Cryptology ePrint Archive: Report 2003/026

Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves (Update)

Jan Pelzl and Thomas Wollinger and Jorge Guajardo and Christof Paar

Abstract: For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements have been made, mainly restricted to curves of genus 2. The work at hand advances the state-of-the-art considerably in several aspects. First, we generalize and improve the closed formulae for the group operation of genus 3 for HEC defined over fields of characteristic two. For certain curves we achieve over 50% complexity improvement compared to the best previously published results. Second, we introduce a new complexity metric for ECC and HECC defined over characteristic two fields which allow performance comparisons of practical relevance. It can be shown that the HECC performance is in the range of the performance of an ECC; for specific parameters HECC can even possess a lower complexity than an ECC at the same security level. Third, we describe the first implementation of a HEC cryptosystem on an embedded (ARM7) processor. Since HEC are particularly attractive for constrained environments, such a case study should be of relevance.

Category / Keywords: implementation / hyperelliptic curves, explicit formulae, comparison HECC vs.\ ECC, efficient implementation

Date: received 10 Feb 2003, last revised 28 Mar 2003

Contact author: pelzl at crypto rub de

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20030328:140704 (All versions of this report)

Discussion forum: Show discussion | Start new discussion