Isogenies and the Discrete Logarithm Problem in Jacobians of Genus 3 Hyperelliptic Curves

We describe the use of explicit isogenies to translate instances of the Discrete Logarithm Problem (DLP) from Jacobians of hyperelliptic genus 3 curves to Jacobians of non-hyperelliptic genus 3 curves, where they are vulnerable to faster index calculus attacks. We provide explicit formulae for isogenies with kernel isomorphic to (\ZZ/2\ZZ)^3 (over an algebraic closure of the base field) for any hyperelliptic genus 3 curve over a field of characteristic not 2 or 3. These isogenies are rational for a positive fraction of all hyperelliptic genus 3 curves defined over a finite field of characteristic $p > 3$. Subject to reasonable assumptions, our constructions give an explicit and efficient reduction of instances of the DLP from hyperelliptic to non-hyperelliptic Jacobians for around 18.57% of all hyperelliptic genus 3 curves over a given finite field. We conclude with a discussion on extending these ideas to isogenies with more general kernels. A condensed version of this work appeared in the proceedings of the EUROCRYPT 2008 conference.Comment: This is an extended version of work that appeared in the proceedings of the Eurocrypt 2008 conferenc

Discrete logarithms in curves over finite fields

A survey on algorithms for computing discrete logarithms in Jacobians of curves over finite fields

A Generic Approach to Searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio

Constructing genus 3 hyperelliptic Jacobians with CM

Given a sextic CM field $K$, we give an explicit method for finding all genus 3 hyperelliptic curves defined over $\mathbb{C}$ whose Jacobians are simple and have complex multiplication by the maximal order of this field, via an approximation of their Rosenhain invariants. Building on the work of Weng, we give an algorithm which works in complete generality, for any CM sextic field $K$, and computes minimal polynomials of the Rosenhain invariants for any period matrix of the Jacobian. This algorithm can be used to generate genus 3 hyperelliptic curves over a finite field $\mathbb{F}_p$ with a given zeta function by finding roots of the Rosenhain minimal polynomials modulo $p$.Comment: 20 pages; to appear in ANTS XI

On rationality of the intersection points of a line with a plane quartic

We study the rationality of the intersection points of certain lines and smooth plane quartics C defined over F_q. For q \geq 127, we prove the existence of a line such that the intersection points with C are all rational. Using another approach, we further prove the existence of a tangent line with the same property as soon as the characteristic of F_q is different from 2 and q \geq 66^2+1. Finally, we study the probability of the existence of a rational flex on C and exhibit a curious behavior when the characteristic of F_q is equal to 3.Comment: 17 pages. Theorem 2 now includes the characteristic 2 case; Conjecture 1 from the previous version is proved wron

An extension of Kedlaya's algorithm for hyperelliptic curves

In this paper we describe a generalisation and adaptation of Kedlaya's algorithm for computing the zeta function of a hyperelliptic curve over a finite field of odd characteristic that the author used for the implementation of the algorithm in the Magma library. We generalise the algorithm to the case of an even degree model. We also analyse the adaptation of working with the $x^idx/y^3$ rather than the $x^idx/y$ differential basis. This basis has the computational advantage of always leading to an integral transformation matrix whereas the latter fails to in small genus cases. There are some theoretical subtleties that arise in the even degree case where the two differential bases actually lead to different redundant eigenvalues that must be discarded.Comment: v3: some minor changes and addition of a reference to a paper by Theo van den Bogaar

Exact and microscopic one-instanton calculations in N=2 supersymmetric Yang-Mills theories

We study the low-energy effective theory in N=2 super Yang-Mills theories by microscopic and exact approaches. We calculate the one-instanton correction to the prepotential for any simple Lie group from the microscopic approach. We also study the Picard-Fuchs equations and their solutions in the semi- classical regime for classical gauge groups with rank r \leq 3. We find that for gauge groups G=A_r, B_r, C_r (r \leq 3) the microscopic results agree with those from the exact solutions.Comment: 34 pages, LaTe