curves over finite fields are being extensively used in the design of public-key cryptographic schemes. This paper surveys some topics in algebraic curve cryptography, with an emphasis on recent developments in algorithms for the elliptic and hyperelliptic curve discrete logarithm problems, and computational problems in pairing-based cryptography.

[1]  René Schoof,et al.  Nonsingular plane cubic curves over finite fields , 1987, J. Comb. Theory A.

[2]  W. J. Harvey,et al.  TATA LECTURES ON THETA I (Progress in Mathematics, 28) , 1986 .

[3]  Alfred Menezes,et al.  Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent , 2001, IACR Cryptol. ePrint Arch..

[4]  Leonard M. Adleman,et al.  A Subexponential Algorithm for Discrete Logarithms over All Finite Fields , 1993, CRYPTO.

[5]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[6]  Hans-Georg Rück,et al.  On the discrete logarithm in the divisor class group of curves , 1999, Math. Comput..

[7]  Steven D. Galbraith Weil Descent of Jacobians , 2003, Discret. Appl. Math..

[8]  Paulo S. L. M. Barreto,et al.  Efficient Implementation of Pairing-Based Cryptosystems , 2004, Journal of Cryptology.

[9]  D. Mumford Tata Lectures on Theta I , 1982 .

[10]  Steven D. Galbraith,et al.  Easy decision-Diffie-Hellman groups , 2004, IACR Cryptol. ePrint Arch..

[11]  Steven D. Galbraith,et al.  Ordinary abelian varieties having small embedding degree , 2007, Finite Fields Their Appl..

[12]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[13]  Alfred Menezes,et al.  Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree , 2001, INDOCRYPT.

[14]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[15]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, Journal of Cryptology.

[16]  Igor A. Semaev Summation polynomials and the discrete logarithm problem on elliptic curves , 2004, IACR Cryptol. ePrint Arch..

[17]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[18]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[19]  Tsuyoshi Takagi,et al.  On the Optimal Parameter Choice for Elliptic Curve Cryptosystems Using Isogeny , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[20]  Antoine Joux,et al.  The Function Field Sieve Is Quite Special , 2002, ANTS.

[21]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[22]  F. Hess Generalising the GHS attack on the elliptic curve discrete logarithm problem , 2004 .

[23]  Ueli Maurer,et al.  The Relationship Between Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms , 1999, SIAM J. Comput..

[24]  Roger Oyono,et al.  Fast Arithmetic on Jacobians of Picard Curves , 2004, Public Key Cryptography.

[25]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[26]  Annegret Weng,et al.  Constructing hyperelliptic curves of genus 2 suitable for cryptography , 2003, Math. Comput..

[27]  F. Hess,et al.  Advances in Elliptic Curve Cryptography: Weil Descent Attacks , 2005 .

[28]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[29]  C. Hoffmann Algebraic curves , 1988 .

[30]  Seigo Arita,et al.  Weil Descent of Elliptic Curves over Finite Fields of Characteristic Three , 2000, ASIACRYPT.

[31]  Sachar Paulus,et al.  Real and imaginary quadratic representations of hyperelliptic function fields , 1999, Math. Comput..

[32]  Joseph H. Silverman,et al.  The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem , 2000, Des. Codes Cryptogr..

[33]  Richard J. Lipton,et al.  Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract) , 1996, CRYPTO.

[34]  Tanja Lange,et al.  Efficient Doubling on Genus Two Curves over Binary Fields , 2004, Selected Areas in Cryptography.

[35]  Iwan M. Duursma,et al.  Tate Pairing Implementation for Hyperelliptic Curves y2 = xp-x + d , 2003, ASIACRYPT.

[36]  Kazuhiro Yokoyama,et al.  Efficient Implementation of Schoof's Algorithm , 1998, ASIACRYPT.

[37]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[38]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[39]  Nigel P. Smart,et al.  An Analysis of Goubin's Refined Power Analysis Attack , 2003, CHES.

[40]  Andreas Enge,et al.  Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields , 2004, Journal of Cryptology.

[41]  G. Frey Applications of Arithmetical Geometry to Cryptographic Constructions , 2001 .

[42]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[43]  Steven D. Galbraith,et al.  Extending the GHS Weil Descent Attack , 2002, EUROCRYPT.

[44]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[45]  Paulo S. L. M. Barreto,et al.  Generating More MNT Elliptic Curves , 2006, Des. Codes Cryptogr..

[46]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[47]  Roberto Maria Avanzi,et al.  Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations , 2004, CHES.

[48]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[49]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[50]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[51]  Scott A. Vanstone,et al.  Postal Revenue Collection in the Digital Age , 2000, Financial Cryptography.

[52]  Éric Schost,et al.  Construction of Secure Random Curves of Genus 2 over Prime Fields , 2004, EUROCRYPT.

[53]  Reynald Lercier,et al.  Counting the Number of Points on Elliptic Curves over Finite Fields: Strategies and Performance , 1995, EUROCRYPT.

[54]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[55]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[56]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[57]  Safuat Hamdy,et al.  On Class Group Computations Using the Number Field Sieve , 2003, ASIACRYPT.

