Abstract
We describe a filtering technique improving the performanceof index-calculus algorithms for hyperelliptic curves.Filtering is a stage taking place between the relation searchand the linear algebra. Its purpose is to eliminateredundant or duplicate relations, as well as reducing the size of the matrix, thus decreasing the time required for the linear algebra step. This technique, which we call harvesting,is in fact a new strategy that subtly alters the whole index calculus algorithm. In particular, it changes the relation search to find many times more relations thanvariables, after which a selection process is applied to the set of the relations - the harvesting process. The aim of this new process is to extract a (slightly) overdetermined submatrixwhich is as small as possible. Furthermore, the size of the factor base also has to be readjusted, in order to keep the (extended) relation search faster than it would have been in an index calculus algorithm without harvesting. The size of the factor base must also be chosen to guarantee that the final matrix will be indeed smaller than it would be in an optimised index calculus without harvesting, thus also speeding up the linear algebra step. The version of harvesting presented here isan improvement over an earlier version by the same authors.By means of a new selection algorithm,time-complexity can be reduced from quadraticto linear (in the size of the input),thus making its running time effectively negligible with respectto the rest of the index calculus algorithm. At the same time we make the process of harvesting more effective - in the sense that the final matrix should (on average) be smaller than with the earlier approach. We present an analysis of the impact of harvesting(for instance, we show that its usage can improve index calculus performance by more than 30% in some cases), we showthat the impact on matrix size is essentially independent on thegenus of the curve considered, and provide an heuristicargument in support of the effectiveness of harvesting asone parameter (which defines how far the relation search is pushed) increases.
Highlights
This contribution deals with one step of index calculus algorithms for solving the hyperelliptic curve discrete logarithm, namely filtering relations, and its impact on the whole discrete logarithm computation
We present an analysis of the impact of harvesting, we show that the impact on matrix size is essentially independent on the genus of the curve considered, and provide an heuristic argument in support of the effectiveness of harvesting as one parameter increases
We consider only index calculus algorithms that use at most one large prime
Summary
This contribution deals with one step of index calculus algorithms for solving the hyperelliptic curve discrete logarithm (see for instance [3, 7] or [2, Ch. 20]), namely filtering relations, and its impact on the whole discrete logarithm computation. We consider only index calculus algorithms that use at most one large prime (because of theoretical complications arising in the double large prime methods, namely with the weight of the relations). We improve a filtering technique called harvesting, first introduced in. Key words and phrases: Hyperelliptic Curves, Jacobians, Index Calculus, Filtering, Harvesting. An index calculus algorithm to solve the DLP E = tD in a group G of cardinality N , with D ∈ G and E ∈ ⟨D⟩, for t ∈ Z, consists of the following steps: 1.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
