Hyperelliptic curve cryptography

Hyperelliptic curve cryptography is similar to elliptic curve cryptography (ECC) insomuch as the algebraic geometry construct of a hyperelliptic curve with an appropriate group law provides an Abelian group on which to do arithmetic.

The use of hyperelliptic curves in cryptography came about in 1989 from Neal Koblitz. Although introduced only 3 years after ECC, not many cryptosystems implement hyperelliptic curves because the implementation of the arithmetic isn't as efficient as with cryptosystems based on elliptic curves or factoring (RSA). Also for hyperelliptic curves of genus higher that 3, there are known attacks which are more efficient than generic discrete logarithm solvers^[1] or even subexponential^[2], in contrast with the case of elliptic curves whose best known attack is the generic exponential one.

The group used in hyperelliptic curve cryptography is the degree zero part of the Picard group of a hyperelliptic curve. The elements of this group are not points, instead they are equivalence classes of degree zero divisors under the relation of linear equivalence. This agrees with the elliptic curve case, because an elliptic curve is isomorphic to the degree zero part of its Picard group.

The hyperelliptic curves used are typically of the sort ${\displaystyle y^{2}=f(x)\,}$ where the degree of ${\displaystyle f}$ is 5 — a genus two hyperelliptic curve, or 7 — a genus three hyperelliptic curve.

Taking the idea of hyperelliptic curve cryptography to the next level, tori can be used in torus based cryptography. These systems are even more complicated (computationally) than hyperelliptic curve based cryptosystems.

• Colm Ó hÉigeartaigh Implementation of some hyperelliptic curves algorithms using MIRACL