Available in electronic format
Available in print format		 Mathematics of Computation
Journal of the American Mathematical Society
ISSN 1088-6842(e) ISSN 0025-5718(p)
Previous issue | Table of contents | Next issue
Articles in press | Recently posted articles | Most recent issue | All issues
Previous Article | Next Article
     

A generic approach to searching for Jacobians

Author(s): Andrew V. Sutherland.
Journal: Math. Comp. 78 (2009), 485-507.
MSC (2000): Primary 11G20, 11Y16; Secondary 11M38, 14G50
Posted: May 20, 2008
Retrieve article in: PDF

Abstract | References | Similar articles | Additional information

Abstract: We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and $ O(N^{1/12})$ in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over $ 180$ bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over $ \mathbb{F}_{p^2}$ and trace zero varieties over $ \mathbb{F}_{p^3}$ with near-prime orders up to 372 bits in size. For $ p = 2^{61}-1$, the average time to find a group with 244-bit near-prime order is under an hour on a PC.

References:

1.
Eric Bach and René Peralta, Asymptotic semismoothness probabilities, Mathematics of Computation 65 (1996), 1701-1715. MR 1370848 (98a:11123)

2.
Abdolali Basiri, Andreas Enge, Jean-Charles Faugère, and Nicolas Gürel, Implementing the arithmetic of $ C_{3,4}$ curves, Algorithmic Number Theory Symposium-ANTS VI, Lecture Notes in Computer Science, vol. 3076, Springer-Verlag, 2004, pp. 87-101. MR 2137346 (2006a:14101)

3.
Abdolali Basiri, Andreas Enge, Jean-Charles Faugère, and Nicolas Gürel, The arithmetic of Jacobian groups of superelliptic cubics, Mathematics of Computation 74 (2004), no. 249, 389-410. MR 2085899 (2005f:11126)

4.
Daniel J. Bernstein, Elliptic vs. hyperelliptic, part 1, 2006, Talk given at ECC 2006, http://cr.yp.to/talks/2006.09.20/slides.pdf.

5.
Alin Bostan, Pierrick Gaudry, and Eric Schost, Linear recurrences with polynomial coefficients and application to integer factorization and Cartier-Manin operator, SIAM Journal on Computing 36 (2007), no. 6, 1777-1806. MR 2299425 (2008a:11156)

6.
Johannes Buchmann, Michael J. Jacobson, Jr., and Edlyn Teske, On some computational problems in finite abelian groups, Mathematics of Computation 66 (1997), 1663-1687. MR 1432126 (98a:11185)

7.
Johannes Buchmann and Arthur Schmidt, Computing the structure of a finite abelian group, Mathematics of Computation 74 (2005), 2017-2026. MR 2164109 (2006c:20108)

8.
E. Canfield, P. Erdös, and C. Pomerance, On a problem of Oppenheim concerning ``factorisatio numerorum'', Journal of Number Theory 17 (1983), 1-28. MR 712964 (85j:11012)

9.
David G. Cantor, Computing in the Jacobian of a hyperelliptic curve, Mathematics of Computation 48 (1987), no. 177, 95-101. MR 866101 (88f:11118)

10.
Henri Cohen, A course in computational algebraic number theory, Springer, 1996. MR 1228206 (94i:11105)

11.
Henri Cohen, Gerhard Frey, Roberto Avanzi, Christophe Doche, Tanja Lange, Kim Nguyen, and Frederik Vercauteren, Handbook of elliptic and hyperelliptic curve cryptography, Chapman and Hall, 2006. MR 2162716 (2007f:14020)

12.
Certicom Corporation, Certicom ECC challenge, 1997, see http://www.certicom.com.

13.
K. Dickman, On the frequency of numbers containing prime factors of a certain relative magnitude, Arkiv för Mathematik, Astronomi, och Fysik, 22A 10 (1930), 1-14.

