# Elliptic and Hyperelliptic Curve Cryptography

• Nigel Boston
• Matthew Darnall
Chapter

## Introduction

Suppose two parties, Alice (A) and Bob (B), want to send messages between themselves without an eavesdropper Eve (E) reading the messages. Private-key (symmetric) cryptography relies on establishing a known secret between A and B before they can communicate. The term symmetric describes the fact that the information known to A and B is the same, namely the private key. We have seen an example of a private-key system, advanced eneryption standard (AES), in chapter 1. What if, as often happens in practice, it is infeasible for A and B to have a prearranged secret? In the development of cryptography it became apparent that a mechanism for A and B to agree upon a private key over an insecure channel would be important.

The area of cryptography devoted to the ways Alice and Bob can share information without a prearranged secret is called public-key (or asymmetric) cryptography. The term public key refers to the fact that in all current systems, some public piece of information...

## Keywords

Elliptic Curve Finite Field Elliptic Curf Hyperelliptic Curve Discrete Logarithm Problem
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

## References

1. 1.
A. O. L. Atkin. The number of points on an elliptic curve modulo a prime, Series of emails to the NMBRTHRY mailing list, 1992Google Scholar
2. 2.
D. J. Bernstein and T. Lange. Elliptic vs. hyperelliptic, (parts 1 and 2), talks at ECC-06Google Scholar
3. 3.
I. Blake, G. Seroussi, and N. Smart. Elliptic Curves in Cryptography, London Mathematical Society Lecture Note Series, Cambridge University Press, 1999Google Scholar
4. 4.
I. Blake, G. Seroussi, and N. Smart. Advances in Elliptic Curve Cryptography, London Mathematical Society Lecture Note Series, Cambridge University Press, 2004Google Scholar
5. 5.
D. G. Cantor. Computing in the Jacobian of a hyperelliptic curve. In: Mathematics of Computation, 48(177): 95–101, 1987
6. 6.
H. Cohen. A Course in Computational Algebraic Number Theory, Graduate Texts in Mathematics 138, 1993Google Scholar
7. 7.
J. Denef and F. Vercauteren. An extension of Kedlaya’s algorithm to Artin-Schreier curves in characteristic $$2$$, in ANTS-V, 2002Google Scholar
8. 8.
C. Diem. The GHS attack in odd characteristic, Journal of Ramanujan Mathematical Society 18(1): 1–32, 2003
9. 9.
C. Diem and E. Thomé. “Index calculus attacks in class groups of non-hyperelliptic curves of genus three”, Journal of Mathematical Cryptology 2, to appear, 2008Google Scholar
10. 10.
W. Diffie and M. E. Hellman. New directions in cryptography, IEEE Transaction Information Theory, IT-22, 6: 644–654, 1976Google Scholar
11. 11.
N. Elkies. Elliptic and modular curves over finite fields and related computational issues In: Computational Perspectives on Number Theory, 21–76, 1998Google Scholar
12. 12.
A. Enge. Elliptic Curves and Their Applications to Cryptography, An Introduction, Kluwer Academic Publishers 1999Google Scholar
13. 13.
X. Fan, T. Wollinger, and Y. Wang. Inversion-Free Arithmetic on Genus 3 Hyperelliptic Curves and Its Implementations, International Conference on Information Technology: Coding and Computing - ITCC, April 11–13, 2005Google Scholar
14. 14.
M. Fouquet, P. Gaudry, and R. Harley. On Satoh’s algorithm and its implementation, Journal of Ramanujan Mathematical Society 15: 281–318, 2000
15. 15.
G. Frey. How to disguise an elliptic curve, talk at ECC ’98, 1998Google Scholar
16. 16.
G. Frey and H. Rück. A remark concerning $$m$$-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation, 62(206): 865–874 (1994)Google Scholar
17. 17.
S. Galbraith. Limitations of constructive Weil descent. In: Public-Key Cryptography and Computational Number Theory, 59–70, de Gruyter, 2000Google Scholar
18. 18.
S. Galbraith. “Supersingular curves in cryptography”, LNCS 2248: 200–217, 2002
19. 19.
P. Gaudry. Fast genus $$2$$ arithmetic based on theta functions, Journal of Mathematical Cryptology, 1: 243–266, 2007
20. 20.
P. Gaudry. F. Hess, and N. Smart, Constructive and destructive facets of Weil descent on elliptic curves. Journal of Mathematical Cryptology, 2000Google Scholar
21. 21.
N. Gura. A. Patel, A. Wander, H. Eberle, and S. Shantz, Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs, CHES2004, Cambridge (Boston), 2004Google Scholar
22. 22.
R. Harley. Fast Arithmetic on Genus Two Curves, http://cristal.inria.fr/ $$\sim$$harley/ hyper/, (2000)
23. 23.
M. Jacobson, N. Koblitz, J. Silverman, A. Stein, and E. Teske. Analysis of the xedni calculus attack. Designs, Codes, and Cryptography, 20(1): 41–64, 2000
24. 24.
M. Jacobson, A. Menezes, and A. Stein. “Solving elliptic curve discrete logarithm problems using Weil descent”, Journal of Ramanujan Mathematical Society 16(3): 231–260, 2001
25. 25.
K. Kedlaya. “Counting points on hyperelliptic curves using Monsky-Washnitzer cohomology”, Journal of Ramanujan Mathematical Society 16: 323–338, 2001
26. 26.
N. Koblitz. Elliptic curve cryptosystems. In: Mathematics of Computation 48: 203–209, 1987
27. 27.
N. Koblitz. Hyperelliptic cryptosystems. Journal of Mathematical Cryptology 1: 139–150, 1989
28. 28.
J. Kuroki, M. Gonda, K. Matsuo, J. Chao, and S. Tsujii. Fast Genus Three Hyperelliptic Curve Cryptosystems. In Proceedings of SCIS, 2002Google Scholar
29. 29.
T. Lange. Efficient Arithmetic on Hyperelliptic Curves, PhD Thesis. Universitat-Gesamthochschule Essen, 2001
30. 30.
T. Lange. Weighted Coordinates on Genus 2 Hyperelliptic Curves. Cryptology ePrint Archive, Report 2002/153, 2002Google Scholar
31. 31.
T. Lange. Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves. Preprint, 2002Google Scholar
32. 32.
T. Lange, C. Günther, and A. Stein. Speeding up the arithmetic on hyperelliptic Koblitz curves of genus $$2$$, SAC 2001, LNCS 2012, Springer 106–117, 2001Google Scholar
33. 33.
A. Lauder and D. Wan. Computing zeta functions of Artin-Schreier curves over finite fields, London Math Soc. JCM 5: 34–55, 2002
34. 34.
K. Matsuo J. Chao, and S. Tsujii. Fast Genus Two Hyperelliptic Curve Cryptosystems, Proc. Second Int’l Symp. Electronic Commerce (ISEC 2001), 2001Google Scholar
35. 35.
A. Menezes, T. Okamoto, and S. Vanstone. Reducing elliptic curve logarithms to a finite field. IEEE Transaction on Information Theory, 39: 1639–1646, 1993
36. 36.
A. Menezes, Y-H. Wu, and R. Zuccherato. An Elementary Introduction to Hyperelliptic Curves. Technical Report CORR 96-19, Department of Combinatorics and Optimization, University of Waterloo, Ontario, Canada, (1996)Google Scholar
37. 37.
J. F. Mestre. AGM pour le genre 1 et 2, lettre à Gaudry et Harley, Dec 2000Google Scholar
38. 38.
V. Miller. Use of elliptic curves in cryptography, CRYPTO 85, 1985Google Scholar
39. 39.
Y. Miyamoto, H. Doi, K. Matsuo, J. Chao, and S. Tsuji. A Fast Addition Algorithm of Genus Two Hyperelliptic Curve, Proceedings of SCIS 2002, 497–502, in Japanese, 2002Google Scholar
40. 40.
P.van Oorschot and M. Wiener. Parallel collision search with cryptanalytic applications. Journal of Mathematical Cryptology, 12, no. 1, 1–28 1999
41. 41.
J. Pelzl, T. Wollinger, J. Guajardo, and C. Paar. Hyperelliptic curves cryptosystems: closing the performance gap to elliptic curves. Cryptology ePrint Archive, 2003, http://eprint.iacr.org/
42. 42.
J. Pelzl, T. Wollinger, and C. Paar. Low Cost Security: Explicit Formulae for Genus-4 Hyperelliptic Curves, In Tenth Annual Workshop on Selected Areas in Cryptography, 2003Google Scholar
43. 43.
J. Pila. Frobenius maps of abelian varieties and finding roots of unity in finite fields. Mathematics of Computation 55: 745–763, 1990
44. 44.
G. Pohlig and M. Hellman. An improved algorithm for computing logarithms over $$GF(p)$$ and its cryptographic significance. IEEE Transaction on Information Theory, 24: 106–110, 1978
45. 45.
J. Pollard. Monte Carlo methods for index computation mod $$p$$. Mathematics of Computation: 918–924 (1978)Google Scholar
46. 46.
R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21 (2): 120–126, 1978
47. 47.
T. Satoh and K. Araki. Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, Comm. Math. Univ. Sancti Pauli, 47(1): 81–92, 1998Google Scholar
48. 48.
T. Satoh. The canonical lift of an ordinary elliptic curve over a finite field and its point counting, Journal of Ramanujan Mathematical Society. 15: 247–270, 2000
49. 49.
T. Satoh, B. Skjernaa, and Y. Taguchi. Fast computation of canonical lifts of elliptic curves and its application to point counting, Finite Fields and Their Applications 9: 89–101, 2003
50. 50.
R. Schoof. Elliptic curves over finite fields and the computation of square roots mod $$p$$, Mathematics of Computation 44: 483–494, 1985
51. 51.
I. A. Semaev. Evaluation of discrete logarithms in a group of $$p$$-torsion points of an elliptic curve in characteristic $$p$$, 67(221): 353–356, 1998Google Scholar
52. 52.
V. Shoup. Lower bounds for discrete logarithms and related problems. In Proc. Eurocrypt ’97, pp. 256–266, 1997Google Scholar
53. 53.
J. H. Silverman. The arithmetic of elliptic curves. Graduate Texts in Mathematics, vol 106, Springer-Verlag, 1986Google Scholar
54. 54.
J. H. Silverman. The xedni calculus and the elliptic curve discrete logarithm problem. Designs, Codes, and Cryptography, 20: 5–40, 2000
55. 55.
B. Skjernaa. Satoh’s algorithm in characteristic $$2$$. Mathematics of Computation 72: 477–488, 2003
56. 56.
N. Smart. The discrete logarithm on elliptic curves of trace one. Journal of Mathematical Cryptology, 12: 193–206, 1999
57. 57.
A. M. Spallek. Kurven vom Geschlecht 2 und ihre Anwendung in Public-Key-Kryptosystemen, PhD Thesis. Universitat Gesamthochschule Essen, 1994Google Scholar
58. 58.
M. Takahashi. Improving Harley Algorithms for Jacobians of Genus 2 Hyperelliptic Curves, In SCIS, IEICE Japan, 2002. in Japanese.Google Scholar
59. 59.
E. Teske. Speeding up Pollard’s rho method for computing discrete ogarithms. LNCS, 1423: 541–554, 1998
60. 60.
F. Vercauteren. Computing zeta functions of hyperelliptic curves over finite fields of characteristic $$2$$. In “Advances in cryptology - CRYPTO 2002”, LNCS 2442: 369–384, 2002
61. 61.
F. Vercauteren, B. Preneel, and J. Vandewalle, A memory efficient version of Satoh’s algorithm. In “Advances in Cryptology - EUROCRYPT 2001”, LNCS 2045, 1–13 (2001)
62. 62.
T. Wollinger. Software and Hardware Implementation of Hyperelliptic Curve Cryptosystems, Ph.D. Thesis, Ruhr-Universitt Bochum, Germany, July 2004Google Scholar