Elliptic and Hyperelliptic Curve Cryptography

  • Nigel Boston
  • Matthew Darnall


Suppose two parties, Alice (A) and Bob (B), want to send messages between themselves without an eavesdropper Eve (E) reading the messages. Private-key (symmetric) cryptography relies on establishing a known secret between A and B before they can communicate. The term symmetric describes the fact that the information known to A and B is the same, namely the private key. We have seen an example of a private-key system, advanced eneryption standard (AES), in chapter 1. What if, as often happens in practice, it is infeasible for A and B to have a prearranged secret? In the development of cryptography it became apparent that a mechanism for A and B to agree upon a private key over an insecure channel would be important.

The area of cryptography devoted to the ways Alice and Bob can share information without a prearranged secret is called public-key (or asymmetric) cryptography. The term public key refers to the fact that in all current systems, some public piece of information...


Elliptic Curve Finite Field Elliptic Curf Hyperelliptic Curve Discrete Logarithm Problem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    A. O. L. Atkin. The number of points on an elliptic curve modulo a prime, Series of emails to the NMBRTHRY mailing list, 1992Google Scholar
  2. 2.
    D. J. Bernstein and T. Lange. Elliptic vs. hyperelliptic, (parts 1 and 2), talks at ECC-06Google Scholar
  3. 3.
    I. Blake, G. Seroussi, and N. Smart. Elliptic Curves in Cryptography, London Mathematical Society Lecture Note Series, Cambridge University Press, 1999Google Scholar
  4. 4.
    I. Blake, G. Seroussi, and N. Smart. Advances in Elliptic Curve Cryptography, London Mathematical Society Lecture Note Series, Cambridge University Press, 2004Google Scholar
  5. 5.
    D. G. Cantor. Computing in the Jacobian of a hyperelliptic curve. In: Mathematics of Computation, 48(177): 95–101, 1987MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    H. Cohen. A Course in Computational Algebraic Number Theory, Graduate Texts in Mathematics 138, 1993Google Scholar
  7. 7.
    J. Denef and F. Vercauteren. An extension of Kedlaya’s algorithm to Artin-Schreier curves in characteristic \(2\), in ANTS-V, 2002Google Scholar
  8. 8.
    C. Diem. The GHS attack in odd characteristic, Journal of Ramanujan Mathematical Society 18(1): 1–32, 2003MATHMathSciNetGoogle Scholar
  9. 9.
    C. Diem and E. Thomé. “Index calculus attacks in class groups of non-hyperelliptic curves of genus three”, Journal of Mathematical Cryptology 2, to appear, 2008Google Scholar
  10. 10.
    W. Diffie and M. E. Hellman. New directions in cryptography, IEEE Transaction Information Theory, IT-22, 6: 644–654, 1976Google Scholar
  11. 11.
    N. Elkies. Elliptic and modular curves over finite fields and related computational issues In: Computational Perspectives on Number Theory, 21–76, 1998Google Scholar
  12. 12.
    A. Enge. Elliptic Curves and Their Applications to Cryptography, An Introduction, Kluwer Academic Publishers 1999Google Scholar
  13. 13.
    X. Fan, T. Wollinger, and Y. Wang. Inversion-Free Arithmetic on Genus 3 Hyperelliptic Curves and Its Implementations, International Conference on Information Technology: Coding and Computing - ITCC, April 11–13, 2005Google Scholar
  14. 14.
    M. Fouquet, P. Gaudry, and R. Harley. On Satoh’s algorithm and its implementation, Journal of Ramanujan Mathematical Society 15: 281–318, 2000MATHMathSciNetGoogle Scholar
  15. 15.
    G. Frey. How to disguise an elliptic curve, talk at ECC ’98, 1998Google Scholar
  16. 16.
    G. Frey and H. Rück. A remark concerning \(m\)-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation, 62(206): 865–874 (1994)Google Scholar
  17. 17.
    S. Galbraith. Limitations of constructive Weil descent. In: Public-Key Cryptography and Computational Number Theory, 59–70, de Gruyter, 2000Google Scholar
