Genus 2 Hyperelliptic Curve Families with Explicit Jacobian Order Evaluation and Pairing-Friendly Constructions [chapter]

Aurore Guillevic, Damien Vergnaud
2013 Lecture Notes in Computer Science  
The use of elliptic and hyperelliptic curves in cryptography relies on the ability to compute the Jacobian order of a given curve. Recently, Satoh proposed a probabilistic polynomial time algorithm to test whether the Jacobian -over a finite field Fq -of a hyperelliptic curve of the form Y 2 = X 5 + aX 3 + bX (with a, b ∈ F * q ) has a large prime factor. His approach is to obtain candidates for the zeta function of the Jacobian over F * q from its zeta function over an extension field where
more » ... Jacobian splits. We extend and generalize Satoh's idea to provide explicit formulas for the zeta function of the Jacobian of genus 2 hyperelliptic curves of the form Y 2 = X 5 + aX 3 + bX and Y 2 = X 6 + aX 3 + b (with a, b ∈ F * q ). Our results are proved by elementary (but intricate) polynomial root-finding techniques. Hyperelliptic curves with small embedding degree and large prime-order subgroup are key ingredients for implementing pairing-based cryptographic systems. Using our closed formulas for the Jacobian order, we propose two algorithms which complement those of Freeman and Satoh to produce genus 2 pairing-friendly hyperelliptic curves. Our method relies on techniques initially proposed to produce pairing-friendly elliptic curves (namely, the Cocks-Pinch method and the Brezing-Weng method). We show that the previous security considerations about embedding degree are valid for an elliptic curve and can be lightened for a Jacobian. We demonstrate this method by constructing several interesting curves with ρ-values around 4 with a Cocks-Pinch-like method and around 3 with a Brezing-Weng-like method.
doi:10.1007/978-3-642-36334-4_16 fatcat:cdp3jvavxfhr3h37fmz4c5pjvi