Explicit Formulas for Real Hyperelliptic Curves of Genus 2 in Affine Representation

We present a complete set of efficient explicit formulas for arithmetic in the degree 0 divisor class group of a genus two real hyperelliptic curve given in affine coordinates. In addition to formulas suitable for curves defined over an arbitrary finite field, we give simplified versions for both the odd and the even characteristic cases. Formulas for baby steps, inverse baby steps, divisor addition, doubling, and special cases such as adding a degenerate divisor are provided, with variations for divisors given in reduced and adapted basis. We describe the improvements and the correctness together with a comprehensive analysis of the number of field operations for each operation. Finally, we perform a direct comparison of cryptographic protocols using explicit formulas for real hyperelliptic curves with the corresponding protocols presented in the imaginary model

Group law computations on Jacobians of hyperelliptic curves

We derive an explicit method of computing the composition step in Cantor’s algorithm for group operations on Jacobians of hyperelliptic curves. Our technique is inspired by the geometric description of the group law and applies to hyperelliptic curves of arbitrary genus. While Cantor’s general composition involves arithmetic in the polynomial ring F_q[x], the algorithm we propose solves a linear system over the base field which can be written down directly from the Mumford coordinates of the group elements. We apply this method to give more efficient formulas for group operations in both affine and projective coordinates for cryptographic systems based on Jacobians of genus 2 hyperelliptic curves in general form

Counting points on hyperelliptic curves with explicit real multiplication in arbitrary genus

We present a probabilistic Las Vegas algorithm for computing the local zeta function of a genus-$g$ hyperelliptic curve defined over $\mathbb F_q$ with explicit real multiplication (RM) by an order $\Z[\eta]$ in a degree-$g$ totally real number field. It is based on the approaches by Schoof and Pila in a more favorable case where we can split the $\ell$-torsion into $g$ kernels of endomorphisms, as introduced by Gaudry, Kohel, and Smith in genus 2. To deal with these kernels in any genus, we adapt a technique that the author, Gaudry, and Spaenlehauer introduced to model the $\ell$-torsion by structured polynomial systems. Applying this technique to the kernels, the systems we obtain are much smaller and so is the complexity of solving them. Our main result is that there exists a constant $c>0$ such that, for any fixed $g$, this algorithm has expected time and space complexity $O((\log q)^{c})$ as $q$ grows and the characteristic is large enough. We prove that $c\le 9$ and we also conjecture that the result still holds for $c=7$.Comment: To appear in Journal of Complexity. arXiv admin note: text overlap with arXiv:1710.0344