On Using Expansions to the Base of -2

This short note investigates the effects of using expansions to the base of -2. The main applications we have in mind are cryptographic protocols, where the crucial operation is computation of scalar multiples. For the recently proposed groups arising from Picard curves this leads to a saving of at least 7% for the computation of an m-fold. For more general non-hyperelliptic genus 3 curves we expect a larger speed-up.Comment: 5 page

A Generic Approach to Searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio

Discrete logarithms in curves over finite fields

A survey on algorithms for computing discrete logarithms in Jacobians of curves over finite fields

Picard curves over Q with good reduction away from 3

Inspired by methods of N. P. Smart, we describe an algorithm to determine all Picard curves over Q with good reduction away from 3, up to Q-isomorphism. A correspondence between the isomorphism classes of such curves and certain quintic binary forms possessing a rational linear factor is established. An exhaustive list of integral models is determined, and an application to a question of Ihara is discussed.Comment: 27 pages; A previous lemma was incorrect and has been removed; Corrected computation has identified 18 new such curves (63 in total

Group law computations on Jacobians of hyperelliptic curves

We derive an explicit method of computing the composition step in Cantor’s algorithm for group operations on Jacobians of hyperelliptic curves. Our technique is inspired by the geometric description of the group law and applies to hyperelliptic curves of arbitrary genus. While Cantor’s general composition involves arithmetic in the polynomial ring F_q[x], the algorithm we propose solves a linear system over the base field which can be written down directly from the Mumford coordinates of the group elements. We apply this method to give more efficient formulas for group operations in both affine and projective coordinates for cryptographic systems based on Jacobians of genus 2 hyperelliptic curves in general form

Index calculus in class groups of non-hyperelliptic curves of genus three

The original publication is available at www.springerlink.comDescriptionInternational audienceWe study an index calculus algorithm to solve the discrete logarithm problem (DLP) in degree~0 class groups of non-hyperelliptic curves of genus~3 over finite fields. We present a heuristic analysis of the algorithm which indicates that the DLP in degree~0 class groups of non-hyperelliptic curves of genus~3 can be solved in an expected time of soft-O(q). This heuristic result relies on one heuristic assumption which is studied experimentally. We also present experimental data which show that a variant of the algorithm is faster than the Rho method even for small group sizes, and we address practical limitations of the algorithm

Discrete logarithms in curves over finite fields

International audienceA survey on algorithms for computing discrete logarithms in Jacobians of curves over finite fields