Abstract
This paper introduces a fast algorithm for solving the DLP of Jacobian of hyperelliptic curve of small genus. To solve the DLP, Gaudry first shows that the idea of index calculus is effective, if a subset of the points of the hyperelliptic curve of the base field is taken by the smooth elements of index calculus. In an index calculus theory, a special element (in our case it is the point of hyperelliptic curve), which is not a smooth element, is called a large prime. A divisor, written by the sum of several smooth elements and one large prime, is called an almost smooth divisor. By the use of the almost smooth divisor, Thériault improved this index calculus. In this paper, a divisor, written by the sum of several smooth elements and two large primes, is called a 2-almost smooth divisor. By use of the 2-almost smooth divisor, we are able to give more improvements. The algorithm of this attack consists of the following seven parts: 1) Preparing, 2) Collecting reduced divisors, 3) Making sufficiently large sets of almost smooth divisors, 4) Making sufficiently large sets of smooth divisors, 5) Solving the linear algebra, 6) Finding a relation of collected reduced divisors, and 7) Computing a discreet logarithm. Parts 3) and 4) need complicated eliminations of the large prime, which is the key idea presented within this paper. Before the tasks in these parts are completed, two sub-algorithms for the eliminations of the large prime have been prepared. To explain how this process works, we prove the probability that this algorithm does not work to be negligible, and we present the expected complexity and the expected storage of the attack.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
M. Adleman, J. DeMarrais and M.-D. Huang, A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields. Algorithmic Number Theory, ANTS-I, LNCS,877, Springer-Verlag, 1994, 28–40.
C. Diem, An Index Calculus Algorithm for Plane Curves of Small Degree. Algorithmic Number Theory—ANTS VII, LNCS,4076, Springer-Verlag, 2006, 543–557.
A. Enge and P. Gaudry, A general framework for subexponential discrete logarithm algorithms. Acta Arith.,102 (2002), 83–103.
P. Gaudry, An algorithm for solving the discrete log problem on hyperelliptic curves. Eurocrypt 2000, LNCS,1807, Springer-Verlag, 2000, 19–34.
P. Gaudry, E. Thomé, Thériault and C. Diem, A double large prime variation for small genus hyperelliptic index calculus. Math. Comp.,76 (2007), 475–492.
R. Granger and F. Vercauteren, On the Discrete Logarithm Problem on Algebraic Tori. Advances in Cryptology, CRYPTO 2005, LNCS,3621, Springer-Verlag, 2005, 66–85.
B.A. LaMacchia and A.M. Odlyzko, Solving large sparse linear systems over finite fields. Crypto ’90, LNCS,537, Springer-Verlag, 1990, 109–133.
N. Thériault, Index calculus attack for hyperelliptic curves of small genus. ASIACRYPT 2003, LNCS,2894, Springer-Verlag, 2003, 75–92.
D.H. Wiedemann, Solving sparse linear equations over finite fields. IEEE Trans. Inform. Theory,32 (1986), 54–62.
Author information
Authors and Affiliations
Corresponding author
About this article
Cite this article
Nagao, Ki. Index calculus attack for Jacobian of hyperelliptic curves of small genus using two large primes. Japan J. Indust. Appl. Math. 24, 289 (2007). https://doi.org/10.1007/BF03167541
Received:
Revised:
DOI: https://doi.org/10.1007/BF03167541