On Using Expansions to the Base of -2

This short note investigates the effects of using expansions to the base of -2. The main applications we have in mind are cryptographic protocols, where the crucial operation is computation of scalar multiples. For the recently proposed groups arising from Picard curves this leads to a saving of at least 7% for the computation of an m-fold. For more general non-hyperelliptic genus 3 curves we expect a larger speed-up.Comment: 5 page

A Generic Approach to Searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio

Curves, Jacobians, and Cryptography

The main purpose of this paper is to give an overview over the theory of abelian varieties, with main focus on Jacobian varieties of curves reaching from well-known results till to latest developments and their usage in cryptography. In the first part we provide the necessary mathematical background on abelian varieties, their torsion points, Honda-Tate theory, Galois representations, with emphasis on Jacobian varieties and hyperelliptic Jacobians. In the second part we focus on applications of abelian varieties on cryptography and treating separately, elliptic curve cryptography, genus 2 and 3 cryptography, including Diffie-Hellman Key Exchange, index calculus in Picard groups, isogenies of Jacobians via correspondences and applications to discrete logarithms. Several open problems and new directions are suggested.Comment: 66 page

Computing functions on Jacobians and their quotients

We show how to efficiently compute functions on jacobian varieties and their quotients. We deduce a quasi-optimal algorithm to compute $(l,l)$ isogenies between jacobians of genus two curves

Group law computations on Jacobians of hyperelliptic curves

We derive an explicit method of computing the composition step in Cantor’s algorithm for group operations on Jacobians of hyperelliptic curves. Our technique is inspired by the geometric description of the group law and applies to hyperelliptic curves of arbitrary genus. While Cantor’s general composition involves arithmetic in the polynomial ring F_q[x], the algorithm we propose solves a linear system over the base field which can be written down directly from the Mumford coordinates of the group elements. We apply this method to give more efficient formulas for group operations in both affine and projective coordinates for cryptographic systems based on Jacobians of genus 2 hyperelliptic curves in general form

Discrete logarithms in curves over finite fields

A survey on algorithms for computing discrete logarithms in Jacobians of curves over finite fields

Explicit endomorphisms and correspondences

In this work, we investigate methods for computing explicitly with homomorphisms (and particularly endomorphisms) of Jacobian varieties of algebraic curves. Our principal tool is the theory of correspondences, in which homomorphisms of Jacobians are represented by divisors on products of curves. We give families of hyperelliptic curves of genus three, five, six, seven, ten and fifteen whose Jacobians have explicit isogenies (given in terms of correspondences) to other hyperelliptic Jacobians. We describe several families of hyperelliptic curves whose Jacobians have complex or real multiplication; we use correspondences to make the complex and real multiplication explicit, in the form of efficiently computable maps on ideal class representatives. These explicit endomorphisms may be used for efficient integer multiplication on hyperelliptic Jacobians, extending Gallant--Lambert--Vanstone fast multiplication techniques from elliptic curves to higher dimensional Jacobians. We then describe Richelot isogenies for curves of genus two; in contrast to classical treatments of these isogenies, we consider all the Richelot isogenies from a given Jacobian simultaneously. The inter-relationship of Richelot isogenies may be used to deduce information about the endomorphism ring structure of Jacobian surfaces; we conclude with a brief exploration of these techniques