Abstract
We present an index-calculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we describe our breaking of a cryptosystem based on a curve of genus 6 recently proposed by Koblitz.
This work was supported by Action COURBES of INRIA (action coopérative de la direction scientifique de l’INRIA).
Chapter PDF
References
L. M. Adleman, J. DeMarrais, and M.-D. Huang. A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields. In L. Adleman and M.-D. Huang, editors, ANTS-I, volume 877 of Lecture Notes in Comput. Sci., pages 28–40. Springer-Verlag, 1994. 1st Algorithmic Number Theory Symposium-Cornell University, May 6–9, 1994.
W. Bosma and J. Cannon. Handbook of Magma functions, 1997. Sydney, http://www.maths.usyd.edu.au:8000/u/magma/.
J. Buhler and N. Koblitz. Lattice basis reduction, Jacobi sums and hyperellitic cryptosystems. Bull. Austral. Math. Soc., 58:147–154, 1998.
D. G. Cantor. Computing in the Jacobian of an hyperelliptic curve. Math. Comp., 48(177):95–101, 1987.
S. Cavallar. Strategies in filtering in the Number Field Sieve. Extended abstract, conference MPKC, Toronto, June 1999.
F. Chabaud and R. Lercier. ZEN, A new toolbox for computing in finite extensions of finite rings, February 1998. distributed with the ZEN package at http://www.dmi.ens.fr/~zen.
J. Chao, N. Matsuda, O. Nakamura, and S. Tsujii. Cryptosystems based on CM abelian variety. In Proc. Symposium on Cryptography and Information Security, 1997.
T. Denny and D. Weber. The solution of McCurley’s discrete log challenge. In H. Krawczyk, editor, Proc. of CRYPTO’98”, volume 1462 of Lecture Notes in Comput. Sci., pages 458–471, 1998.
I. Duursma, P. Gaudry, and F. Morain. Speeding up the discrete log computation on curves with automorphisms. In K.Y. Lam, E. Okamoto, and C. Xing, editors, Advances in Cryptology — ASIACRYPT’ 99, volume 1716 of Lecture Notes in Comput. Sci., pages 103–121. Springer-Verlag, 1999. International Conference on the Theory and Applications of Cryptology and Information Security, Singapore, November 1999, Proceedings.
I. Duursma and K. Sakurai. Efficient algorithms for the jacobian variety of hyperelliptic curves y 2 = x p − x + 1 over a finite field of odd characteristic p. In Proceedings of the “International Conference on Coding Theory, Cryptography and Related Areas”, Lecture Notes in Comput. Sci., 1999. Guanajuato, Mexico on April, 1998.
A. Enge. Computing discrete logarithms in high-genus hyperelliptic jacobians in provably subexponential time. Preprint; available at http://www.math.uwaterloo.ca/CandO_Dept/CORR/corr99.html, 1999.
A. Enge and P. Gaudry. A general framework for subexponential discrete logarithm algorithms. In preparation, 1999.
R. Flassenberg and S. Paulus. Sieving in function fields. Preprint; available at ftp://ftp.informatik.tu-darmstadt.de/pub/TI/TR/TI-97-13.rafla.ps.gz, 1997.
G. Frey and H.-G. Rück. A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp., 62(206):865–874, April 1994.
W. Fulton. Algebraic curves. Math. Lec. Note Series. W. A. Benjamin Inc, 1969.
S. D. Galbraith and N. Smart. A cryptographic application of Weil descent. Preprint HP-LABS Technical Report (Number HPL-1999-70)., 1999.
R. Gallant, R. Lambert, and S. Vanstone. Improving the parallelized Pollard lambda search on binary anomalous curves. http://www.certicom.com/chal/download/paper.ps, 1998.
T. Granlund. The GNU Multiple Precision arithmetic library — 2.0.2. GNU, 1996. distributed with the gmp package at ftp://prep.ai.mit.edu/pub/gnu/gmp-M.N.tar.gz.
J. L. Haffner and K. S. McCurley. A rigorous subexponential algorithm for computation of class groups. J. Amer. Math. Soc., 2(4):837–850, 1989.
J.-C. Hervé, B. Serpette, and J. Vuillemin. BigNum: A portable and efficient package for arbitrary-precision arithmetic. Technical Report 2, Digital Paris Research Laboratory, May 1989.
M.-D. Huang and D. Ierardi. Counting points on curves over finite fields. J. Symbolic Comput., 25:1–21, 1998.
T. Izu, J. Kogure, M. Noro, and K. Yokoyama. Efficient implementation of Schoof’s algorithm. In K. Ohta and D. Pei, editors, Advances in Cryptology — ASIACRYPT’ 98, volume 1514 of Lecture Notes in Comput. Sci., pages 66–79. Springer-Verlag, 1998. International Conference on the theory and application of cryptology and information security, Beijing, China, October 1998.
N. Koblitz. Elliptic curve cryptosystems. Math. Comp., 48(177):203–209, January 1987.
N. Koblitz. Hyperelliptic cryptosystems. J. of Cryptology, 1:139–150, 1989.
N. Koblitz. A family of jacobians suitable for discrete log cryptosystems. In S. Goldwasser, editor, Advances in Cryptology — CRYPTO’ 88, volume 403 of Lecture Notes in Comput. Sci., pages 94–99. Springer-Verlag, 1990. Proceedings of a conference on the theory and application of cryptography held at the University of California, Santa Barbara, August 21–25, 1988.
