An extension of Kedlaya's algorithm for hyperelliptic curves

In this paper we describe a generalisation and adaptation of Kedlaya's algorithm for computing the zeta function of a hyperelliptic curve over a finite field of odd characteristic that the author used for the implementation of the algorithm in the Magma library. We generalise the algorithm to the case of an even degree model. We also analyse the adaptation of working with the $x^idx/y^3$ rather than the $x^idx/y$ differential basis. This basis has the computational advantage of always leading to an integral transformation matrix whereas the latter fails to in small genus cases. There are some theoretical subtleties that arise in the even degree case where the two differential bases actually lead to different redundant eigenvalues that must be discarded.Comment: v3: some minor changes and addition of a reference to a paper by Theo van den Bogaar

Computing Zeta Functions of Hyperelliptic Curves over Finite Fields of Characteristic 2

We present an algorithm for computing the zeta function of an arbitrary hyperelliptic curve over a finite field Fq of characteristic 2, thereby extending the algorithm of Kedlaya for small odd characteristic. For a genus g hyperelliptic curve over n , the asymptotic running time of the algorithm is O(g ) and the space complexity is O(g )

Coleman integration for hyperelliptic curves : algorithms and applications

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Mathematics, 2011.Cataloged from PDF version of thesis.Includes bibliographical references (p. 171-175).The Colemani integral is a p-adice line integral that can be used to encapsulate several quantities relevant, to a study of the arithmetic of varieties. In this thesis, I describe algorithms for computing Coleman integrals on hyperelliptic curves and discuss some immediate applications. I give algorithms to compute single and iterated integrals on odd models of hyperelliptic curves, as well as the necessary modifications to iplemieit these algorithms for even models. Furthermore, I show how these algorithinis can be used in various situations. The first application is the method of Chabatv to find rational points on curves of genus greater than 1. The second is Mlihyong Kim's recent nonabelian analogue of the Chabauty method for elliptic curves. The last two applications concern p-adic heights on Jacobians of hyperelliptic curves. necessary to formulate a p-adic analogue of the Birch and Swinnerton-Dyer conjecture. I conclude by stating the analogue of the Mazur-Tate-Teitelbaum conjecture iii our setting and presenting supporting data.by Jennifer Sayaka Balakrishnan.Ph.D

Towards Efficient Hardware Implementation of Elliptic and Hyperelliptic Curve Cryptography

Implementation of elliptic and hyperelliptic curve cryptographic algorithms has been the focus of a great deal of recent research directed at increasing efficiency. Elliptic curve cryptography (ECC) was introduced independently by Koblitz and Miller in the 1980s. Hyperelliptic curve cryptography (HECC), a generalization of the elliptic curve case, allows a decreasing field size as the genus increases. The work presented in this thesis examines the problems created by limited area, power, and computation time when elliptic and hyperelliptic curves are integrated into constrained devices such as wireless sensor network (WSN) and smart cards. The lack of a battery in wireless sensor network limits the processing power of these devices, but they still require security. It was widely believed that devices with such constrained resources cannot incorporate a strong HECC processor for performing cryptographic operations such as elliptic curve scalar multiplication (ECSM) or hyperelliptic curve divisor multiplication (HCDM). However, the work presented in this thesis has demonstrated the feasibility of integrating an HECC processor into such devices through the use of the proposed architecture synthesis and optimization techniques for several inversion-free algorithms. The goal of this work is to develop a hardware implementation of binary elliptic and hyperelliptic curves. The focus is on the modeling of three factors: register allocation, operation scheduling, and storage binding. These factors were then integrated into architecture synthesis and optimization techniques in order to determine the best overall implementation suitable for constrained devices. The main purpose of the optimization is to reduce the area and power. Through analysis of the architecture optimization techniques for both datapath and control unit synthesis, the number of registers was reduced by an average of 30%. The use of the proposed efficient explicit formula for the different algorithms also enabled a reduction in the number of read/write operations from/to the register file, which reduces the processing power consumption. As a result, an overall HECC processor requires from 1843 to 3595 slices for a Xilinix XC4VLX200 and the total computation time is limited to between 10.08 ms to 15.82 ms at a maximum frequency of 50 MHz for a varity of inversion-free coordinate systems in hyperelliptic curves. The value of the new model has been demonstrated with respect to its implementation in elliptic and hyperelliptic curve crypogrpahic algorithms, through both synthesis and simulations. In summary, a framework has been provided for consideration of interactions with synthesis and optimization through architecture modeling for constrained enviroments. Insights have also been presented with respect to improving the design process for cryptogrpahic algorithms through datapath and control unit analysis

An extension of Kedlaya's algorithm to Artin-Schreier curves in characteristic 2

In this paper we present an extension of Kedlaya's algorithm for computing the zeta function of an Artin-Schreier curve over a finite field F-q of characteristic 2. The algorithm has running time O(g(5+epsilon) log(3+epsilon) q) and needs O(g(3) log(3) q) storage space for a genus g curve. Our first implementation in MAGMA shows that one can now generate hyperelliptic curves suitable for cryptography in reasonable time. We also compare our algorithm with an algorithm by Lauder and Wan which has the same time and space complexity. Furthermore, the method introduced in this paper can be used for any hyperelliptic curve over a finite field of characteristic 2.status: publishe

Elliptic and hyperelliptic curve point counting through deformation

The use in cryptography of the group structure on elliptic curves or the jacobians of hyperelliptic curves over finite fields has been suggested already a few decades ago. In order to exploit the difficulty of the discrete logarithm problem on these groups, their size is a parameter of central importance. In this thesis we develop a certain p-adic analytic cohomology theory which gives rise to algorithms that can compute those sizes in a very efficient way. In 2001 Kedlaya came up with an algorithm for computing the zeta function of a hyperelliptic curve of genus g using Monsky-Washnitzer cohomology. This is a certain 2g-dimensional p-adic vector space on which a Frobenius operator lives. The characteristic polynomial of this operator yields then the zeta function. A few years later Lauder used in the context of determining the size of hypersurfaces an old result of Dwork concerning deformation. Deformation is a technique that looks at families of curves, where a specific fiber is easy to treat and the variation of Frobenius throughout the family satisfies a p-adic differential equation. Our work combines these two approaches and consists mainly of constructing a relative Monsky-Washnitzer cohomology (i.e. for one-dimensional families) for hyperelliptic curves and finding interesting forms of the corresponding differential equation. By taking well-chosen families E(G), so that E(0) is defined over a very small finite field, and solving the corresponding differential equation, we can construct an algorithm for a certain type of curves that uses far less memory than Kedlaya's and is also faster. An implementation in odd characteristic gives some very nice results. By reconsidering the solution technique of the differential equation and choosing other types of families we developed also an algorithm that works for any hyperelliptic curve and still requires far less memory than Kedlaya's algorithm. A final result concerns elliptic curves, where we showed that the Frobenius operator can be 'semi-diagonalized'. This allows a running time that is quadratic in the extension degree of the finite field and e.g. lets us compute the zeta function of an elliptic curve over a field of degree 100 and characteristic 3 in half a second.status: publishe