14.
Claus Diem, The GHS attack in odd characteristic, Journal of the Ramanujan Mathematical Society 18 (2003), no. 1, 1-32. MR 1966526 (2004a:14030)

15.
-, An index calculus algorithm for plane curves of small degree, Algorithm Number Theory Symposium-ANTS VII, Lecture Notes in Computer Science, vol. 4076, 2006, pp. 543-557. MR 2282948 (2008b:11128)

16.
Claus Diem and Jasper Scholten, Cover attacks: A report for the AREHCC project, 2003, http://www.math.uni-leipzig.de/~diem/preprints/cover-attacks.pdf.

17.
Noam D. Elkies, Elliptic and modular curves over finite fields and related computational issues, Computational perspectives in number theory: Proceedings of a conference in honor of A.O.L. Atkin (D.A. Buell and J.T. Teitelbaum, eds.), AMS, 1998, pp. 21-76. MR 1486831 (99a:11078)

18.
Andreas Enge, Computing discrete logarithms in high-genus hyperelliptic Jacobians in provably subexponential time, Mathematics of Computation 71 (2002), no. 238, 729-742. MR 1885624 (2003b:68083)

19.
Stéphane Flon and Roger Oyono, Fast arithmetic on Jacobians of Picard curves, Public Key Cryptography-PKC 2004, Lecture Notes in Computer Science, vol. 2947, 2004, pp. 55-68.

20.
Stéphane Flon, Roger Oyono, and Christophe Ritzenhaler, Fast addition on non-hyperelliptic genus $ 3$ curves, Tech. Report CACR 2007-19, Center for Applied Cryptographic Research at the University of Waterloo, 2007.

21.
Gerhard Frey, Applications of arithmetical geometry to cryptographic applications, 1998 Finite Fields and Applications Conference, Berlin, 2001, pp. 128-161. MR 1849086 (2002h:11136)

22.
E. Furukawa, M. Kawazoe, and T. Takahashi, Counting points on the Jacobian variety of a hyperelliptic curve defined by $ y^2 = x^5+ax$ over a prime field, Selected Areas in Cryptography 2003, Lecture Notes in Computer Science, vol. 3006, 2004, pp. 26-41. MR 2094719 (2006a:11078)

23.
P. Gaudry, F. Hess, and N. Smart, Constructive and destructive facets of Weil descent on elliptic curves., Journal of Cryptology 15 (2002), no. 1, 19-46. MR 1880933 (2003b:14032)

24.
P. Gaudry, E. Thomé, N. Thériault, and C. Diem, A double large prime variation for small genus hyperelliptic index calculus, Mathematics of Computation 76 (2007), no. 257, 475-492. MR 2261032 (2007j:11174)

25.
Pierrick Gaudry, Index calculus for abelian varieties and the elliptic curve discrete logarithm problem, Cryptology ePrint Archive, Report 2004/073, 2004, http://eprint.iacr.org/.

26.
-, Fast genus $ 2$ arithmetic based on Theta functions, 2005, to appear in Journal of Mathematical Cryptology, http://www.loria.fr/~gaudry/publis/arithKsurf.ps.gz.

27.
Pierrick Gaudry and Éric Schost, Construction of secure random curves of genus $ 2$ over prime fields, Advances in Cryptology-EUROCRYPT 2004, Lecture Notes in Computer Science, vol. 3027, Springer-Verlag, 2004, pp. 239-256. MR 2153176 (2006d:11152)

28.
Pierrick Gaudry and Nicolas Gürel, Counting points in medium characteristic using Kedlaya's algorithm, Experimental Mathematics 12 (2003), 395-402. MR 2043990 (2005b:11084)

29.
Torbjörn Granlund et al., GNU multiple precision arithmetic library 4.2.1, May 2006, http://swox.com/gmp/.

30.
David Harvey, Kedlaya's algorithm in larger characteristic, International Mathematical Research Notices (2007).

31.
Kiran Kedlaya, Counting points on hyperelliptic curves using Monsky-Washnitzer cohomology, Journal of the Ramanujan Mathematical Society 16 (2001), 332-338. MR 1877805 (2002m:14019)

