Computational Aspects of Jacobians of Hyperelliptic Curves

Nowadays, one area of research in cryptanalysis is solving the Discrete Logarithm Problem (DLP) in finite groups whose group representation is not yet exploited. For such groups, the best one can do is using a generic method to attack the DLP, the fastest of which remains the Pollard rho algorithm with $r$-adding walks. For the first time, we rigorously analyze the Pollard rho method with $r$-adding walks and prove a complexity bound that differs from the birthday bound observed in practice by a relatively small factor. There exist a multitude of open questions in genus $2$ cryptography. In this case, the DLP is defined in large prime order subgroups of rational points that are situated on the Jacobian of a genus~$2$ curve defined over a large characteristic finite field. We focus on one main topic, namely we present a new efficient algorithm for computing cyclic isogenies between Jacobians. Comparing to previous work that computes non cyclic isogenies in genus~$2$, we need to restrict to certain cases of polarized abelian varieties with specific complex multiplication and real multiplication. The algorithm has multiple applications related to the structure of the isogeny graph in genus~$2$, including random self-reducibility of DLP. It helps support the widespread intuition of choosing \emph{any} curve in a class of curves that satisfy certain public and well studied security parameters. Another topic of interest is generating hyperelliptic curves for cryptographic applications via the CM method that is based on the numerical estimation of the rational Igusa class polynomials. A recent development relates the denominators of the Igusa class polynomials to counting ideal classes in non maximal real quadratic orders whose norm is not prime to the conductor. Besides counting, our new algorithm provides precise representations of such ideal classes for all real quadratic fields and is part of an implementation in Magma of the recent theoretic work in the literature on the topic of denominators

Collision bounds for the additive Pollard rho algorithm for solving discrete logarithms

We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group $\mathbf {G}$ . Unlike the setting studied by Kim et al., we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds differ from the birthday bound (||)$\mathcal {O}(\sqrt{\vert \mathbf {G}\vert })$ by a factor of log||$\sqrt{\log {\vert \mathbf {G}\vert }}$ and are based on mixing time estimates for random walks on finite abelian groups due to Dou and Hildebran

Collision Bounds for the Additive Pollard Rho Algorithm for Solving Discrete Logarithms

We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group $G$. Unlike the setting studied by Kim et al. we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds differ from the birthday bound $O(\sqrt{|G|})$ by a factor of $\sqrt{\log{|G|}}$ and are based on mixing time estimates for random walks on finite abelian groups due to Hildebrand

Cyclic Isogenies for Abelian Varieties with Real Multiplication

We study quotients of principally polarized abelian varieties with real multiplication by Galois-stable finite subgroups and describe when these quotients are principally polarizable. We use this characterization to provide an algorithm to compute explicit cyclic isogenies from kernel for abelian varieties with real multiplication over finite fields. Our algorithm is polynomial in the size of the finite field as well as in the degree of the isogeny and is based on Mumford's theory of theta functions and theta embeddings. Recently, the algorithm has been successfully applied to obtain new results on the discrete logarithm problem in genus 2 as well as to study the discrete logarithm problem in genus 3

Cyclic Isogenies for Abelian Varieties with Real Multiplication

We study quotients of principally polarized abelian varieties with real multiplication by Galois-stable finite subgroups and describe when these quotients are principally polarizable. We use this characterization to provide an algorithm to compute explicit cyclic isogenies from kernel for abelian varieties with real multiplication over finite fields. Our algorithm is polynomial in the size of the finite field as well as in the degree of the isogeny and is based on Mumford's theory of theta functions and theta embeddings. Recently, the algorithm has been successfully applied to obtain new results on the discrete logarithm problem in genus 2 as well as to study the discrete logarithm problem in genus 3