{"title":"超椭圆曲线的算法","authors":"S. Duquesne, T. Lange","doi":"10.1201/9781420034981.ch14","DOIUrl":null,"url":null,"abstract":"In Chapter 1 we introduced the discrete logarithm problem and showed that the main operation in a public-key cryptosystem is the computation of scalar multiples in a cyclic group. Chapter 9 showed how the computation of scalar multiples can be reduced to a sequence of additions and doublings in the group. Hence, for an efficient system we need to have groups with efficient group laws. In Chapter 13 we detailed the arithmetic on elliptic curves. This chapter deals with hyperelliptic curves, which can be seen as a generalization of elliptic curves. We first give a brief overview of the main properties of hyperelliptic curves repeating the definitions for the convenience of the reader. The details can be found in Chapter 4 . In the applications, group elements must be stored and transmitted. For restricted environments or restricted bandwidth it might be useful to use compression even though recovering the original coordinates needs some efforts. Accordingly, we consider compression techniques. The main emphasis of this chapter is put on the arithmetic properties, i.e., on algorithms to perform the group operation. We state Cantor’s algorithm, which works for arbitrary ground field and genus of the curve. To obtain better performance one needs to fix the genus and develop explicit formulas as for elliptic curves (cf. Chapters 13.2 and 13.3). We first specialize to considering curves of genus 2 , separately over finite fields of odd and then of even characteristic. For both cases we give formulas for different coordinate systems, namely affine, projective, and new coordinates. The latter two systems allow us to avoid inversions in the group operation. For odd characteristic we also state two possible generalizations of Montgomery coordinates (cf. Section 13.2.3); for even characteristic there is no such generalization yet. Also for genus 3 hyperelliptic curves, explicit formulas have been proposed. We give explicit formulas in affine coordinates in Section 14.6. Also nonhyperelliptic curves of genus 3 have been proposed for cryptographic applications. The final section gives references to these publications and also for genus 4 hyperelliptic curves before we conclude with a comparison and timings.","PeriodicalId":131128,"journal":{"name":"Handbook of Elliptic and Hyperelliptic Curve Cryptography","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Arithmetic of Hyperelliptic Curves\",\"authors\":\"S. Duquesne, T. Lange\",\"doi\":\"10.1201/9781420034981.ch14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In Chapter 1 we introduced the discrete logarithm problem and showed that the main operation in a public-key cryptosystem is the computation of scalar multiples in a cyclic group. Chapter 9 showed how the computation of scalar multiples can be reduced to a sequence of additions and doublings in the group. Hence, for an efficient system we need to have groups with efficient group laws. In Chapter 13 we detailed the arithmetic on elliptic curves. This chapter deals with hyperelliptic curves, which can be seen as a generalization of elliptic curves. We first give a brief overview of the main properties of hyperelliptic curves repeating the definitions for the convenience of the reader. The details can be found in Chapter 4 . In the applications, group elements must be stored and transmitted. For restricted environments or restricted bandwidth it might be useful to use compression even though recovering the original coordinates needs some efforts. Accordingly, we consider compression techniques. The main emphasis of this chapter is put on the arithmetic properties, i.e., on algorithms to perform the group operation. We state Cantor’s algorithm, which works for arbitrary ground field and genus of the curve. To obtain better performance one needs to fix the genus and develop explicit formulas as for elliptic curves (cf. Chapters 13.2 and 13.3). We first specialize to considering curves of genus 2 , separately over finite fields of odd and then of even characteristic. For both cases we give formulas for different coordinate systems, namely affine, projective, and new coordinates. The latter two systems allow us to avoid inversions in the group operation. For odd characteristic we also state two possible generalizations of Montgomery coordinates (cf. Section 13.2.3); for even characteristic there is no such generalization yet. Also for genus 3 hyperelliptic curves, explicit formulas have been proposed. We give explicit formulas in affine coordinates in Section 14.6. Also nonhyperelliptic curves of genus 3 have been proposed for cryptographic applications. The final section gives references to these publications and also for genus 4 hyperelliptic curves before we conclude with a comparison and timings.\",\"PeriodicalId\":131128,\"journal\":{\"name\":\"Handbook of Elliptic and Hyperelliptic Curve Cryptography\",\"volume\":\"73 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-07-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Handbook of Elliptic and Hyperelliptic Curve Cryptography\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1201/9781420034981.ch14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Handbook of Elliptic and Hyperelliptic Curve Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1201/9781420034981.ch14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In Chapter 1 we introduced the discrete logarithm problem and showed that the main operation in a public-key cryptosystem is the computation of scalar multiples in a cyclic group. Chapter 9 showed how the computation of scalar multiples can be reduced to a sequence of additions and doublings in the group. Hence, for an efficient system we need to have groups with efficient group laws. In Chapter 13 we detailed the arithmetic on elliptic curves. This chapter deals with hyperelliptic curves, which can be seen as a generalization of elliptic curves. We first give a brief overview of the main properties of hyperelliptic curves repeating the definitions for the convenience of the reader. The details can be found in Chapter 4 . In the applications, group elements must be stored and transmitted. For restricted environments or restricted bandwidth it might be useful to use compression even though recovering the original coordinates needs some efforts. Accordingly, we consider compression techniques. The main emphasis of this chapter is put on the arithmetic properties, i.e., on algorithms to perform the group operation. We state Cantor’s algorithm, which works for arbitrary ground field and genus of the curve. To obtain better performance one needs to fix the genus and develop explicit formulas as for elliptic curves (cf. Chapters 13.2 and 13.3). We first specialize to considering curves of genus 2 , separately over finite fields of odd and then of even characteristic. For both cases we give formulas for different coordinate systems, namely affine, projective, and new coordinates. The latter two systems allow us to avoid inversions in the group operation. For odd characteristic we also state two possible generalizations of Montgomery coordinates (cf. Section 13.2.3); for even characteristic there is no such generalization yet. Also for genus 3 hyperelliptic curves, explicit formulas have been proposed. We give explicit formulas in affine coordinates in Section 14.6. Also nonhyperelliptic curves of genus 3 have been proposed for cryptographic applications. The final section gives references to these publications and also for genus 4 hyperelliptic curves before we conclude with a comparison and timings.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