32.
-, Computing zeta functions via $ p$-adic cohomology, Algorithmic Number Theory Symposium-ANTS VI, Lecture Notes in Computer Science, vol. 3076, Springer, 2004, pp. 1-17. MR 2137340 (2006a:14033)

33.
Kamal Khuri-Makdisi, Asymptotically fast group operations on Jacobians of general curves, Mathematics of Computation 76 (2007), 2213-2239. MR 2336292

34.
Donald E. Knuth, The art of computer programming, volume III: Sorting and searching, second ed., Addison-Wesley, 1998. MR 0378456 (51:14624)

35.
Neal Koblitz, Algebraic aspects of cryptography, Springer, 1998. MR 1610535 (2000a:94012)

36.
Tanja Lange, Trace zero subvarieties of genus $ 2$ curves for cryptosystems, J. Ramanujan Mathematical Society 19 (2004), no. 1, 15-33. MR 2054607 (2006b:94034)

37.
-, Formulae for arithmetic on genus $ 2$ hyperelliptic curves, Applicable Algebra in Engineering, Communication and Computing 15 (2005), no. 5, 295-328. MR 2122308 (2005j:14082)

38.
Tanja Lange (Ed.), Open problems in implementation and application, Tech. Report D.VAM.6, revision 1.4, ECRYPT, European Network of Excellence in Cryptology, 2006.

39.
H. W. Lenstra, Jr., Factoring integers with elliptic curves, Annals of Mathematics 126 (1987), 649-673. MR 916721 (89g:11125)

40.
Dino Lorenzini, An invitation to arithmetic geometry, Graduate Studies in Mathematics, vol. 9, American Mathematical Society, 1996. MR 1376367 (97e:14035)

41.
Kazuto Matsuo, Jinhui Chao, and Shigeo Tsujii, An improved baby step giant step algorithm for point counting of hyperelliptic curves over finite fields, Algorithmic Number Theory Symposium-ANTS V, Lecture Notes in Computer Science, vol. 2369, Springer, 2002, pp. 461-474. MR 2041104 (2005a:11089)

42.
Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, Handbook of applied cryptography, CRC Press, 1997, revised reprint. MR 1412797 (99g:94015)

43.
Jean Francois Mestre, Algorithme pour compter des points de courbes en petite caractéristique et petit genre, 2002, lecture notes, http://www.institut.math.jussieu.fr/~mestre/rennescrypto.ps.

44.
Peter L. Montgomery, Modular multiplication without trial division, Mathematics of Computation 44 (1985), no. 170, 519-521. MR 777282 (86e:11121)

45.
National Institute of Standards and Technology, Digital Signature Standard, FIPS Publication 186-2, 2000.

46.
J. Pila, Frobenius maps of abelian varieties and finding roots of unity in finite fields, Mathematics of Computation 55 (1990), no. 102, 745-763. MR 1035941 (91a:11071)

47.
John M. Pollard, Theorems of factorization and primality testing, Proceedings of the Cambridge Philosophical Society 76 (1974), 521-528. MR 0354514 (50:6992)

48.
-, Monte Carlo methods for index computations mod $ p$, Mathematics of Computation 32 (1978), 918-924. MR 0491431 (58:10684)

49.
Takakazu Satoh, The canonical lift of an ordinary elliptic curve over a finite field and its point counting, Journal of the Ramanujan Mathematical Society 15 (2000), no. 4, 247-270. MR 1801221 (2001j:11049)

50.
C. P. Schnorr and H. W. Lenstra, Jr., A Monte Carlo factoring algorithm with linear storage, Mathematics of Computation 43 (1984), 289-311. MR 744939 (85d:11106)

