Montgomery Ladder for All Genus 2 Curves in Characteristic 2

Using the Kummer surface, we generalize Montgomery ladder for scalar multiplication to the Jacobian of genus 2 curves in characteristic 2. Previously this method was known for elliptic curves and for genus 2 curves in odd characteristic. We obtain an algorithm that is competitive compared to usual methods of scalar multiplication and that has additional properties such as resistance to simple side-channel attacks. Moreover it provides a significant speed-up of scalar multiplication in many cases. This new algorithm has very important applications in cryptography using hyperelliptic curves and more particularly for people interested in cryptography on embedded systems (such as smart cards).

[1]  D. Mumford Tata Lectures on Theta I , 1982 .

[2]  Pierrick Gaudry Fast genus 2 arithmetic based on Theta functions , 2007, J. Math. Cryptol..

[3]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[4]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[5]  Ricardo Dahab,et al.  Improved Algorithms for Elliptic Curve Arithmetic in GF(2n) , 1998, Selected Areas in Cryptography.

[6]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[7]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[8]  E. V. Flynn The group law on the jacobian of a curve of genus 2. , 1993 .

[9]  YoungJu Choie,et al.  Isomorphism Classes of Hyperelliptic Curves of Genus 2 over Fq , 2002, ACISP.

[10]  Sylvain Duquesne Montgomery Scalar Multiplication for Genus 2 Curves , 2004, ANTS.

[11]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[12]  Martijn Stam,et al.  On Montgomery-Like Representationsfor Elliptic Curves over GF(2k) , 2003, Public Key Cryptography.

[13]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[14]  Sylvain Duquesne Traces of the Group Law on the Kummer Surface of a Curve of Genus 2 in Characteristic 2 , 2010, Math. Comput. Sci..

[15]  Pradeep Kumar Mishra,et al.  SCA Resistant Parallel Explicit Formula for Addition and Doubling of Divisors in the Jacobian of Hyperelliptic Curves of Genus 2 , 2005, INDOCRYPT.

[16]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[17]  Sylvain Duquesne,et al.  Classification of genus 2 curves over F2n and optimization of their arithmetic , 2004, IACR Cryptol. ePrint Arch..

[18]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[19]  Ramarathnam Venkatesan,et al.  Progress in Cryptology - INDOCRYPT 2005, 6th International Conference on Cryptology in India, Bangalore, India, December 10-12, 2005, Proceedings , 2005, INDOCRYPT.

[20]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[21]  R. Zuccherato,et al.  An elementary introduction to hyperelliptic curves , 1996 .

[22]  Kouichi Sakurai,et al.  Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve , 2001, CHES.

[23]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[24]  Tanja Lange,et al.  Arithmetic on binary genus 2 curves suitable for small devices , 2005, CRYPTO 2005.

[25]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[26]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[27]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[28]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[29]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[30]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[31]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[32]  Pierrick Gaudry,et al.  The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines , 2009, Finite Fields Their Appl..

[33]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[34]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[35]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[36]  Arnaud Tisserand,et al.  A library for prototyping the computer arithmetic level in elliptic curve cryptography , 2007, SPIE Optical Engineering + Applications.

[37]  Pierrick Gaudry,et al.  The arithmetic of characteristic 2 Kummer surfaces , 2008, IACR Cryptol. ePrint Arch..

[38]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[39]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[40]  Tanja Lange,et al.  Formulae for Arithmetic on Genus 2 Hyperelliptic Curves , 2005, Applicable Algebra in Engineering, Communication and Computing.

[41]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[42]  Thomas Jensen,et al.  Smart Card Programming and Security , 2001, Lecture Notes in Computer Science.

[43]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .