Efficient Doubling on Genus 3 Curves over Binary Fields

  • Xinxin Fan
  • Thomas Wollinger
  • Yumin Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3860)


The most important and expensive operation in a hyperelliptic curve cryptosystem (HECC) is the scalar multiplication by an integer k, i.e., computing an integer k times a divisor D on the Jacobian. Using some recoding algorithms for the scalar, we can reduce the number of divisor class additions during the process of computing the scalar multiplication. On the other side, the divisor doublings will stay the same for all kinds of scalar multiplication algorithms. In this paper we accelerate the divisor doublings for genus 3 HECC over binary fields by using special types of curves. Depending on the degree of h, our explicit formulae only require 1I + 11M + 11S, 1I + 13M + 13S, 1I + 20M + 12S and 1I + 26M + 11S for divisor doublings in the best case, respectively. Especially, for the case of deg h = 1, our explicit formula improve the recent result in [GKP04] significantly by saving 31M at the cost of extra 7S. In addition, we discuss some cases which are not included in [GKP04].

By constructing birational transformation of variables, we derive explicit doubling formulae for special types of equations of the curve. For each type of curve, we analyze how many field operations are needed. So far no attack on any of the all curves suggested in this paper is known, even though some cases are very special. Our results allow to choose curves from a large variety which have extremely fast doubling needing only one third the time of an addition in the best case. Furthermore, an actual implementation of the new formulae on a Pentium-M processor shows their practical relevance.


Genus 3 Hyperelliptic Curve Explicit Doubling Formulae Fast Arithmetic Binary Fields 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avanzi, R.M.: Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 148–162. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Boston, N., Clancy, T., Liow, Y., Webster, J.: Genus Two Hyperelliptic Curve Coprocessor. In: Kaliski, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 529–539. Springer, Heidelberg (2003); Updated version available at
  3. 3.
    Byramjee, B., Duqesne, S.: Classification of genus 2 curves over \(F_2{^n}\) and optimazation of their arithmetic. Cryptology ePrint Archieve, Report 2004/107 (2004),
  4. 4.
    Cantor, D.G.: Computing In The Jacobian Of A Hyperelliptic Curve. Math. Comp. 48, 95–101 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman Hall/CRC (2005)Google Scholar
  6. 6.
    Clancy, T.: Analysis of FPGA-based Hyperelliptic Curve Cryptosystems. Master’s thesis, University of Illinois Urbana-Champaign (December 2002)Google Scholar
  7. 7.
    Elias, G., Miri, A., Yeap, T.H.: High-Performance, FPGA-Based Hyperelliptic Curve Cryptosystems. In: The Proceeding of the 22nd Biennial Symposium on Communications, Queen’s University, Kingston, Ontario, Canada (May 2004)Google Scholar
  8. 8.
    Fan, X., Wollinger, T., Wang, Y.: Inversion-Free Arithmetic on Genus 3 Hyperelliptic Curves and Its Implementations. In: International Conference on Information Technology: Coding and Computing - ITCC, pp. 642–647. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  9. 9.
    Galbraith, S.D.: Supersingular Curves in Cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Gaudry, P., Harley, R.: Counting Points on Hyperelliptic Curves over Finite Fields. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 297–312. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Guyot, C., Kaveh, K., Patankar, V.M.: Explicit Algorithm for The Arithmetic on The Hyperelliptic Jacobians of Genus 3. Journal of Ramanujan Mathematical Society 19(2), 119–159 (2004)MathSciNetGoogle Scholar
  12. 12.
    Günther, C., Lange, T., Stein, A.: Speeding up the Arithmetic on Koblitz Curves of Genus Two. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 106–117. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Gonda, M., Matsuo, K., Aoki, K., Chao, J., Tsujii, S.: Improvements Of Addition Algorithm On Genus 3 Hyperelliptic Curves And Their Implementations. In: Proc. of SCIS 2004, Japan (2004)Google Scholar
  14. 14.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Koblitz, N.: A Family of Jacobians Suitable for Discrete Log Cryptosystems. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 94–99. Springer, Berlin (1990)Google Scholar
  16. 16.
    Koblitz, N.: Hyperelliptic Cryptosystems. In: Brickell, E.F. (ed.) Journal of Cryptology, pp. 139–150 (1989)Google Scholar
  17. 17.
    Kim, H., Wollinger, T., Choi, Y., Chung, K., Paar, C.: Hyperelliptic Curve Coprocessors on a FPGA. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 360–374. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Lange, T.: Formulae for Arithmetic on Genus 2 Hyperelliptic Curves. Jounal of AAECC (Septemper 2003)Google Scholar
  19. 19.
    Lange, T.: Koblitz Curve Cryptosystems. Finite Fields and Their Applications (2004) (to appear)Google Scholar
  20. 20.
    Lockhart, P.: On the discriminant of a hyperelliptic curve. Tran. Amer. Math. Soc. 342(2), 729–752 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Lange, T., Stevens, M.: Efficient Doubling on Genus Two Curves over Binary Fields. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 170–181. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Miller, V.: Uses of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Berlin (1986)Google Scholar
  23. 23.
    Menezes, A., Wu, Y., Zuccherato, R.: An Elementary Introduction to Hyperelliptic Curve. Technical Report CORR 96-19, University of Waterloo (1996), Canada, Available at
  24. 24.
    Mumford, D.: Tata Lectures on Theta II. Progress in Mathematics, vol. 43. Birkhäuser, Basel (1984)zbMATHGoogle Scholar
  25. 25.
    Pelzl, J.: Hyperelliptic Cryptosystems on Embedded Microprocessor. Master’s thesis, Department of Electronical Engineering and Information Sciences, Ruhr-Universitaet Bochum, Bochum, Germany (September 2002)Google Scholar
  26. 26.
    Pelzl, J., Wollinger, T., Guajardo, J., Paar, C.: Hyperelliptic Curve Cryptosystems: Closing The Performance Gap To elliptic Curve (Update), Cryptology ePrint Archieve, Report 2003/026 (2003),
  27. 27.
    Pelzl, J., Wollinger, T., Paar, C.: Low Cost Security: Explicit Formulae for Genus-4 Hyperelliptic Curves. In: Matsui, M., Zuccherato, R. (eds.) SAC 2003. LNCS, vol. 3006, pp. 1–16. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Rubin, K., Silverberg, A.: Supersingular abelian varieties in cryptology. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 336–353. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  29. 29.
    Thériault, N.: Index calculus attack for hyperelliptic curves of small genus. In: Goos, G., Hartmanis, J., van Leeuwen, J. (eds.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 79–92. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    Wollinger, T.: Software and Hardware Implementation of Hyperelliptic Curve Cryptosystems. Europäischer Universitätsverlag, 3-86515-025-X (2004)Google Scholar
  31. 31.
    Wollinger, T., Pelzl, J., Wittelsberger, V., Paar, C., Saldamli, G., Koç, Ç.K.: Elliptic & hyperelliptic curves on embedded μp. ACM Transactions in Embedded Computing Systems, TECS (2003), Special Issue on Embedded Systems and SecurityGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Xinxin Fan
    • 1
  • Thomas Wollinger
    • 2
  • Yumin Wang
    • 1
  1. 1.State Key Lab of Integrated Service NetworksXidian UniversityXi’anP.R. China
  2. 2.Communication Security Group (COSY)Ruhr-Universitäet BochumGermany

Personalised recommendations