51.
René Schoof, Elliptic curves over finite fields and the computation of square roots mod $ p$, Mathematics of Computation 44 (1985), 483-294. MR 777280 (86e:11122)

52.
-, Counting points on elliptic curves over finite fields, Journal de Théorie des Nombres de Bordeaux 7 (1995), 219-254. MR 1413578 (97i:11070)

53.
Donald Shanks, Class number, a theory of factorization and genera, Analytic Number Theory, Proceedings of Symposia on Pure Mathematics, vol. 20, American Mathematical Society, 1971, pp. 415-440. MR 0316385 (47:4932)

54.
Benjamin Smith, Isogenies and the discrete logarithm problem on Jacobians of genus $ 3$ hyperelliptic curves, Cryptology ePrint Archive, Report 2007/428, 2007, http://eprint.iacr.org/.

55.
Richard Stallman et al., GNU compiler collection 4.1.2, February 2007, http://gcc.gnu.org/index.html.

56.
Andreas Stein and Edlyn Teske, Explicit bounds and heuristics on class numbers in hyperelliptic function fields, Mathematics of Computation 71 (2001), no. 238, 837-861. MR 1885633 (2002k:11210)

57.
Andrew V. Sutherland, Order computations in generic groups, Ph.D. thesis, Massachusetts Institute of Technology, 2007, http://groups.csail.mit.edu/cis/theses/sutherland-phd.pdf.

58.
Edlyn Teske, A space efficient algorithm for group structure computation, Mathematics of Computation 67 (1998), 1637-1663. MR 1474658 (99a:11146)

59.
-, The Pohlig-Hellman method generalized for group structure computation, Journal of Symbolic Computation 27 (1999), 521-534. MR 1701092 (2000f:20090)

60.
N. Thériault, Index calculus attack for hyperelliptic curves of small genus, Advances in Cryptology - ASIACRYPT 2003, Lecture Notes in Computer Science, Springer-Verlag, 2003, pp. 75-92. MR 2093253 (2006d:94068)

61.
-, Weil descent attack for Kummer extensions, Journal of the Ramanujan Mathematical Society 18 (2003), no. 3, 281-312. MR 2007146 (2004i:14025)

62.
Frederik Vercauteren, Computing zeta functions of curves over finite fields, Ph.D. thesis, Katholieke Universiteit Leuven, 2003.

63.
André Weil, Numbers of solutions of equations in finite fields, Bulletin of the American Mathematical Society 55 (1949), 497-508. MR 0029393 (10:592e)

64.
Annegret Weng, Hyperelliptic CM-curves of genus $ 3$, Journal of the Ramanujan Mathematical Society 16 (2001), 339-372. MR 1877806 (2002k:11099)

65.
-, Constructing hyperelliptic curves of genus $ 2$ suitable for cryptography, Mathematics of Computation 72 (2003), no. 241, 435-458. MR 1933830 (2003i:14029)

66.
Thomas Wollinger, Software and hardware implementation of hyperelliptic curve cryptosystems, Ph.D. thesis, Ruhr-University of Bochum, 2004.

Similar Articles:

Retrieve articles in Mathematics of Computation with MSC (2000): 11G20, 11Y16, 11M38, 14G50

Retrieve articles in all Journals with MSC (2000): 11G20, 11Y16, 11M38, 14G50

Additional Information:

Andrew V. Sutherland
Affiliation: Massachusetts Institute of Technology, 77 Massachusetts Avenue, Cambridge, Massachusetts 02139-4307
Email: drew@math.mit.edu

DOI: 10.1090/S0025-5718-08-02143-1
PII: S 0025-5718(08)02143-1
Received by editor(s): August 15, 2007
Received by editor(s) in revised form: January 29, 2008
Posted: May 20, 2008
Copyright of article: Copyright 2008, by the author

  AMS Website Logo Small Comments: webmaster@ams.org
© Copyright 2009, American Mathematical Society
Privacy Statement 		Search the AMSPowered by Google