  18. 18.
    S. Galbraith. “Supersingular curves in cryptography”, LNCS 2248: 200–217, 2002MathSciNetGoogle Scholar
  19. 19.
    P. Gaudry. Fast genus \(2\) arithmetic based on theta functions, Journal of Mathematical Cryptology, 1: 243–266, 2007MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    P. Gaudry. F. Hess, and N. Smart, Constructive and destructive facets of Weil descent on elliptic curves. Journal of Mathematical Cryptology, 2000Google Scholar
  21. 21.
    N. Gura. A. Patel, A. Wander, H. Eberle, and S. Shantz, Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs, CHES2004, Cambridge (Boston), 2004Google Scholar
  22. 22.
    R. Harley. Fast Arithmetic on Genus Two Curves, \(\sim\)harley/ hyper/, (2000)
  23. 23.
    M. Jacobson, N. Koblitz, J. Silverman, A. Stein, and E. Teske. Analysis of the xedni calculus attack. Designs, Codes, and Cryptography, 20(1): 41–64, 2000MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    M. Jacobson, A. Menezes, and A. Stein. “Solving elliptic curve discrete logarithm problems using Weil descent”, Journal of Ramanujan Mathematical Society 16(3): 231–260, 2001MATHMathSciNetGoogle Scholar
  25. 25.
    K. Kedlaya. “Counting points on hyperelliptic curves using Monsky-Washnitzer cohomology”, Journal of Ramanujan Mathematical Society 16: 323–338, 2001MATHMathSciNetGoogle Scholar
  26. 26.
    N. Koblitz. Elliptic curve cryptosystems. In: Mathematics of Computation 48: 203–209, 1987MATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    N. Koblitz. Hyperelliptic cryptosystems. Journal of Mathematical Cryptology 1: 139–150, 1989MATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    J. Kuroki, M. Gonda, K. Matsuo, J. Chao, and S. Tsujii. Fast Genus Three Hyperelliptic Curve Cryptosystems. In Proceedings of SCIS, 2002Google Scholar
  29. 29.
    T. Lange. Efficient Arithmetic on Hyperelliptic Curves, PhD Thesis. Universitat-Gesamthochschule Essen, 2001MATHGoogle Scholar
  30. 30.
    T. Lange. Weighted Coordinates on Genus 2 Hyperelliptic Curves. Cryptology ePrint Archive, Report 2002/153, 2002Google Scholar
  31. 31.
    T. Lange. Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves. Preprint, 2002Google Scholar
  32. 32.
    T. Lange, C. Günther, and A. Stein. Speeding up the arithmetic on hyperelliptic Koblitz curves of genus \(2\), SAC 2001, LNCS 2012, Springer 106–117, 2001Google Scholar
  33. 33.
    A. Lauder and D. Wan. Computing zeta functions of Artin-Schreier curves over finite fields, London Math Soc. JCM 5: 34–55, 2002MATHMathSciNetGoogle Scholar
  34. 34.
    K. Matsuo J. Chao, and S. Tsujii. Fast Genus Two Hyperelliptic Curve Cryptosystems, Proc. Second Int’l Symp. Electronic Commerce (ISEC 2001), 2001Google Scholar
  35. 35.
    A. Menezes, T. Okamoto, and S. Vanstone. Reducing elliptic curve logarithms to a finite field. IEEE Transaction on Information Theory, 39: 1639–1646, 1993MATHCrossRefMathSciNetGoogle Scholar
  36. 36.
    A. Menezes, Y-H. Wu, and R. Zuccherato. An Elementary Introduction to Hyperelliptic Curves. Technical Report CORR 96-19, Department of Combinatorics and Optimization, University of Waterloo, Ontario, Canada, (1996)Google Scholar
  37. 37.
    J. F. Mestre. AGM pour le genre 1 et 2, lettre à Gaudry et Harley, Dec 2000Google Scholar
  38. 38.
    V. Miller. Use of elliptic curves in cryptography, CRYPTO 85, 1985Google Scholar
  39. 39.
    Y. Miyamoto, H. Doi, K. Matsuo, J. Chao, and S. Tsuji. A Fast Addition Algorithm of Genus Two Hyperelliptic Curve, Proceedings of SCIS 2002, 497–502, in Japanese, 2002Google Scholar
  40. 40.
    P.van Oorschot and M. Wiener. Parallel collision search with cryptanalytic applications. Journal of Mathematical Cryptology, 12, no. 1, 1–28 1999MATHCrossRefGoogle Scholar
  41. 41.
