A complete divisor class halving algorithm for hyperelliptic curve cryptosystems of genus two

Izuru Kitamura, Masanobu Katagi, Tsuyoshi Takagi

研究成果: ジャーナルへの寄稿Conference article

13 引用 (Scopus)

抄録

We deal with a divisor class halving algorithm on hyperelliptic curve cryptosystems (HECC), which can be used for scalar multiplication, instead of a doubling algorithm. It is not obvious how to construct a halving algorithm, due to the complicated addition formula of hyperelliptic curves. In this paper, we propose the first halving algorithm used for HECC of genus 2, which is as efficient as the previously known doubling algorithm. From the explicit formula of the doubling algorithm, we can generate some equations whose common solutions contain the halved value. From these equations we derive four specific equations and show an algorithm that selects the proper halved value using two trace computations in the worst case. If a base point is fixed, we can reduce these extra field operations by using a pre-computed table which shows the correct halving divisor class - the improvement over the previously known fastest doubling algorithm is up to about 10%. This halving algorithm is applicable to DSA and DH based on HECC. Finally, we present the divisor class halving algorithms for not only the most frequent case but also other exceptional cases.

元の言語英語
ページ(範囲)146-157
ページ数12
ジャーナルLecture Notes in Computer Science
3574
出版物ステータス出版済み - 10 18 2005
イベント10th Australasian Conference on Information Security and Privacy, ACISP 2005 - Brisbane, オーストラリア
継続期間: 7 4 20057 6 2005

Fingerprint

Hyperelliptic Curves
Cryptosystem
Divisor
Cryptography
Genus
Doubling
Class
Addition formula
Scalar multiplication
Explicit Formula
Table
Trace

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

これを引用

A complete divisor class halving algorithm for hyperelliptic curve cryptosystems of genus two. / Kitamura, Izuru; Katagi, Masanobu; Takagi, Tsuyoshi.

:: Lecture Notes in Computer Science, 巻 3574, 18.10.2005, p. 146-157.

研究成果: ジャーナルへの寄稿Conference article

Kitamura, Izuru ; Katagi, Masanobu ; Takagi, Tsuyoshi. / A complete divisor class halving algorithm for hyperelliptic curve cryptosystems of genus two. :: Lecture Notes in Computer Science. 2005 ; 巻 3574. pp. 146-157.
@article{a8d22488df894e40b08410e2f81311eb,
title = "A complete divisor class halving algorithm for hyperelliptic curve cryptosystems of genus two",
abstract = "We deal with a divisor class halving algorithm on hyperelliptic curve cryptosystems (HECC), which can be used for scalar multiplication, instead of a doubling algorithm. It is not obvious how to construct a halving algorithm, due to the complicated addition formula of hyperelliptic curves. In this paper, we propose the first halving algorithm used for HECC of genus 2, which is as efficient as the previously known doubling algorithm. From the explicit formula of the doubling algorithm, we can generate some equations whose common solutions contain the halved value. From these equations we derive four specific equations and show an algorithm that selects the proper halved value using two trace computations in the worst case. If a base point is fixed, we can reduce these extra field operations by using a pre-computed table which shows the correct halving divisor class - the improvement over the previously known fastest doubling algorithm is up to about 10{\%}. This halving algorithm is applicable to DSA and DH based on HECC. Finally, we present the divisor class halving algorithms for not only the most frequent case but also other exceptional cases.",
author = "Izuru Kitamura and Masanobu Katagi and Tsuyoshi Takagi",
year = "2005",
month = "10",
day = "18",
language = "English",
volume = "3574",
pages = "146--157",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - A complete divisor class halving algorithm for hyperelliptic curve cryptosystems of genus two

AU - Kitamura, Izuru

AU - Katagi, Masanobu

AU - Takagi, Tsuyoshi

PY - 2005/10/18

Y1 - 2005/10/18

N2 - We deal with a divisor class halving algorithm on hyperelliptic curve cryptosystems (HECC), which can be used for scalar multiplication, instead of a doubling algorithm. It is not obvious how to construct a halving algorithm, due to the complicated addition formula of hyperelliptic curves. In this paper, we propose the first halving algorithm used for HECC of genus 2, which is as efficient as the previously known doubling algorithm. From the explicit formula of the doubling algorithm, we can generate some equations whose common solutions contain the halved value. From these equations we derive four specific equations and show an algorithm that selects the proper halved value using two trace computations in the worst case. If a base point is fixed, we can reduce these extra field operations by using a pre-computed table which shows the correct halving divisor class - the improvement over the previously known fastest doubling algorithm is up to about 10%. This halving algorithm is applicable to DSA and DH based on HECC. Finally, we present the divisor class halving algorithms for not only the most frequent case but also other exceptional cases.

AB - We deal with a divisor class halving algorithm on hyperelliptic curve cryptosystems (HECC), which can be used for scalar multiplication, instead of a doubling algorithm. It is not obvious how to construct a halving algorithm, due to the complicated addition formula of hyperelliptic curves. In this paper, we propose the first halving algorithm used for HECC of genus 2, which is as efficient as the previously known doubling algorithm. From the explicit formula of the doubling algorithm, we can generate some equations whose common solutions contain the halved value. From these equations we derive four specific equations and show an algorithm that selects the proper halved value using two trace computations in the worst case. If a base point is fixed, we can reduce these extra field operations by using a pre-computed table which shows the correct halving divisor class - the improvement over the previously known fastest doubling algorithm is up to about 10%. This halving algorithm is applicable to DSA and DH based on HECC. Finally, we present the divisor class halving algorithms for not only the most frequent case but also other exceptional cases.

UR - http://www.scopus.com/inward/record.url?scp=26444507115&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=26444507115&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:26444507115

VL - 3574

SP - 146

EP - 157

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -