Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves

For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements have been made, mainly restricted to curves of genus 2. The work at hand advances the state-of-the-art considerably in several aspects. First, we generalize and improve the closed formulae for the group operation of genus 3 for HEC defined over fields of characteristic two. For certain curves we achieve over 50% complexity improvement compared to the best previously published results. Second, we introduce a new complexity metric for ECC and HECC defined over characteristic two fields which allow performance comparisons of practical relevance. It can be shown that the HECC performance is in the range of the performance of an ECC; for specific parameters HECC can even possess a lower complexity than an ECC at the same security level. Third, we describe the first implementation of a HEC cryptosystem on an embedded (ARM7) processor. Since HEC are particularly attractive for constrained environments, such a case study should be of relevance.

[1]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[2]  P. Gaudry,et al.  A general framework for subexponential discrete logarithm algorithms , 2002 .

[3]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[4]  Douglas H. Wiedemann Solving sparse linear equations over finite fields , 1986, IEEE Trans. Inf. Theory.

[5]  Ricardo Dahaby Improved Algorithms for Elliptic Curve Arithmetic in Gf(2 N ) Improved Algorithms for Elliptic Curve Arithmetic in Gf (2 N ) , 1998 .

[6]  Kouichi Sakurai,et al.  Design of Hyperelliptic Cryptosystems in Small Characteristic and a Software Implementation over F2n , 1998, ASIACRYPT.

[7]  H. Cohen A course in computational number theory , 1993 .

[8]  Nigel P. Smart On the Performance of Hyperelliptic Cryptosystems , 1999, EUROCRYPT.

[9]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[10]  Thomas Josef Wollinger,et al.  Computer Architectures for Cryptosystems Based on Hyperelliptic Curves , 2001 .

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Andreas Enge,et al.  The Extended Euclidian Algorithm on Polynomials, and the Computational Efficiency of Hyperelliptic Cryptosystems , 2001, Des. Codes Cryptogr..

[13]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[14]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[15]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[16]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[17]  Tanja Lange Efficient Arithmetic on Hyperelliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[18]  D. Mumford Tata Lectures on Theta I , 1982 .

[19]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[20]  T. Charles Clancy,et al.  Genus Two Hyperelliptic Curve Coprocessor , 2002, CHES.

[21]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[22]  Robert Harley,et al.  Counting Points on Hyperelliptic Curves over Finite Fields , 2000, ANTS.

[23]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[24]  Anne-Monika Spallek,et al.  Kurven vom Geschlecht 2 und ihre Anwendung in Public-Key-Kryptosystemen , 1994 .

[25]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[26]  Andreas Enge,et al.  Computing discrete logarithms in high-genus hyperelliptic Jacobians in provably subexponential time , 2002, Math. Comput..

[27]  Neal Koblitz,et al.  Hyperelliptic cryptosystems , 1989, Journal of Cryptology.

[28]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[29]  Ricardo Dahab,et al.  Improved Algorithms for Elliptic Curve Arithmetic in GF(2n) , 1998, Selected Areas in Cryptography.

[30]  Wayne Tiller,et al.  The Cayley method in computer aided geometric design , 1984, Comput. Aided Geom. Des..

[31]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[32]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[33]  Kouichi Sakurai,et al.  On the practical performance of hyperelliptic curve cryptosystems in software implementation , 2000 .

[34]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.

[35]  Koh-ichi Nagao Improving Group Law Algorithms for Jacobians of Hyperelliptic Curves , 2000, ANTS.

[36]  Ron Goldman,et al.  Vector elimination: A technique for the implicitization, inversion, and intersection of planar parametric rational polynomial curves , 1984, Comput. Aided Geom. Des..

[37]  Neal Koblitz,et al.  A Family of Jacobians Suitable for Discrete Log Cryptosystems , 1988, CRYPTO.

[38]  Tanja Lange Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[39]  Ricardo Dahab,et al.  High-Speed Software Multiplication in F2m , 2000, INDOCRYPT.

[40]  Tanja Lange Weighted Coordinates on Genus 2 Hyperelliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[41]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[42]  Pierrick Gaudry,et al.  Algorithmique des courbes hyperelliptiques et applications à la cryptologie , 2000 .

[43]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[44]  Kouichi Sakurai,et al.  Secure Hyperelliptic Cryptosystems and Their Performances , 1998, Public Key Cryptography.

[45]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[46]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[47]  D. Bressoud,et al.  A Course in Computational Number Theory , 2000 .

[48]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[49]  Leonard M. Adleman,et al.  A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields , 1994, ANTS.

[50]  Tanja Lange,et al.  Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae , 2002, IACR Cryptol. ePrint Arch..

[51]  D. Chudnovsky,et al.  Sequences of numbers generated by addition in formal groups and new primality and factorization tests , 1986 .

[52]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[53]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[54]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[55]  Hans-Georg Rück,et al.  On the discrete logarithm in the divisor class group of curves , 1999, Math. Comput..

[56]  Christof Paar,et al.  Low Cost Security: Explicit Formulae for Genus-4 Hyperelliptic Curves , 2003, Selected Areas in Cryptography.

[57]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[58]  Kazuto Matsuo,et al.  Fast Genus Three Hyperelliptic Curve Cryptosystems , 2002 .

[59]  Jasper Scholten,et al.  Hyperelliptic Curves in Characteristic 2 , 2000 .

[60]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[61]  Sachar Paulus,et al.  Sieving in Function Fields , 1999, Exp. Math..

[62]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.