Deterministic Encoding and Hashing to Odd Hyperelliptic Curves
نویسندگان
چکیده
In this paper we propose a very simple and efficient encoding function from Fq to points of a hyperelliptic curve over Fq of the form H : y = f(x) where f is an odd polynomial. Hyperelliptic curves of this type have been frequently considered in the literature to obtain Jacobians of good order and pairing-friendly curves. Our new encoding is nearly a bijection to the set of Fq-rational points on H. This makes it easy to construct well-behaved hash functions to the Jacobian J of H, as well as injective maps to J(Fq) which can be used to encode scalars for such applications as ElGamal encryption. The new encoding is already interesting in the genus 1 case, where it provides a well-behaved encoding to Joux’s supersingular elliptic curves.
منابع مشابه
Indifferentiable deterministic hashing to elliptic and hyperelliptic curves
At Crypto 2010, Brier et al. proposed the first construction of a hash function into ordinary elliptic curves that was indifferentiable from a random oracle, based on Icart’s deterministic encoding from Crypto 2009. Such a hash function can be plugged into any cryptosystem that requires hashing into elliptic curves, while not compromising proofs of security in the random oracle model. However, ...
متن کاملEncoding Points on Hyperelliptic Curves over Finite Fields in Deterministic Polynomial Time
We provide new hash functions into (hyper)elliptic curves over finite fields. These functions aims at instantiating in a secure manner cryptographic protocols where we need to map strings into points on algebraic curves, typically user identities into public keys in pairingbased IBE schemes. Contrasting with recent Icart’s encoding, we start from “easy to solve by radicals” polynomials in order...
متن کاملExtracting a uniform random bit-string over Jacobian of Hyperelliptic curves of Genus 2
Abstract. Here, we proposed an improved version of the deterministic random extractors SEJ and PEJ proposed by R. R. Farashahi in [5] in 2009. By using the Mumford’s representation of a reduced divisor D of the Jacobian J(Fq) of a hyperelliptic curve H of genus 2 with odd characteristic, we extract a perfectly random bit string of the sum of abscissas of rational points on H in the support of D...
متن کاملPoint Counting in Families of Hyperelliptic Curves
Let EΓ be a family of hyperelliptic curves defined by Y 2 = Q(X,Γ), where Q is defined over a small finite field of odd characteristic. Then with γ in an extension degree n field over this small field, we present a deterministic algorithm for computing the zeta function of the curve Eγ by using Dwork deformation in rigid cohomology. The complexity of the algorithm is O(n) and it needs O(n) bits...
متن کاملEfficient Indifferentiable Hashing into Ordinary Elliptic Curves
We provide the first construction of a hash function into ordinary elliptic curves that is indifferentiable from a random oracle, based on Icart’s deterministic encoding from Crypto 2009. While almost as efficient as Icart’s encoding, this hash function can be plugged into any cryptosystem that requires hashing into elliptic curves, while not compromising proofs of security in the random oracle...
متن کامل