Cantor versus Harley: Optimization and analysis of explicit formulae for hyperelliptic curve cryptosystems

IEEE Transactions on Computers

Volumn 54, Issue 7, 2005, Pages 861-872

  Wollinger, Thomas ^a   Pelzl, Jan ^a   Paar, Christof ^a  

^a RUHR UNIVERSITY BOCHUM   (Germany)

Author keywords

Cantor; Efficient implementation; Embedded implementation; Explicit formulae; Harley's algorithm; Hyperelliptic curves

Indexed keywords

ALGORITHMS; COMPUTATIONAL COMPLEXITY; COMPUTER ARCHITECTURE; MICROPROCESSOR CHIPS; POLYNOMIALS; PROBABILITY;

CANTOR ALGORITHM; EFFICIENT IMPLEMENTATION; EMBEDDED IMPLEMENTATION; EXPLICIT FORMULAE; HARLEY ALGORITHM; HYPERELLIPTIC CURVE CRYPTOSYSTEMS (HECC);

PUBLIC KEY CRYPTOGRAPHY;

EID: 23044447217     PISSN: 00189340     EISSN: None     Source Type: Journal    
DOI: 10.1109/TC.2005.109     Document Type: Article

References (71)

1. P. Gaudry and R. Harley, "Counting Points on Hyperelliptic Curves over Finite Fields," Proc. Symp. Algorithmic Number Theory IV, W. Bosma, ed., pp. 297-312, 2000.
2. D. Cantor, "Computing in Jacobian of a Hyperelliptic Curve," Math. Computation, vol. 48, no. 177, pp. 95-101, Jan. 1987.
3. W. Diffie and M.E. Hellman, "New Directions in Cryptography," IEEE Trans. Information Theory, vol. 22, pp. 644-654, 1976.
4. R.L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.
5. N. Koblitz, "Elliptic Curve Cryptosystems," Math. Computation, vol. 48, pp. 203-209, 1987.
6. V. Miller, "Uses of Elliptic Curves in Cryptography," Advances in Cryptology - Proc. CRYPTO '85, H.C. Williams, ed., pp. 417-426, 1986.
7. N. Koblitz, "A Family of Jacobians Suitable for Discrete Log Cryptosystems," Advances in Cryptology - Crypto '88, S. Goldwasser, ed., pp. 94-99, 1988.
8. U. Krieger, "signature.c," Master's thesis, Mathematik und Informatik, Universität Essen, Fachbereich 6, Essen, Germany, Feb. 1997.
9. 2n," Advances in Cryptology - Proc. ASIACRYPT '98, K. Ohta and D. Pei, eds., pp. 80-94, 1998.
10. Y. Sakai, K. Sakurai, and H. Ishizuka, "Secure Hyperelliptic Cryptosystems and Their Performance," Public Key Cryptography: Proc. First Int'l Workshop Practice and Theory in Public Key Cryptography (PKC '98), H. Imai and Y. Zheng, eds., pp. 164-181, 1998.
11. N. Smart, "On the Performance of Hyperelliptic Cryptosystems," Advances in Cryptology - Proc. EUROCRYPT '99, J. Stern, ed., pp. 165-175, 1999.
12. Y. Sakai and K. Sakurai, "On the Practical Performance of Hyperelliptic Curve Cryptosystems in Software Implementation," IEICE Trans. Fundamentals of Electronics, Comm., and Computer Sciences, vol. E83-A, no. 4, pp. 692-703, Apr. 2000.
13. J. Pelzl, "Hyperelliptic Cryptosystems on Embedded Microprocessor," master's thesis, Dept. of Electrical Eng. and Information Sciences, Ruhr-Universitaet Bochum, Bochum, Germany, Sept. 2002.
14. T. Lange, "Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae," Cryptology ePrint Archive, Report 2002/121, 2002, http://eprint.iacr.org/.
15. M. Goda, K. Matsuo, K. Aoki, J. Chao, and S. Tsujii, "Improvements of Addition Algorithm on Gemus 3 Hyperelliptic Curves and Their Implementations," Proc. 2004 Symp. Cryptography and Information Security, Japan (SCIS 2004), Jan. 2004.
16. R.M. Avanzi, "Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2004), M. Joye and J.-J. Quisquater, eds., pp. 148-162, 2004.
17. T. Wollinger, "Computer Architectures for Cryptosystems Based on Hyperelliptic Curves," master's thesis, Electrical and Computer Eng. Dept., Worcester Polytechnic Inst., Worcester, Mass., May 2001.
18. T. Wollinger and C. Paar, "Hardware Architectures Proposed for Cryptosystems Based on Hyperelliptic Curves," Proc. Ninth IEEE Int'l Conf. Electronics, Circuits, and Systems (ICECS 2002), vol. III, pp. 1159-1163, Sept. 2002.
19. N. Boston, T. Clancy, Y. Liow, and J. Webster, "Genus Two Hyperelliptic Curve Coprocessor," Proc. Cryptographic Hardware and Embedded Systems (CHES 2002), B.S. Kaliski, Ç.K. Koç, and C. Paar, eds., pp. 529-539, 2002, updated version available at http://www.cs.umd.edu/clancy/docs/hec-ches2002.pdf.
