Nicolas Thériault scite author profile

Abstract. In this article, we examine how the index calculus approach for computing discrete logarithms in small genus hyperelliptic curves can be improved by introducing a double large prime variation. Two algorithms are presented. The first algorithm is a rather natural adaptation of the double large prime variation to the intended context. On heuristic and experimental grounds, it seems to perform quite well but lacks a complete and precise analysis. Our second algorithm is a considerably simplified variant, which can be analyzed easily. The resulting complexity improves on the fastest known algorithms. Computer experiments show that for hyperelliptic curves of genus three, our first algorithm surpasses Pollard's Rho method even for rather small field sizes.

show abstract

Index Calculus Attack for Hyperelliptic Curves of Small Genus

Thériault

2003

View full text Add to dashboard Cite

Abstract. We present a variation of the index calculus attack by Gaudry which can be used to solve the discrete logarithm problem in the Jacobian of hyperelliptic curves. The new algorithm has a running time which is better than the original index calculus attack and the Rho method (and other square-root algorithms) for curves of genus ≥ 3. We also describe another improvement for curves of genus ≥ 4 (slightly slower, but less dependent on memory space) initially mentioned by Harley and used in a number of papers, but never analyzed in details.

show abstract

Ate Pairing on Hyperelliptic Curves

Granger¹,

Heß²,

Oyono³

et al. 2007

View full text Add to dashboard Cite

Abstract. In this paper we show that the Ate pairing, originally defined for elliptic curves, generalises to hyperelliptic curves and in fact to arbitrary algebraic curves. It has the following surprising properties: The loop length in Miller's algorithm can be up to g times shorter than for the Tate pairing, with g the genus of the curve, and the pairing is automatically reduced, i.e. no final exponentiation is needed.

show abstract

Rethinking low genus hyperelliptic Jacobian arithmetic over binary fields: interplay of field arithmetic and explicit formulæ

Avanzi¹,

Thériault²,

Wang

2008

View full text Add to dashboard Cite

In this paper, we present several improvements on the best known explicit formulae for hyperelliptic curves of genus three and four in characteristic two, including the issue of reducing memory requirements.To show the effectiveness of these improvements and to allow a fair comparison of the curves of different genera, we implement all formulae using a highly optimized software library for arithmetic in binary fields. This library was designed to minimize the impact of a whole series of overheads which have a larger significance as the genus of the curves increases. The current state of the art in attacks against the discrete logarithm problem is taken into account for the choice of the field and group sizes. Performance tests are done on two personal computers with very different architectures.Our results can be shortly summarized as follows: Curves of genus three provide performance similar, or better, to that of curves of genus two, and these two types of curves can perform faster than elliptic curves -indeed on some processors often twice as fast. Curves of genus four attain a performance level comparable to elliptic curves. A large choice of curves is therefore available for the deployment of curve-based cryptography, with curves of genus three and four providing their own advantages as larger cofactors can be allowed for the group order.

show abstract

Solving Discrete Logarithms from Partial Knowledge of the Key

Gopalakrishnan

Thériault

Yao

View full text Add to dashboard Cite

Abstract. For elliptic curve based cryptosystems, the discrete logarithm problem must be hard to solve. But even when this is true from a mathematical point of view, side-channel attacks could be used to reveal information about the key if proper countermeasures are not used. In this paper, we study the difficulty of the discrete logarithm problem when partial information about the key is revealed by side channel attacks. We provide algorithms to solve the discrete logarithm problem for generic groups with partial knowledge of the key which are considerably better than using a square-root attack on the whole key or doing an exhaustive search using the extra information, under two different scenarios. In the first scenario, we assume that a sequence of contiguous bits of the key is revealed. In the second scenario, we assume that partial information on the "Square and Multiply Chain" is revealed.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.