N. Koblitz. Algebraic aspects of cryptography, volume 3 of Algorithms and Computation in Mathematics. Springer-Verlag, 1998.
B. A. LaMacchia and A. M. Odlyzko. Solving large sparse linear systems over finite fields. In A. J. Menezes and S. A. Vanstone, editors, Advances in Cryptology, volume 537 of Lecture Notes in Comput. Sci., pages 109–133. Springer-Verlag, 1990. Proc. Crypto’ 90, Santa Barbara, August 11–15, 1988.
R. Lercier. Algorithmique des courbes elliptiques dans les corps finis. Thèse, École polytechnique, June 1997.
R. Lercier and F. Morain. Counting the number of points on elliptic curves over finite fields: strategies and performances. In L. C. Guillou and J.-J. Quisquater, editors, Advances in Cryptology — EUROCRYPT’ 95, volume 921 of Lecture Notes in Comput. Sci., pages 79–94, 1995. Saint-Malo, France, May 1995, Proceedings.
A. Menezes, T. Okamoto, and S. A. Vanstone. Reducing elliptic curves logarithms to logarithms in a finite field. IEEE Trans. Inform. Theory, 39(5):1639–1646, September 1993.
V. Miller. Use of elliptic curves in cryptography. In A.M. Odlyzko, editor, Advances in Cryptology — CRYPTO’ 86, volume 263 of Lecture Notes in Comput. Sci., pages 417–426. Springer-Verlag, 1987. Proceedings, Santa Barbara (USA), August 11–15, 1986.
V. Müller, A. Stein, and C. Thiel. Computing discrete logarithms in real quadratic congruence function fields of large genus. Math. Comp., 68(226):807–822, 1999.
J. Pila. Frobenius maps of abelian varieties and finding roots of unity in finite fields. Math. Comp., 55(192):745–763, October 1990.
J. M. Pollard. Monte Carlo methods for index computation mod p. Math. Comp., 32(143):918–924, July 1978.
H. G. Rück. On the discrete logarithm in the divisor class group of curves. Math. Comp., 68(226):805–806, 1999.
Y. Sakai and K. Sakurai. Design of hyperelliptic cryptosystems in small charatcteristic and a software implementation over \( \mathbb{F}_{2^n } \). In K. Ohta and D. Pei, editors, Advances in Cryptology, volume 1514 of Lecture Notes in Comput. Sci., pages 80–94. Springer-Verlag, 1998. Proc. Asiacrypt’ 98, Beijing, October, 1998.
T. Satoh and K. Araki. Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Comment. Math. Helv., 47(1):81–92, 1998.
I. A. Semaev. Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curves in characteristic p. Math. Comp., 67(221):353–356, January 1998.
V. Shoup. Lower bounds for discrete logarithms and related problems. In W. Fumy, editor, Advances in Cryptology — EUROCRYPT’ 97, volume 1233 of Lecture Notes in Comput. Sci., pages 256–266. Springer-Verlag, 1997. International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 1997, Proceedings.
N. Smart. The discrete logarithm problem on elliptic curves of trace one. J. of Cryptology, 12(3):193–196, 1999.
N. Smart. On the performance of hyperelliptic cryptosystems. In J. Stern, editor, Advances in Cryptology — EUROCRYPT’ 99, volume 1592 of Lecture Notes in Comput. Sci., pages 165–175. Springer-Verlag, 1999. International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 1999, Proceedings.
A.-M. Spallek. Kurven vom Geschlecht 2 und ihre Anwendung in Public-Key-Kryptosystemen. PhD thesis, Universität Gesamthochschule Essen, July 1994.
A. Stein and E. Teske. Catching kangaroos in function fields. Preprint, March 1999.
R. G. Swan. Factorization of polynomials over finite fields. Pacific J. Math., 12:1099–1106, 1962.
E. Teske. Speeding up Pollard’s rho method for computing discrete logarithms. In J. P. Buhler, editor, Algorithmic Number Theory, volume 1423 of Lecture Notes in Comput. Sci., pages 541–554. Springer-Verlag, 1998. Third International Symposium, ANTS-III, Portland, Oregon, june 1998, Proceedings.
P. C. van Oorschot and M. J. Wiener. Parallel collision search with cryptanalytic applications. J. of Cryptology, 12:1–28, 1999.
D. H. Wiedemann. Solving sparse linear equations over finite fields. IEEE Trans. Inform. Theory, IT-32(1):54–62, 1986.
M. J. Wiener and R. J. Zuccherato. Faster attacks on elliptic curve cryptosystems. In S. Tavares and H. Meijer, editors, Selected Areas in Cryptography’ 98, volume 1556 of Lecture Notes in Comput. Sci. Springer-Verlag, 1999. 5th Annual International Workshop, SAC’98, Kingston, Ontario, Canada, August 17–18, 1998, Proceedings.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gaudry, P. (2000). An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves. In: Preneel, B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45539-6_2
Download citation
DOI: https://doi.org/10.1007/3-540-45539-6_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67517-4
Online ISBN: 978-3-540-45539-4
eBook Packages: Springer Book Archive