Group Law Computations on Jacobians of Hyperelliptic Curves

Costello, Craig; Lauter, Kristin

doi:10.1007/978-3-642-28496-0_6

Cited by 33 publications

(57 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…4 , входящие в уравне-ния (2.6), зависят от времени, а пятый корень λ не зависит от времени. Соответствующая ордината неподвижной точки пересечения…”

Section: )unclassified

“…С точки зрения современной криптографии, на гиперэллиптических кривых пара то-чек с координатами (x 1,2 , y 1,2 ) являются «сообщением», точки с координатами (x 3,4 , y 3,4 ) являются «криптограммой», а неподвижная точка с координатами (λ, μ) является откры-тым «ключом», с помощью которого мы шифруем или дешифруем сообщения [4]. Основное отличие в том, что в криптографии мы изучаем преобразования (2.11) и (2.12) над полем целых чисел или более сложным полем.…”

Section: )unclassified

See 1 more Smart Citation

On an integrable system on the plane with velocity-dependent potential

Григорьев¹,

Sozonov²,

Tsiganov³

2016

Nelin. Dinam.

View full text Add to dashboard Cite

Section: )unclassified

On an integrable system on the plane with velocity-dependent potential

Григорьев¹,

Sozonov²,

Tsiganov³

2016

Nelin. Dinam.

View full text Add to dashboard Cite

“…If enough concurrent walks are used, then the amortized cost of each individual field inversion becomes roughly 3 field multiplications -this makes affine Weierstrass coordinates the fastest known coordinate system to work with for cryptanalysis. On elliptic curves, such amortized point additions require 5 F q multiplications, 1 F q squaring and 6 F q additions; on genus 2 curves, these additions cost 20 F q multiplications, 4 F q squarings and 48 F q additions [14] -see Table 1 in Section 4.…”

Section: Preliminariesmentioning

confidence: 99%

“…In the worst case, the cost of finding this representative is six multiplications, one squaring, three additions and two negations in F q ; it takes three multiplications, three additions and a negation (this time we use ζ 4 = −(ζ 3 + ζ 2 + ζ + 1) to save a multiplication) to first determine the minimum value in {ζ i u 1 } for 0 ≤ i ≤ 4, another two multiplications to compute the corresponding ζ 2i u 0 and ±ζ 4i v 1 , and finally one negation for the v 0 -coordinate. To comply with the formulas in [14], we must also recompute the two extended coordinates u 1 u 0 and u 2 1 , which additionally incurs a multiplication and a squaring. Updating the (a i , b i ) pair costs two multiplications in Z/nZ.…”

Section: Target Curves In Genusmentioning

confidence: 99%

Elliptic and Hyperelliptic Curves: A Practical Security Analysis

Bos

Costello

Miele

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Motivated by the advantages of using elliptic curves for discrete logarithm-based public-key cryptography, there is an active research area investigating the potential of using hyperelliptic curves of genus 2. For both types of curves, the best known algorithms to solve the discrete logarithm problem are generic attacks such as Pollard rho, for which it is well-known that the algorithm can be sped up when the target curve comes equipped with an efficiently computable automorphism. In this paper we incorporate all of the known optimizations (including those relating to the automorphism group) in order to perform a systematic security assessment of two elliptic curves and two hyperelliptic curves of genus 2. We use our software framework to give concrete estimates on the number of core years required to solve the discrete logarithm problem on four curves that target the 128-bit security level: on the standardized NIST CurveP-256, on a popular curve from the Barreto-Naehrig family, and on their respective analogues in genus 2.

show abstract

“…Here we make a brief comparison with the previous works in [29] and [12], by considering the two most common operations in the context of cryptographic scalar multiplications: a point doubling (denoted DBL), and a mixed-doubling-and-addition (denoted mDBLADD) between two points. These two operations constitute the bottleneck of most state-of-the-art scalar multiplication routines, since the multiplication of a point in the Jacobian by an n-bit scalar typically requires α DBL operations and β mDBLADD operations, where α + β ≈ n. Thus, the improved operation counts in Table 1 give a rough idea of the speedups that we can expect when plugging these formulas into an existing genus 2 scalar multiplication routine that uses the formulas from [29] or [12]. (We give a better indication of the improvements over previous formulas by reporting concrete implementation numbers in Section 8.)…”

Section: Introductionmentioning

confidence: 99%

Jacobian Coordinates on Genus 2 Curves

Hışıl

Costello

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. This paper presents a new projective coordinate system and new explicit algorithms which together boost the speed of arithmetic in the divisor class group of genus 2 curves. The proposed formulas generalise the use of Jacobian coordinates on elliptic curves, and their application improves the speed of performing cryptographic scalar multiplications in Jacobians of genus 2 curves over prime fields by an approximate factor of 1.25x. For example, on a single core of an Intel Core i7-3770M (Ivy Bridge), we show that replacing the previous best formulas with our new set improves the cost of generic scalar multiplications from 243,000 to 195,000 cycles, and drops the cost of specialised GLV-style scalar multiplications from 166,000 to 129,000 cycles.

show abstract

Group Law Computations on Jacobians of Hyperelliptic Curves

Cited by 33 publications

References 37 publications

On an integrable system on the plane with velocity-dependent potential

On an integrable system on the plane with velocity-dependent potential

Elliptic and Hyperelliptic Curves: A Practical Security Analysis

Jacobian Coordinates on Genus 2 Curves

Contact Info

Product

Resources

About