    J. Pelzl, T. Wollinger, J. Guajardo, and C. Paar. Hyperelliptic curves cryptosystems: closing the performance gap to elliptic curves. Cryptology ePrint Archive, 2003,
  42. 42.
    J. Pelzl, T. Wollinger, and C. Paar. Low Cost Security: Explicit Formulae for Genus-4 Hyperelliptic Curves, In Tenth Annual Workshop on Selected Areas in Cryptography, 2003Google Scholar
  43. 43.
    J. Pila. Frobenius maps of abelian varieties and finding roots of unity in finite fields. Mathematics of Computation 55: 745–763, 1990MATHCrossRefMathSciNetGoogle Scholar
  44. 44.
    G. Pohlig and M. Hellman. An improved algorithm for computing logarithms over \(GF(p)\) and its cryptographic significance. IEEE Transaction on Information Theory, 24: 106–110, 1978MATHCrossRefMathSciNetGoogle Scholar
  45. 45.
    J. Pollard. Monte Carlo methods for index computation mod \(p\). Mathematics of Computation: 918–924 (1978)Google Scholar
  46. 46.
    R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21 (2): 120–126, 1978MATHCrossRefMathSciNetGoogle Scholar
  47. 47.
    T. Satoh and K. Araki. Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, Comm. Math. Univ. Sancti Pauli, 47(1): 81–92, 1998Google Scholar
  48. 48.
    T. Satoh. The canonical lift of an ordinary elliptic curve over a finite field and its point counting, Journal of Ramanujan Mathematical Society. 15: 247–270, 2000MATHMathSciNetGoogle Scholar
  49. 49.
    T. Satoh, B. Skjernaa, and Y. Taguchi. Fast computation of canonical lifts of elliptic curves and its application to point counting, Finite Fields and Their Applications 9: 89–101, 2003MATHCrossRefMathSciNetGoogle Scholar
  50. 50.
    R. Schoof. Elliptic curves over finite fields and the computation of square roots mod \(p\), Mathematics of Computation 44: 483–494, 1985MATHMathSciNetGoogle Scholar
  51. 51.
    I. A. Semaev. Evaluation of discrete logarithms in a group of \(p\)-torsion points of an elliptic curve in characteristic \(p\), 67(221): 353–356, 1998Google Scholar
  52. 52.
    V. Shoup. Lower bounds for discrete logarithms and related problems. In Proc. Eurocrypt ’97, pp. 256–266, 1997Google Scholar
  53. 53.
    J. H. Silverman. The arithmetic of elliptic curves. Graduate Texts in Mathematics, vol 106, Springer-Verlag, 1986Google Scholar
  54. 54.
    J. H. Silverman. The xedni calculus and the elliptic curve discrete logarithm problem. Designs, Codes, and Cryptography, 20: 5–40, 2000MATHCrossRefGoogle Scholar
  55. 55.
    B. Skjernaa. Satoh’s algorithm in characteristic \(2\). Mathematics of Computation 72: 477–488, 2003MATHCrossRefMathSciNetGoogle Scholar
  56. 56.
    N. Smart. The discrete logarithm on elliptic curves of trace one. Journal of Mathematical Cryptology, 12: 193–206, 1999MATHCrossRefMathSciNetGoogle Scholar
  57. 57.
    A. M. Spallek. Kurven vom Geschlecht 2 und ihre Anwendung in Public-Key-Kryptosystemen, PhD Thesis. Universitat Gesamthochschule Essen, 1994Google Scholar
  58. 58.
    M. Takahashi. Improving Harley Algorithms for Jacobians of Genus 2 Hyperelliptic Curves, In SCIS, IEICE Japan, 2002. in Japanese.Google Scholar
  59. 59.
    E. Teske. Speeding up Pollard’s rho method for computing discrete ogarithms. LNCS, 1423: 541–554, 1998MathSciNetGoogle Scholar
  60. 60.
    F. Vercauteren. Computing zeta functions of hyperelliptic curves over finite fields of characteristic \(2\). In “Advances in cryptology - CRYPTO 2002”, LNCS 2442: 369–384, 2002MathSciNetGoogle Scholar
  61. 61.
    F. Vercauteren, B. Preneel, and J. Vandewalle, A memory efficient version of Satoh’s algorithm. In “Advances in Cryptology - EUROCRYPT 2001”, LNCS 2045, 1–13 (2001)MathSciNetGoogle Scholar
  62. 62.
    T. Wollinger. Software and Hardware Implementation of Hyperelliptic Curve Cryptosystems, Ph.D. Thesis, Ruhr-Universitt Bochum, Germany, July 2004Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  1. 1.University of Wisconsin

Personalised recommendations