20. T. Clancy, "Analysis of FPGA-Based Hyperelliptic Curve Crypto-systems," master's thesis, Univ. of Illinois Urbana-Champaign, Dec. 2002.
21. G. Elias, A. Miri, and T.H. Yeap, "High-Performance, FPGA-Based Hyperelliptic Curve Cryptosystems," Proc. 22nd Biennial Symp. Comm., May 2004.
22. H. Kim, T. Wollinger, Y. Choi, K. Chung, and C. Paar, "Hyperelliptic Curve Coprocessors on a FPGA," Proc. Workshop Information Security Applications (WISA), 2004.
23. K. Matsuo, J. Chao, and S. Tsujii, "Fast Genus Two Hyperelliptic Curve Cryptosystems," Proc. Second Int'l Symp. Electronic Commerce (ISEC 2001), 2001.
24. T. Lange, "Efficient Arithmetic on Hyperelliptic Curves," PhD dissertation, Inst. for Experimental Math., Univ. of Essen, Essen, Germany, 2001.
25. Y. Miyamoto, H. Doi, K. Matsuo, J. Chao, and S. Tsuji, "A Fast Addition Algorithm of Genus Two Hyperelliptic Curve," Proc. 2002 Symp. Cryptography and Information Security (SCIS 2002), pp. 497-502, 2002, in Japanese.
26. M. Takahashi, "Improving Harley Algorithms for Jacobians of Genus 2 Hyperelliptic Curves," Proc. Int'l Conf. Cryptography and Information Security, Japan (SCIS), 2002, in Japanese.
27. T. Lange, "Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves," Cryptology ePrint Archive, Report 2002/147, 2002, http://eprint.iacr.org.
28. T. Lange, "Weighted Coordinates on Genus 2 Hyperelliptic Curves," Cryptology ePrint Archive, Report 2002/153, 2002, http://eprint.iacr.org.
29. J. Kuroki, M. Gonda, K. Matsuo, J. Chao, and S. Tsujii, "Fast Genus Three Hyperelliptic Curve Cryptosystems," Proc. 2002 Symp. Cryptography and Information Security, Japan (SCIS 2002), Jan. 2002.
30. J. Pelzl, T. Wollinger, J. Guajardo, and C. Paar, "Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2003), C.D. Walter, Ç.K. Koç, and C. Paar, eds., pp. 349-365, Sept. 2003.
31. J. Pelzl, T. Wollinger, and C. Paar, "High Performance Arithmetic for Special Hyperelliptic Curve Cryptosystems of Genus Two," Proc. Int'l Conf. Information Technology: Coding and Computing (ITCC 2004), Apr. 2004.
32. D. Mumford, "Tata Lectures on Theta II," Prog. Math., vol. 43, 1984.
33. K. Nagao, "Improving Group Law Algorithms for Jacobians of Hyperelliptic Curves," Proc. Algorithmic Number Theory Symp. IV, W. Bosma, ed., pp. 439-448, 2000.
34. A. Karatsuba and Y. Ofman, "Multiplication of Multidigit Numbers on Automata," Sov. Phys. Dokl. (English translation), vol. 7, no. 7, pp. 595-596, 1963.
35. H. Sugizaki, K. Matsuo, J. Chao, and S. Tsujii, "An Extension of Harley Addition Algorithm for Hyperelliptic Curves over Finite Fields of Characteristic Two," Technical Report ISEC2002-9, IEICE Japan, May 2002.
36. T. Lange, "Formulae for Arithmetic on Genus 2 Hyperelliptic Curves," J. Applied Algebra, Algebraic Algorithms, and Error Correcting Codes, Sept. 2003.
37. R. Harley, "Fast Arithmetic on Genus Two Curves," http://cristal.inria.fr/harley/hyper/, 2000.
38. N. Koblitz, "Hyperelliptic Cryptosystems," J. Cryptology, vol. 1, no. 3, pp. 129-150, 1989.
39. N. Koblitz, Algebraic Aspects of Cryptography, first ed. Berlin: Springer-Verlag, 1998.
40. A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography. Boca Raton, Fla.: CRC Press, 1997.
41. D.M. Gordon, "A Survey of Fast Exponentiation Methods," J. Algorithms, vol. 27, pp. 129-146, 1998.
42. R. Gallant, R. Lambert, and S. Vanstone, "Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves," http://www.certicom.com/chal/download/paper.ps, 1998.
43. J.M. Pollard, "Monte Carlo Methods for Index Computation mod p," Math. Computation, vol. 32, no. 143, pp. 918-924, July 1978.
44. D.H. Wiedemann, "Solving Sparse Linear Equations over Finite Fields," IEEE Trans. Information Theory, vol. 32, no. 1, pp. 54-62, Jan. 1986.
45. G. Frey and H.-G. Rück, "A Remark Concerning m-Divisibility and the Discrete Logarithm in the Divisor Class Group of Curves," Math. Computation, vol. 62, no. 206, pp. 865-874, Apr. 1994.
