Computing Discrete Logarithms in the Jacobian of High-Genus Hyperelliptic Curves over Even Characteristic Finite Fields

We describe improved versions of index-calculus algorithms for solving discrete logarithm problems in Jacobians of high-genus hyperelliptic curves defined over even characteristic fields. Our first improvement is to incorporate several ideas for the low-genus case by Gaudry and Theriault, including the large prime variant and using a smaller factor base, into the large-genus algorithm of Enge and Gaudry. We extend the analysis in [24] to our new algorithm, allowing us to predict accurately the number of random walk steps required to find all relations, and to select optimal degree bounds for the factor base. Our second improvement is the adaptation of sieving techniques from Flassenberg and Paulus, and Jacobson to our setting. The new algorithms are applied to concrete problem instances arising from the Weil descent attack methodology for solving the elliptic curve discrete logarithm problem, demonstrating significant improvements in practice

Discrete logarithms in curves over finite fields

A survey on algorithms for computing discrete logarithms in Jacobians of curves over finite fields

A Generic Approach to Searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio

Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem

International audienceWe propose an index calculus algorithm for the discrete logarithm problem on general abelian varieties of small dimension. The main difference with the previous approaches is that we do not make use of any embedding into the Jacobian of a well-suited curve. We apply this algorithm to the Weil restriction of elliptic curves and hyperelliptic curves over small degree extension fields. In particular, our attack can solve an elliptic curve discrete logarithm problem defined over GF(q^3) in heuristic asymptotic running time O~(q^(4/3)); and an elliptic problem over GF(q^4) or a genus 2 problem over GF(q^2) in heuristic asymptotic running time O~(q^(3/2))

Discrete logarithms in curves over finite fields

International audienceA survey on algorithms for computing discrete logarithms in Jacobians of curves over finite fields

A Computational Introduction to Elliptic and Hyperelliptic Curve Cryptography

At its core, cryptography relies on problems that are simple to construct but difficult to solve unless certain information (the “key”) is known. Many of these problems come from number theory and group theory. One method of obtaining groups from which to build cryptosystems is to define algebraic curves over finite fields and then derive a group structure from the set of points on those curves. This thesis serves as an exposition of Elliptic Curve Cryptography (ECC), preceded by a discussion of some basic cryptographic concepts and followed by a glance into one generalization of ECC: cryptosystems based on hyperelliptic curves

Point Counting On Genus 2 Curves

For cryptographic purposes, counting points on the jacobian variety of a given hyperelliptic curve is of great importance. There has been several approaches to obtain the cardinality of such a group, specially for hyperelliptic curves of genus 2. The best known algorithm for counting points on genus 2 curves over prime fields of large characteristic is a variant of Schoof’s genus 1 algorithm. Following a recent work of Gaudry and Schost, we show how to speed up the current state of the art genus 2 point counting algorithm by proposing various computational improvements to its basic arithmetical ingredients

The arithmetic of Jacobian groups of superelliptic cubics

International audienceWe present two algorithms for the arithmetic of cubic curves with a totally ramified prime at infinity. The first algorithm, inspired by Cantor's reduction for hyperelliptic curves, is easily implemented with a few lines of code, making use of a polynomial arithmetic package. We prove explicit reducedness criteria for superelliptic curves of genus 3 and 4, which show the correctness of the algorithm. The second approach, quite general in nature and applicable to further classes of curves, uses the FGLM algorithm for switching between Gröbner bases for different orderings. Carrying out the computations symbolically, we obtain explicit reduction formulae in terms of the input data