Pairing computation on hyperelliptic curves of genus 2

Bilinear pairings have been recently used to construct cryptographic schemes with new and novel properties, the most celebrated example being the Identity Based Encryption scheme of Boneh and Franklin. As pairing computation is generally the most computationally intensive part of any painng-based cryptosystem, it is essential to investigate new ways in which to compute pairings efficiently. The vast majority of the literature on pairing computation focuscs solely on using elliptic curves. In this thesis we investigate pairing computation on supersingular hyperelliptic curves of genus 2 Our aim is to provide a practical alternative to using elliptic curves for pairing based cryptography. Specifically, we illustrate how to implement pairings efficiently using genus 2 curves, and how to attain performance comparable to using elliptic curves. We show that pairing computation on genus 2 curves over F2m can outperform elliptic curves by using a new variant of the Tate pairing, called the r¡j pairing, to compute the fastest pairing implementation in the literature to date We also show for the first time how the final exponentiation required to compute the Tate pairing can be avoided for certain hyperelliptic curves. We investigate pairing computation using genus 2 curves over large prime fields, and detail various techniques that lead to an efficient implementation, thus showing that these curves are a viable candidate for practical use

Computing canonical heights using arithmetic intersection theory

For several applications in the arithmetic of abelian varieties it is important to compute canonical heights. Following Faltings and Hriljac, we show how the canonical height on the Jacobian of a smooth projective curve can be computed using arithmetic intersection theory on a regular model of the curve in practice. In the case of hyperelliptic curves we present a complete algorithm that has been implemented in Magma. Several examples are computed and the behavior of the running time is discussed.Comment: 29 pages. Fixed typos and minor errors, restructured some sections. Added new Example

Distortion maps for genus two curves

Distortion maps are a useful tool for pairing based cryptography. Compared with elliptic curves, the case of hyperelliptic curves of genus g > 1 is more complicated since the full torsion subgroup has rank 2g. In this paper we prove that distortion maps always exist for supersingular curves of genus g>1 and we construct distortion maps in genus 2 (for embedding degrees 4,5,6 and 12).Comment: 16 page

Constructing suitable ordinary pairing-friendly curves: A case of elliptic curves and genus two hyperelliptic curves

One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide e�cient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols. In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyper-elliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller values than ever before reported for di�erent embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to e�ciently multiply a point in a subgroup de�ned on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the �nal exponentiation in the calculation of the Tate pairing and its varian

Hardware processors for pairing-based cryptography

Bilinear pairings can be used to construct cryptographic systems with very desirable properties. A pairing performs a mapping on members of groups on elliptic and genus 2 hyperelliptic curves to an extension of the finite field on which the curves are defined. The finite fields must, however, be large to ensure adequate security. The complicated group structure of the curves and the expensive field operations result in time consuming computations that are an impediment to the practicality of pairing-based systems. The Tate pairing can be computed efficiently using the ɳT method. Hardware architectures can be used to accelerate the required operations by exploiting the parallelism inherent to the algorithmic and finite field calculations. The Tate pairing can be performed on elliptic curves of characteristic 2 and 3 and on genus 2 hyperelliptic curves of characteristic 2. Curve selection is dependent on several factors including desired computational speed, the area constraints of the target device and the required security level. In this thesis, custom hardware processors for the acceleration of the Tate pairing are presented and implemented on an FPGA. The underlying hardware architectures are designed with care to exploit available parallelism while ensuring resource efficiency. The characteristic 2 elliptic curve processor contains novel units that return a pairing result in a very low number of clock cycles. Despite the more complicated computational algorithm, the speed of the genus 2 processor is comparable. Pairing computation on each of these curves can be appealing in applications with various attributes. A flexible processor that can perform pairing computation on elliptic curves of characteristic 2 and 3 has also been designed. An integrated hardware/software design and verification environment has been developed. This system automates the procedures required for robust processor creation and enables the rapid provision of solutions for a wide range of cryptographic applications

Pairings on hyperelliptic curves with a real model

We analyse the efficiency of pairing computations on hyperelliptic curves given by a real model using a balanced divisor at infinity. Several optimisations are proposed and analysed. Genus two curves given by a real model arise when considering pairing friendly groups of order dividing $p^{2}-p+1$. We compare the performance of pairings on such groups in both elliptic and hyperelliptic versions. We conclude that pairings can be efficiently computable in real models of hyperelliptic curves

Néron-Tate heights on the Jacobians of high-genus hyperelliptic curves

We use Arakelov intersection theory to study heights on the Jacobians of high-genus hyperelliptic curves. The main results in this thesis are: 1) new algorithms for computing Neron-Tate heights of points on hyperelliptic Jacobians of arbitrary dimension, together with worked examples in genera up to 9 (pre-existing methods are restricted to genus at most 2 or 3). 2) a new definition of a naive height of a point on a hyperelliptic Jacobian of arbitrary dimension, which does not make use of a projective embedding of the Jacobian or a quotient thereof. 3) an explicit bound on the difference between the Neron-Tate height and this new naive height. 4) a new algorithm to compute sets of points of Neron-Tate height up to a given bound on a hyperelliptic Jacobian of arbitrary dimension, again without making use of a projective embedding of the Jacobian or a quotient thereof

Computing torsion for plane quartics without using height bounds

We describe an algorithm that provably computes the rational torsion subgroup of the Jacobian of a curve without relying on height bounds. Instead, it relies on computing torsion points over small number fields. Both complex analytic and Chinese remainder theorem based methods are used to find such torsion points. The method has been implemented in Magma and used to provably compute the rational torsion subgroup for more than 98% of Jacobians of curves in a dataset due to Sutherland consisting of 82240 plane quartic curves.Comment: Copy of Magma code and data file repository included as ancillary file. Comments always welcome

Second p descents on elliptic curves

Let p be a prime and let C be a genus one curve over a number field k representing an element of order dividing p in the Shafarevich-Tate group of its Jacobian. We describe an algorithm which computes the set of D in the Shafarevich-Tate group such that pD = C and obtains explicit models for these D as curves in projective space. This leads to a practical algorithm for performing 9-descents on elliptic curves over the rationals.Comment: 45 page