An optimal representation for the trace zero variety

We give an optimal-size representation for the elements of the trace zero subgroup of the Picard group of an elliptic or hyperelliptic curve of any genus, with respect to a base field extension of any prime degree. The representation is via the coefficients of a rational function, and it is compatible with scalar multiplication of points. We provide efficient compression and decompression algorithms, and complement them with implementation results. We discuss in detail the practically relevant cases of small genus and extension degree, and compare with the other known compression methods.

[1]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[2]  Andre Weimerskirch,et al.  The Application of the Mordell-Weil Group to Cryptographic Systems , 2001 .

[3]  Patrick Longa,et al.  Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication , 2012, ASIACRYPT.

[4]  Gadiel Seroussi,et al.  Two Topics in Hyperelliptic Cryptography , 2001, Selected Areas in Cryptography.

[5]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[6]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[7]  Tanja Lange,et al.  Formulae for Arithmetic on Genus 2 Hyperelliptic Curves , 2005, Applicable Algebra in Engineering, Communication and Computing.

[8]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[9]  Arjen K. Lenstra,et al.  The XTR Public Key System , 2000, CRYPTO.

[10]  G. Frey Applications of Arithmetical Geometry to Cryptographic Constructions , 2001 .

[11]  Maike Massierer,et al.  Point compression for the trace zero subgroup over a small degree extension field , 2014, Des. Codes Cryptogr..

[12]  Chris J. Skinner,et al.  A Public-Key Cryptosystem and a Digital Signature System BAsed on the Lucas Function Analogue to Discrete Logarithms , 1994, ASIACRYPT.

[13]  Pierrick Gaudry,et al.  An L(1/3) Discrete Logarithm Algorithm for Low Degree Curves , 2009, Journal of Cryptology.

[14]  Claus Diem On the discrete logarithm problem in class groups of curves , 2011, Math. Comput..

[15]  Craig Costello,et al.  High-Performance Scalar Multiplication Using 8-Dimensional GLV/GLS Decomposition , 2013, CHES.

[16]  M. Scott,et al.  Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves , 2011, Journal of Cryptology.

[17]  Pierrick Gaudry,et al.  Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem , 2009, J. Symb. Comput..

[18]  Francisco Rodríguez-Henríquez,et al.  Lambda Coordinates for Binary Elliptic Curves , 2013, CHES.

[19]  Alice Silverberg,et al.  Using Abelian Varieties to Improve Pairing-Based Cryptography , 2009, Journal of Cryptology.

[20]  L. Washington Elliptic Curves: Number Theory and Cryptography , 2003 .

[21]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[22]  Pierrick Gaudry Fast genus 2 arithmetic based on Theta functions , 2007, J. Math. Cryptol..

[23]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[24]  Alice Silverberg,et al.  Supersingular Abelian Varieties in Cryptology , 2002, CRYPTO.

[25]  Frederik Vercauteren,et al.  On the Discrete Logarithm Problem on Algebraic Tori , 2005, CRYPTO.