[58]  Ming-Deh A. Huang,et al.  Efficient Algorithms for the Riemann-Roch Problem and for Addition in the Jacobian of a Curve , 1994, J. Symb. Comput..

[59]  Steven D. Galbraith,et al.  Arithmetic on superelliptic curves , 2002 .

[60]  Andreas Stein,et al.  Analysis of the Xedni Calculus Attack , 2000, Des. Codes Cryptogr..

[61]  Joe Suzuki,et al.  Elliptic Curve Discrete Logarithms and the Index Calculus , 1998, ASIACRYPT.

[62]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[63]  M. Deuring Die Typen der Multiplikatorenringe elliptischer Funktionenkörper , 1941 .

[64]  Nicolas Thériault,et al.  A double large prime variation for small genus hyperelliptic index calculus , 2004, Math. Comput..

[65]  Alfred Menezes,et al.  Weak Fields for ECC , 2004, CT-RSA.

[66]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[67]  Jacques Stern,et al.  Signing on a Postcard , 2000, Financial Cryptography.

[68]  P. Gaudry,et al.  A general framework for subexponential discrete logarithm algorithms , 2002 .

[69]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[70]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.

[71]  Emil J. Volcheck Computing in the jacobian of a plane algebraic curve , 1994, ANTS.

[72]  Florian Hess,et al.  Computing Riemann-Roch Spaces in Algebraic Function Fields and Related Topics , 2002, J. Symb. Comput..

[73]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[74]  R. Zuccherato,et al.  An elementary introduction to hyperelliptic curves , 1996 .

[75]  C. Diem The GHS-attack in odd characteristic , 2003 .

[76]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[77]  Harald Niederreiter,et al.  Introduction to finite fields and their applications: List of Symbols , 1986 .

[78]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[79]  S. Galbraith Constructing Isogenies between Elliptic Curves Over Finite Fields , 1999 .

[80]  Alfred Menezes,et al.  Analysis of the Weil Descent Attack of Gaudry, Hess and Smart , 2001, CT-RSA.

[81]  Tanja Lange,et al.  Formulae for Arithmetic on Genus 2 Hyperelliptic Curves , 2005, Applicable Algebra in Engineering, Communication and Computing.

[82]  L. Washington Elliptic Curves: Number Theory and Cryptography , 2003 .

[83]  Marc Joye,et al.  Fast Point Multiplication on Elliptic Curves through Isogenies , 2003, AAECC.

[84]  Jean-Pierre Cherdieu,et al.  Efficient Reduction on the Jacobian Variety of Picard Curves , 2000 .

[85]  Christof Paar,et al.  Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves , 2003, CHES.

[86]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[87]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[88]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[89]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[90]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[91]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[92]  R. Balasubramanian,et al.  The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes—Okamoto—Vanstone Algorithm , 1998, Journal of Cryptology.

[93]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[94]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[95]  Pierrick Gaudry,et al.  Index calculus for abelian varieties and the elliptic curve discrete logarithm problem , 2004, IACR Cryptol. ePrint Arch..

[96]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[97]  David Jao,et al.  Ramanujan Graphs and the Random Reducibility of Discrete Log on Isogenous Elliptic Curves , 2004, IACR Cryptol. ePrint Arch..

[98]  K. Kedlaya Counting Points on Hyperelliptic Curves using Monsky-Washnitzer Cohomology , 2001, math/0105031.

[99]  R. Harley,et al.  An extension of Satoh's algorithm and its implementation , 2000 .

[100]  Daniel M. Gordon,et al.  Discrete Logarithms in GF(P) Using the Number Field Sieve , 1993, SIAM J. Discret. Math..

[101]  Bert den Boer Diffie-Hellman is as Strong as Discrete Log for Certain Primes , 1988, CRYPTO.

[102]  Arjen K. Lenstra,et al.  Factoring With Two Large Primes , 1990, EUROCRYPT.

[103]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[104]  Kristin E. Lauter,et al.  Improved Weil and Tate Pairings for Elliptic and Hyperelliptic Curves , 2004, ANTS.

[105]  Neal Koblitz,et al.  Hyperelliptic cryptosystems , 1989, Journal of Cryptology.

[106]  Frederik Vercauteren,et al.  Computing Zeta Functions of Hyperelliptic Curves over Finite Fields of Characteristic 2 , 2002, CRYPTO.

[107]  Annegret Weng,et al.  Elliptic Curves Suitable for Pairing Based Cryptography , 2005, Des. Codes Cryptogr..

[108]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[109]  Seigo Arita,et al.  Construction of Secure CabCurves Using Modular Curves , 2000, ANTS.

[110]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[111]  N. Thériault Weil descent attack for Kummer extensions , 2003 .

[112]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[113]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[114]  Alice Silverberg,et al.  Supersingular Abelian Varieties in Cryptology , 2002, CRYPTO.

[115]  Alfred Menezes,et al.  Cryptographic implications of Hess' generalized GHS attack , 2005, Applicable Algebra in Engineering, Communication and Computing.

[116]  Pierrick Gaudry,et al.  A Comparison and a Combination of SST and AGM Algorithms for Counting Points of Elliptic Curves in Characteristic 2 , 2002, ASIACRYPT.