46. H.-G. Rück, "On the Discrete Logarithm in the Divisor Class Group of Curves," Math. Computation, vol. 68, no. 226, pp. 805-806, 1999.
47. L. Adlemann, J. DeMarrais, and M.-D. Huang, "A Subexponential Algorithm for Discrete Logarithms over the Rational Subgroup of the Jacobians of Large Genus Hyperelliptic Curves over Finite Fields," Proc. First Int'l Symp. Algorithmic Number Theory (ANTS-I), L. Adleman and M.-D. Huang, eds., pp. 28-40, May 1994.
48. R. Flassenberg and S. Paulus, "Sieving in Function Fields," ftp://ftp.informatik.tu-darmstadt.de/pub/TI/TR/TI-97-13.rafla.ps.gz, 1997, preprint.
49. P. Gaudry, "Algorithmique des Courbes Hyperelliptiques et Applications à la Cryptologie," PhD dissertation, France, 2000.
50. P. Gaudry, "An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves," Advances in Cryptology - Proc. EUROCRYPT 2000, B. Preneel, ed., pp. 19-34, 2000.
51. A. Enge and P. Gaudry, "A General Framework for Subexponential Discrete Logarithm Algorithms," Acta Arithmetica, vol. 102, pp. 83-103, 2002.
52. N. Thériault, "Index Calculus Attack for Hyperelliptic Curves of Small Genus," Advances in Cryptology - Proc. ASIACRYPT '03, G. Goos, J. Hartmanis, and J. van Leeuwen, eds., pp. 79-92, 2003.
53. S. Galbraith, "Supersingular Curves in Cryptography," Advances in Cryptology - Proc. ASIACRYPT '03, C. Boyd, ed., pp. 495-517, 2001.
54. J. Scholten and J. Zhu, "Hyperelliptic Curves in Characteristic 2," Int'l Math. Research Notices, vol. 2002, no. 17, pp. 905-917, 2002.
55. D. Subrao, "The p-Rank of Artin-Schreier Curves," Manuscripta Math., vol. 16, pp. 169-193, 1975.
56. R.M. Avanzi, "Countermeasures against Differential Power Analysis for Hyperelliptic Curve Cryptosystems," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 2003), C.D. Walter, Ç.K. Koç, and C. Paar, eds., pp. 366-381, 2003.
57. G. Frey, "How to Disguise an Elliptic Curve," Talk at ECC 1998, 1998, http://cacr.math.uwaterloo.ca/conferences/1998/ecc98/ slides.html.
58. P. Gaudry, F. Hess, and N.P. Smart, "Constructive and Destructive Facets of Weil Descent on Elliptic Curves," J. Cryptology, vol. 15, no. 1, pp. 19-46, 2002.
59. n)," Proc. Asiacrypt '96, pp. 65-76, 1996.
60. J. Guajardo and C. Paar, "Efficient Algorithms for Elliptic Curve Cryptosystems," Advances in Cryptology - Proc. CRYPTO '97, B. Kaliski, ed., pp. 342-356, Aug. 1997.
61. H. Cohen, A Course in Computational Algebraic Number Theory. Berlin: Springer-Verlag, 1993, third corrected printing 1996.
62. D.E. Knuth, The Art of Computer Programming: Volume 2: Seminumerical Algorithms, second ed. Reading, Mass.: Addison-Wesley, 1981.
63. A. Lempel, G. Seroussi, and S. Winograd, "On the Complexity of Multiplication in Finite Fields," Theoretical Computer Science, vol. 22, pp. 285-296, 1983.
64. S. Winograd, "Some Bilinear Forms Whose Multiplicative Complexity Depends on the Field of Constants," Math. Systems Theory, vol. 10, pp. 169-180, 1977.
65. D.J. Bernstein, "Multidigit Multiplication for Mathematicians," Advances in Applied Math., 2001, http://cr.yp.to/papers.html.
66. A. Weimerskirch and C. Paar, "Generalizations of the Karatsuba Algorithm for Polynomail Multiplication," technical report, Ruhr-Univ. Bochum, Germany, 2003, http://www.crypto.rub.de/Publikationen/ texte/kaweb.pdf.
67. J. von zur Gathen and J. Gerhard, Modern Computer Algebra. Cambridge Univ. Press, 1999.
68. M. Stevens and T. Lange, "Arithmetic on Hyperelliptic Curves of Genus 1 and 2," http://www.crypto.rub.de/ge/seminar, HGI Seminar, 2004.
69. M. Stevens and T. Lange, "Efficient Doubling on Genus Two Curves over Binary Fields," Proc. 11th Ann. Workshop Selected Areas in Cryptography, Aug. 2004.
70. V. Shoup, "NTL: A Library for Doing Number Theory (version 5.0c)," 2001, http://www.shoup.net/ntl/index.html.
71. T. Wollinger, J. Pelzl, V. Wittelsberger, C. Paar, G. Saldamli, and Ç.K. Koç, "Elliptic & Hyperelliptic Curves on Embedded μP," ACM Trans. Embedded Computing Systems (TECS), special issue on embedded systems and security, 2004.