A fast graph algorithm for genus-2 hyperelliptic curve discrete logarithm problems
نویسندگان
چکیده
In 1989, Koblitz proposed using the Jacobian of a hyperelliptic curve defined over a finite field to implement discrete logarithm cryptographic protocols. The discrete logarithm problem of the Jacobian is called hyperelliptic curve discrete logarithm problem (HCDLP). For a hyperelliptic curve of genus g over the finite field Fq, the group order of the Jacobian is ( ) g O q which is larger than that of the additive group ,which is ( ) O q , in an elliptic curve over Fq. Since there is no subexponential algorithm to solve HCDLP of small genus, hyperelliptic curve cryptosystem under applicable setting requires shorter key length than elliptic curve cryptosystem to achieve the same security level. When genus g is large enough, the index calculus attack has subexponential time complexity. For small genus HCDLP, the algorithms based on birthday paradox is of time
منابع مشابه
Isogenies and the Discrete Logarithm Problem on Jacobians of Genus 3 Hyperelliptic Curves
We describe the use of explicit isogenies to reduce Discrete Logarithm Problems (DLPs) on Jacobians of hyperelliptic genus 3 curves to Jacobians of non-hyperelliptic genus 3 curves, which are vulnerable to faster index calculus attacks. We provide algorithms which compute an isogeny with kernel isomorphic to (Z/2Z) for any hyperelliptic genus 3 curve. These algorithms provide a rational isogeny...
متن کاملElliptic and Hyperelliptic Curves: A Practical Security Analysis
Motivated by the advantages of using elliptic curves for discrete logarithm-based public-key cryptography, there is an active research area investigating the potential of using hyperelliptic curves of genus 2. For both types of curves, the best known algorithms to solve the discrete logarithm problem are generic attacks such as Pollard rho, for which it is well-known that the algorithm can be s...
متن کاملIndex calculus for abelian varieties and the elliptic curve discrete logarithm problem
We propose an index calculus algorithm for the discrete logarithm problem on general abelian varieties. The main difference with the previous approaches is that we do not make use of any embedding into the Jacobian of a well-suited curve. We apply this algorithm to the Weil restriction of elliptic curves and hyperelliptic curves over small degree extension fields. In particular, our attack can ...
متن کاملGaudry's Variant against Cab Curves
Gaudry has described a new algorithm (Gaudry’s variant) for the discrete logarithm problem (DLP) in hyperelliptic curves. For a hyperelliptic curve of a small genus on a finite field GF(q), Gaudry’s variant solves for the DLP in time O(q2+2). This paper shows that Cab curves can be attacked with a modified form of Gaudry’s variant and presents the timing results of such attack. However, Gaudry’...
متن کاملComputing discrete logarithms in the Jacobian of high-genus hyperelliptic curves over even characteristic finite fields
We describe improved versions of index-calculus algorithms for solving discrete logarithm problems in Jacobians of high-genus hyperelliptic curves de ned over even characteristic elds. Our rst improvement is to incorporate several ideas for the low-genus case by Gaudry and Theriault, including the large prime variant and using a smaller factor base, into the large-genus algorithm of Enge and Ga...
متن کامل