Abstract
Real hyperelliptic curves admit two structures suitable for cryptography --- the Jacobian (a finite abelian group) and the infrastructure. Mireles Morales described precisely the relationship between these two structures, and made the assertion that when implemented with balanced divisor arithmetic, the Jacobian generically yields more efficient arithmetic than the infrastructure for cryptographic applications. We confirm that this assertion holds for genus two curves, through rigorous analysis and the first detailed numerical performance comparisons, showing that cryptographic key agreement can be performed in the Jacobian without any extra operations beyond those required for basic scalar multiplication. We also present a modified version of Mireles Morales' map that more clearly reveals the algorithmic relationship between the two structures.
Highlights
In 1976, Diffie and Hellman [3] introduced their celebrated key agreement protocol
We describe how to perform both types of scalar multiplication in the Jacobian using the same performance improvements from the infrastructure
Our analysis and numerical experiments show that Mireles Morales’ claim that the Jacobian of a real hyperelliptic curve is more efficient than the infrastructure for cryptographic applications is true for even genus curves
Summary
In 1976, Diffie and Hellman [3] introduced their celebrated key agreement protocol. While they originally described their scheme in the context of finite fields, other suitable finite abelian groups have since been successfully employed. Key words and phrases: Real hyperelliptic curve, Jacobian, balanced divisor, infrastructure, scalar multiplication, cryptographic key agreement. In the fixed base case, a modified algorithm was described that requires no adjustment steps and in which divisor additions were replaced by the faster “baby step” operation. Both the Jacobian and the infrastructure can be used for cryptographic applications, it was originally not clear exactly how they were related, or which one offered faster performance in practice. The resulting scalar multiplication algorithms in both settings, using fixed and variable base divisors, are discussed in Section 6; this includes a comparative analysis.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
