Novel efficient implementations of hyperelliptic curve cryptosystems using degenerate divisors

Masanobu Katagi, Izuru Kitamura, Toru Akishita, Tsuyoshi Takagi

研究成果: ジャーナルへの寄稿Conference article

8 引用 (Scopus)

抄録

It has recently been reported that the performance of hyperelliptic curve cryptosystems (HECC) is competitive to that of elliptic curve cryptosystems (ECC). However, it is expected that HECC still can be improved due to their mathematically rich structure. We consider here the application of degenerate divisors of HECC to scalar multiplication. We investigate the operations of the degenerate divisors in the Harley algorithm and the Cantor algorithm of genus 2. The timings of these operations are reported. We then present a novel efficient scalar multiplication method using the degenerate divisors. This method is applicable to cryptosystems with fixed base point, e.g., ElGamal-type encryption, sender of Diffie-Hellman, and DSA. Using a Xeon processor, we found that the double-and-add-always method using the degenerate base point can achieve about a 20% increase in speed for a 160-bit HECC. However, we mounted an timing attack using the time difference to designate the degenerate divisors. The attack assumes that the secret key is fixed and the base point can be freely chosen by the attacker. Therefore, the attack is applicable to ElGamal-type decryption and single-pass Diffie-Hellman - SSL using a hyperelliptic curve could be vulnerable to the proposed attack. Our experimental results show that one bit of the secret key for a 160-bit HECC can be recovered by calling the decryption oracle 500 times.

元の言語英語
ページ(範囲)345-359
ページ数15
ジャーナルLecture Notes in Computer Science
3325
出版物ステータス出版済み - 9 1 2005
イベント5th International Workshop on Information Security Applications, WISA 2004 - Jeju Island, 大韓民国
継続期間: 8 23 20048 25 2004

Fingerprint

Hyperelliptic Curves
Cryptosystem
Efficient Implementation
Divisor
Cryptography
Scalar multiplication
Diffie-Hellman
Attack
Timing Attack
Elliptic Curve Cryptosystem
Cantor
Encryption
Timing
Genus
Experimental Results

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

これを引用

Novel efficient implementations of hyperelliptic curve cryptosystems using degenerate divisors. / Katagi, Masanobu; Kitamura, Izuru; Akishita, Toru; Takagi, Tsuyoshi.

:: Lecture Notes in Computer Science, 巻 3325, 01.09.2005, p. 345-359.

研究成果: ジャーナルへの寄稿Conference article

Katagi, Masanobu ; Kitamura, Izuru ; Akishita, Toru ; Takagi, Tsuyoshi. / Novel efficient implementations of hyperelliptic curve cryptosystems using degenerate divisors. :: Lecture Notes in Computer Science. 2005 ; 巻 3325. pp. 345-359.
@article{479cc16d4e534115a4d22e54e45587c5,
title = "Novel efficient implementations of hyperelliptic curve cryptosystems using degenerate divisors",
abstract = "It has recently been reported that the performance of hyperelliptic curve cryptosystems (HECC) is competitive to that of elliptic curve cryptosystems (ECC). However, it is expected that HECC still can be improved due to their mathematically rich structure. We consider here the application of degenerate divisors of HECC to scalar multiplication. We investigate the operations of the degenerate divisors in the Harley algorithm and the Cantor algorithm of genus 2. The timings of these operations are reported. We then present a novel efficient scalar multiplication method using the degenerate divisors. This method is applicable to cryptosystems with fixed base point, e.g., ElGamal-type encryption, sender of Diffie-Hellman, and DSA. Using a Xeon processor, we found that the double-and-add-always method using the degenerate base point can achieve about a 20{\%} increase in speed for a 160-bit HECC. However, we mounted an timing attack using the time difference to designate the degenerate divisors. The attack assumes that the secret key is fixed and the base point can be freely chosen by the attacker. Therefore, the attack is applicable to ElGamal-type decryption and single-pass Diffie-Hellman - SSL using a hyperelliptic curve could be vulnerable to the proposed attack. Our experimental results show that one bit of the secret key for a 160-bit HECC can be recovered by calling the decryption oracle 500 times.",
author = "Masanobu Katagi and Izuru Kitamura and Toru Akishita and Tsuyoshi Takagi",
year = "2005",
month = "9",
day = "1",
language = "English",
volume = "3325",
pages = "345--359",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - Novel efficient implementations of hyperelliptic curve cryptosystems using degenerate divisors

AU - Katagi, Masanobu

AU - Kitamura, Izuru

AU - Akishita, Toru

AU - Takagi, Tsuyoshi

PY - 2005/9/1

Y1 - 2005/9/1

N2 - It has recently been reported that the performance of hyperelliptic curve cryptosystems (HECC) is competitive to that of elliptic curve cryptosystems (ECC). However, it is expected that HECC still can be improved due to their mathematically rich structure. We consider here the application of degenerate divisors of HECC to scalar multiplication. We investigate the operations of the degenerate divisors in the Harley algorithm and the Cantor algorithm of genus 2. The timings of these operations are reported. We then present a novel efficient scalar multiplication method using the degenerate divisors. This method is applicable to cryptosystems with fixed base point, e.g., ElGamal-type encryption, sender of Diffie-Hellman, and DSA. Using a Xeon processor, we found that the double-and-add-always method using the degenerate base point can achieve about a 20% increase in speed for a 160-bit HECC. However, we mounted an timing attack using the time difference to designate the degenerate divisors. The attack assumes that the secret key is fixed and the base point can be freely chosen by the attacker. Therefore, the attack is applicable to ElGamal-type decryption and single-pass Diffie-Hellman - SSL using a hyperelliptic curve could be vulnerable to the proposed attack. Our experimental results show that one bit of the secret key for a 160-bit HECC can be recovered by calling the decryption oracle 500 times.

AB - It has recently been reported that the performance of hyperelliptic curve cryptosystems (HECC) is competitive to that of elliptic curve cryptosystems (ECC). However, it is expected that HECC still can be improved due to their mathematically rich structure. We consider here the application of degenerate divisors of HECC to scalar multiplication. We investigate the operations of the degenerate divisors in the Harley algorithm and the Cantor algorithm of genus 2. The timings of these operations are reported. We then present a novel efficient scalar multiplication method using the degenerate divisors. This method is applicable to cryptosystems with fixed base point, e.g., ElGamal-type encryption, sender of Diffie-Hellman, and DSA. Using a Xeon processor, we found that the double-and-add-always method using the degenerate base point can achieve about a 20% increase in speed for a 160-bit HECC. However, we mounted an timing attack using the time difference to designate the degenerate divisors. The attack assumes that the secret key is fixed and the base point can be freely chosen by the attacker. Therefore, the attack is applicable to ElGamal-type decryption and single-pass Diffie-Hellman - SSL using a hyperelliptic curve could be vulnerable to the proposed attack. Our experimental results show that one bit of the secret key for a 160-bit HECC can be recovered by calling the decryption oracle 500 times.

UR - http://www.scopus.com/inward/record.url?scp=23944495554&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=23944495554&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:23944495554

VL - 3325

SP - 345

EP - 359

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -