A generic approach to searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.

[1]  Andrew V. Sutherland Order computations in generic groups , 2007 .

[2]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[3]  Kiran S. Kedlaya,et al.  Computing Zeta Functions via p-Adic Cohomology , 2004, ANTS.

[4]  N. Elkies Elliptic and modular curves over finite fields and related computational issues , 1997 .

[5]  F. Vercauteren,et al.  Computing Zeta Functions of Curves over Finite Fields , 2008 .

[6]  Roger Oyono,et al.  Fast Arithmetic on Jacobians of Picard Curves , 2004, Public Key Cryptography.

[7]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[8]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[9]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[10]  K. Dickman On the frequency of numbers containing prime factors of a certain relative magnitude , 1930 .

[11]  Andreas Enge,et al.  Computing discrete logarithms in high-genus hyperelliptic Jacobians in provably subexponential time , 2002, Math. Comput..

[12]  G. Frey Applications of Arithmetical Geometry to Cryptographic Constructions , 2001 .

[13]  C. Diem The GHS-attack in odd characteristic , 2003 .

[14]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[15]  J. Pila Frobenius maps of Abelian varieties and finding roots of unity in finite fields , 1990 .

[16]  Johannes A. Buchmann,et al.  On some computational problems in finite abelian groups , 1997, Math. Comput..

[17]  Christophe Ritzenthaler,et al.  Fast addition on non-hyperelliptic genus 3 curves , 2008, IACR Cryptol. ePrint Arch..

[18]  Annegret Weng,et al.  Constructing hyperelliptic curves of genus 2 suitable for cryptography , 2003, Math. Comput..

[19]  Edlyn Teske,et al.  A space efficient algorithm for group structure computation , 1998, Math. Comput..

[20]  P. Erdös,et al.  On a problem of Oppenheim concerning “factorisatio numerorum” , 1983 .

[21]  A. Weil Numbers of solutions of equations in finite fields , 1949 .

[22]  Kamal Khuri-Makdisi,et al.  Asymptotically fast group operations on Jacobians of general curves , 2004, Math. Comput..

[23]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[24]  K. Kedlaya Counting Points on Hyperelliptic Curves using Monsky-Washnitzer Cohomology , 2001, math/0105031.

[25]  Pierrick Gaudry,et al.  Index calculus for abelian varieties and the elliptic curve discrete logarithm problem , 2004, IACR Cryptol. ePrint Arch..

[26]  C. Diem,et al.  Attacks A report for the AREHCC project , 2003 .

[27]  Éric Schost,et al.  Construction of Secure Random Curves of Genus 2 over Prime Fields , 2004, EUROCRYPT.

[28]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[29]  D. Shanks Class number, a theory of factorization, and genera , 1971 .

[30]  Donald E. Knuth,et al.  The Art of Computer Programming: Volume 3: Sorting and Searching , 1998 .

[31]  Nicolas Gürel,et al.  Counting Points in Medium Characteristic Using Kedlaya's Algorithm , 2003, Exp. Math..

[32]  Thomas Wollinger,et al.  Software and hardware implementation of hyperelliptic curve cryptosystems , 2004 .

[33]  Eric Bach,et al.  Asymptotic semismoothness probabilities , 1996, Math. Comput..

[34]  Claus Diem,et al.  An Index Calculus Algorithm for Plane Curves of Small Degree , 2006, ANTS.

[35]  Nicolas Thériault,et al.  A double large prime variation for small genus hyperelliptic index calculus , 2004, Math. Comput..

[36]  Tanja Lange,et al.  Trace zero subvarieties of genus 2 curves for cryptosystems , 2004 .

[37]  R. Schoof Journal de Theorie des Nombres de Bordeaux 7 (1995), 219{254 , 2022 .

[38]  E. Oswald,et al.  Open Problems in Implementation and Application Open Problems in Implementation and Application , 2022 .

[39]  Dino J. Lorenzini An Invitation to Arithmetic Geometry , 1996 .

[40]  Isogeny Classes of Abelian Varieties with no Principal Polarizations , 2000, math/0002232.

[41]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[42]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[43]  Jean-Charles Faugère,et al.  Implementing the Arithmetic of C3, 4Curves , 2004, ANTS.

[44]  Tanja Lange,et al.  Formulae for Arithmetic on Genus 2 Hyperelliptic Curves , 2005, Applicable Algebra in Engineering, Communication and Computing.

[45]  Johannes A. Buchmann,et al.  Computing the structure of a finite abelian group , 2005, Math. Comput..

[46]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[47]  Kazuto Matsuo,et al.  An Improved Baby Step Giant Step Algorithm for Point Counting of Hyperelliptic Curves over Finite Fields , 2002, ANTS.

[48]  N. Thériault Weil descent attack for Kummer extensions , 2003 .

[49]  Jean-Charles Faugère,et al.  The arithmetic of Jacobian groups of superelliptic cubics , 2005, Math. Comput..

[50]  Edlyn Teske,et al.  The Pohlig-Hellman Method Generalized for Group Structure Computation , 1999, J. Symb. Comput..

[51]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[52]  Curves of genus 3 , 2010 .

[53]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[54]  C. Schnorr,et al.  A Monte Carlo factoring algorithm with linear storage , 1984 .

[55]  Andreas Stein,et al.  Explicit bounds and heuristics on class numbers in hyperelliptic function fields , 2002, Math. Comput..

[56]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[57]  Benjamin A. Smith Isogenies and the Discrete Logarithm Problem in Jacobians of Genus 3 Hyperelliptic Curves, , 2008, Journal of Cryptology.

[58]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[59]  David Harvey,et al.  Kedlaya's Algorithm in Larger Characteristic , 2006 .