Decomposition Attack for the Jacobian of a Hyperelliptic Curve over an Extension Field

We study the solution of the discrete logarithm problem for the Jacobian of a curve of genus g defined over an extension field Fqn , by decomposed attack, considering a external elements B0 given by points of the curve whose x-coordinates are defined in Fq. In the decomposed attack, an element of the group which is written by a sum of some elements of external elements is called (potentially) decomposed and the set of the terms, that appear in the sum, is called decomposed factor. In order for the running of the decomposed attack, a test for the (potential) decomposeness and the computation of the decomposed factor are needed. Here, we show that the test to determine if an element of the Jacobian (i.e., reduced divisor) is written by an ng sum of the elements of the external elements and the computation of decomposed factor are reduced to the problem of solving some multivariable polynomial system of equations by using the Riemann-Roch theorem. In particular, in the case of a hyperelliptic curve, we construct a concrete system of equations, which satisfies these properties and consists of (n−n)g quadratic equations. Moreover, in the case of (g, n) = (1, 3), (2, 2) and (3, 2), we give examples of the concrete computation of the decomposed factors by using the computer algebra system Magma.