Pairings on hyperelliptic curves with a real model

We analyse the efficiency of pairing computations on hyperelliptic curves given by a real model using a balanced divisor at infinity. Several optimisations are proposed and analysed. Genus two curves given by a real model arise when considering pairing friendly groups of order dividing $p^{2}-p+1$. We compare the performance of pairings on such groups in both elliptic and hyperelliptic versions. We conclude that pairings can be efficiently computable in real models of hyperelliptic curves

The Cassels-Tate pairing on polarized abelian varieties

Let (A,\lambda) be a principally polarized abelian variety defined over a global field k, and let \Sha(A) be its Shafarevich-Tate group. Let \Sha(A)_\nd denote the quotient of \Sha(A) by its maximal divisible subgroup. Cassels and Tate constructed a nondegenerate pairing \Sha(A)_\nd \times \Sha(A)_\nd \rightarrow \Q/\Z. If A is an elliptic curve, then by a result of Cassels the pairing is alternating. But in general it is only antisymmetric. Using some new but equivalent definitions of the pairing, we derive general criteria deciding whether it is alternating and whether there exists some alternating nondegenerate pairing on \Sha(A)_\nd. These criteria are expressed in terms of an element c \in \Sha(A)_\nd that is canonically associated to the polarization \lambda. In the case that A is the Jacobian of some curve, a down-to-earth version of the result allows us to determine effectively whether \#\Sha(A) (if finite) is a square or twice a square. We then apply this to prove that a positive proportion (in some precise sense) of all hyperelliptic curves of even genus g \ge 2 over \Q have a Jacobian with nonsquare \#\Sha (if finite). For example, it appears that this density is about 13% for curves of genus 2. The proof makes use of a general result relating global and local densities; this result can be applied in other situations.Comment: 41 pages, published versio

Computing canonical heights using arithmetic intersection theory

For several applications in the arithmetic of abelian varieties it is important to compute canonical heights. Following Faltings and Hriljac, we show how the canonical height on the Jacobian of a smooth projective curve can be computed using arithmetic intersection theory on a regular model of the curve in practice. In the case of hyperelliptic curves we present a complete algorithm that has been implemented in Magma. Several examples are computed and the behavior of the running time is discussed.Comment: 29 pages. Fixed typos and minor errors, restructured some sections. Added new Example

Still Wrong Use of Pairings in Cryptography

Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

Generalized Jacobians and explicit descents

We develop a cohomological description of various explicit descents in terms of generalized Jacobians, generalizing the known description for hyperelliptic curves. Specifically, given an integer $n$ dividing the degree of some reduced effective divisor $\mathfrak{m}$ on a curve $C$, we show that multiplication by $n$ on the generalized Jacobian $J_\frak{m}$ factors through an isogeny $\varphi:A_{\mathfrak{m}} \rightarrow J_{\mathfrak{m}}$ whose kernel is naturally the dual of the Galois module $(\operatorname{Pic}(C_{\overline{k}})/\mathfrak{m})[n]$. By geometric class field theory, this corresponds to an abelian covering of $C_{\overline{k}} := C \times_{\operatorname{Spec}{k}} \operatorname{Spec}(\overline{k})$ of exponent $n$ unramified outside $\mathfrak{m}$. The $n$-coverings of $C$ parameterized by explicit descents are the maximal unramified subcoverings of the $k$-forms of this ramified covering. We present applications of this to the computation of Mordell-Weil groups of Jacobians.Comment: to appear in Math. Com