Richelot Isogenies, Pairings on Squared Kummer Surfaces and Applications

Isogeny-based cryptosystem from elliptic curves has been well studied for several years, but there are fewer works about isogenies on hyperelliptic curves to this date. In this work, we make the first step to explore isogenies and pairings on generic squared Kummer surfaces, which is believed to be a better type of Kummer surfaces. The core of our work is the Richelot isogeny having two kernels together with each dual onto the squared Kummer surfaces, then a chain of Richelot isogenies is constructed simply. Besides, with the coordinate system on the Kummer surface, we modify the squared pairings, so as to propose a self-contained pairing named squared symmetric pairing, which can be evaluated with arithmetic on the same squared Kummer surface. In the end, as applications, we present a Verifiable Delay Function and a Delay Encryption on squared Kummer surfaces

Границы сбалансированной степени вложения для криптографии на билинейных спариваниях

Вводится формула для расчёта границ сбалансированной степени вложения гиперэллиптической кривой. Вычислены текущие границы для кривых рода 1-3. Для кривых с известными алгоритмами генерации, наименьшими р-значениями и степенями вложения от 1 до 10 вычислен диапазон значений, которому принадлежит уровень безопасности кривой

Non-Cyclic Subgroups of Jacobians of Genus Two Curves with Complex Multiplication

Let E be an elliptic curve defined over a finite field. Balasubramanian and Koblitz have proved that if the l-th roots of unity m_l is not contained in the ground field, then a field extension of the ground field contains m_l if and only if the l-torsion points of E are rational over the same field extension. We generalize this result to Jacobians of genus two curves with complex multiplication. In particular, we show that the Weil- and the Tate-pairing on such a Jacobian are non-degenerate over the same field extension of the ground field

Self-pairings on Hyperelliptic Curves

A self-pairing is a pairing computation where both inputs are the same group element. Self-pairings are used in some cryptographic schemes and protocols. In this paper, we show how to compute the Tate-Lichtenbaum pairing (D,\phi(D)) on a curve more efficiently than the general case. The speedup is obtained by requiring a simpler final exponentiation. We also discuss how to use this pairing in cryptographic applications

Twisted Ate Pairing on Hyperelliptic Curves and Applications

In this paper we show that the twisted Ate pairing on elliptic curves can be generalized to hyperelliptic curves, we also give a series of variations of the hyperelliptic Ate and twisted Ate pairings. Using the hyperelliptic Ate pairing and twisted Ate pairing, we propose a new approach to speed up the Weil pairing computation, and obtain an interested result: For some hyperelliptic curves with high degree twist, using this approach to compute Weil pairing will be faster than Tate pairing, Ate pairing etc. all known pairings

Efficient and Generalized Pairing Computation on Abelian Varieties

In this paper, we propose a new method for constructing a bilinear pairing over (hyper)elliptic curves, which we call the R-ate pairing. This pairing is a generalization of the Ate and Ate_i pairing, and also improves efficiency of the pairing computation. Using the R-ate pairing, the loop length in Miller\u27s algorithm can be as small as ${\rm log}(r^{1 / \phi(k)})$ for some pairing-friendly elliptic curves which have not reached this lower bound. Therefore we obtain from 29 % to 69 % savings in overall costs compared to the Ate_i pairing. On supersingular hyperelliptic curves of genus 2, we show that this approach makes the loop length in Miller\u27s algorithm shorter than that of the Ate pairing

On Cryptographic Protocols Employing Asymmetric Pairings -- The Role of Ψ\Psi Revisited

Asymmetric pairings $e : \mathbb{G}_1 \times \mathbb{G}_2 \rightarrow \mathbb{G}_T$ for which an efficiently-computable isomorphism $\psi : \mathbb{G}_2 \rightarrow \mathbb{G}_1$ is known are called Type 2 pairings; if such an isomorphism $\psi$ is not known then $e$ is called a Type 3 pairing. Many cryptographic protocols in the asymmetric setting rely on the existence of $\psi$ for their security reduction while some use it in the protocol itself. For these reasons, it is believed that some of these protocols cannot be implemented with Type 3 pairings, while for some the security reductions either cannot be transformed to the Type 3 setting or else require a stronger complexity assumption. Contrary to these widely held beliefs, we argue that Type 2 pairings are merely inefficient implementations of Type 3 pairings, and appear to offer no benefit for protocols based on asymmetric pairings from the point of view of functionality, security, and performance

Criptografia amb aparellaments

"L'objectiu d'aquest treball és conèixer a fons l'estat actual de la criptografia basada en aparellaments, fent ús de potents eines de la teoria de nombres i la geometria algebraica per a comprendre en profunditat la teoria matemàtica subjacent en cadascuna de les seves aplicacions. En primer lloc, fem una breu explicació d'algunes de les aplicacions criptogràfiques basades en aparellaments que més impacte han tingut en el desenvolupament d'aquest camp de recerca. Per altra banda, estudiem en detall la construcció i implementació dels aparellaments més utilitzats en corbes el.líptiques i hiperel.líptiques: l'aparellament de Weil i el de Tate. Finalment, resseguim l'evolució de l'aparellament de Tate-Lichtenbaum des de la seva definició original fins a una definició explícita i senzilla, i per tant totalment adaptada per al seu ús en criptografia. . El primer objectiu d'aquest projecte és conéixer l'estat actual de la criptografia basada en aparellaments en general, mantenint com a focus d'interés la criptografia basada en la identitat. En aquest sentit, per a nosaltres conéixer voldrà dir per una banda dominar la fonamentació matemàtica i per l'altre considerar les aplicacions presents i futures en l'àmbit de la criptografia de clau pública.

Hyperelliptic Pairings

We survey recent research on pairings on hyperelliptic curves and present a comparison of the performance characteristics of pairings on elliptic curves and hyperelliptic curves. Our analysis indicates that hyperelliptic curves are not more efficient than elliptic curves for general pairing applications. © 2007 Springer-Verlag Berlin Heidelberg.status: publishe