Hyperelliptic curve | EPFL Graph Search

In algebraic geometry, a hyperelliptic curve is an algebraic curve of genus g > 1, given by an equation of the form y^2 + h(x)y = f(x) where f(x) is a polynomial of degree n = 2g + 1 > 4 or n = 2g + 2 > 4 with n distinct roots, and h(x) is a polynomial of degree < g + 2 (if the characteristic of the ground field is not 2, one can take h(x) = 0). A hyperelliptic function is an element of the function field of such a curve, or of the Jacobian variety on the curve; these two concepts are identical for elliptic functions, but different for hyperelliptic functions. Genus The degree of the polynomial determines the genus of the curve: a polynomial of degree 2g + 1 or 2g + 2 gives a curve of genus g. When the degree is equal to 2g + 1, the curve is called an imaginary hyperelliptic curve. Meanwhile, a curve of degree 2g + 2 is termed a real hyperelliptic curve. This statement about genus remains true for g = 0 or 1, but those special cases are not cal

Computing Cyclic Isogenies between Principally Polarized Abelian Varieties over Finite Fields

Marius Lorenz Vuille

Abelian varieties are fascinating objects, combining the fields of geometry and arithmetic. While the interest in abelian varieties has long time been of purely theoretic nature, they saw their first real-world application in cryptography in the mid 1980's, and have ever since lead to broad research on the computational and the arithmetic side. The most instructive examples of abelian varieties are elliptic curves and Jacobian varieties of hyperelliptic curves, and they come naturally equipped with some additional structure, called a principal polarization. Morphisms between abelian varieties that respect both the geometric and the arithmetic structure are called isogenies. In this thesis we focus on the computation of isogenies with cyclic kernel between principally polarized abelian varieties over finite fields.

EPFL2020

Computational Aspects of Jacobians of Hyperelliptic Curves

Alina Dudeanu

Nowadays, one area of research in cryptanalysis is solving the Discrete Logarithm Problem (DLP) in finite groups whose group representation is not yet exploited. For such groups, the best one can do is using a generic method to attack the DLP, the fastest of which remains the Pollard rho algorithm with

r

-adding walks. For the first time, we rigorously analyze the Pollard rho method with

r

-adding walks and prove a complexity bound that differs from the birthday bound observed in practice by a relatively small factor. There exist a multitude of open questions in genus

2

cryptography. In this case, the DLP is defined in large prime order subgroups of rational points that are situated on the Jacobian of a genus~

2

curve defined over a large characteristic finite field. We focus on one main topic, namely we present a new efficient algorithm for computing cyclic isogenies between Jacobians. Comparing to previous work that computes non cyclic isogenies in genus~

2

, we need to restrict to certain cases of polarized abelian varieties with specific complex multiplication and real multiplication. The algorithm has multiple applications related to the structure of the isogeny graph in genus~

2

, including random self-reducibility of DLP. It helps support the widespread intuition of choosing \emph{any} curve in a class of curves that satisfy certain public and well studied security parameters. Another topic of interest is generating hyperelliptic curves for cryptographic applications via the CM method that is based on the numerical estimation of the rational Igusa class polynomials. A recent development relates the denominators of the Igusa class polynomials to counting ideal classes in non maximal real quadratic orders whose norm is not prime to the conductor. Besides counting, our new algorithm provides precise representations of such ideal classes for all real quadratic fields and is part of an implementation in Magma of the recent theoretic work in the literature on the topic of denominators.

EPFL2016

Elliptic and Hyperelliptic Curves: A Practical Security Analysis

Joppe Willem Bos, Andrea Miele

Motivated by the advantages of using elliptic curves for discrete logarithm-based public-key cryptography, there is an active research area investigating the potential of using hyperelliptic curves of genus 2. For both types of curves, the best known algorithms to solve the discrete logarithm problem are generic attacks such as Pollard rho, for which it is well-known that the algorithm can be sped up when the target curve comes equipped with an efficiently computable automorphism. In this paper we incorporate all of the known optimizations (including those relating to the automorphism group) in order to perform a systematic security assessment of two elliptic curves and two hyperelliptic curves of genus 2. We use our software framework to give concrete estimates on the number of core years required to solve the discrete logarithm problem on four curves that target the 128-bit security level: on the standardized NIST CurveP-256, on a popular curve from the Barreto-Naehrig family, and on their respective analogues in genus 2. © 2014 Springer-Verlag Berlin Heidelberg.

Springer Berlin Heidelberg2014