Cryptology ePrint Archive: Report 2003/094

Trace Zero Subvariety for Cryptosystems

Tanja Lange

Abstract: We present a kind of group suitable for cryptographic applications: the trace zero subvariety. The construction is based on Weil descent from curves of genus two over extension fields $\F_{p^n}$, $n=3$. On the Jacobian of the curve the group can be seen as a prime order subgroup, however, considering the construction as Weil descent we can argue that the security is equivalent to that of groups based on low-genus hyperelliptic curves over prime fields. The advantage is that the complexity to compute scalar multiples is lower, as one can make use of the Frobenius endomorphism of the initial curve. Thus the trace zero subvariety can be used efficiently in protocols based on the discrete logarithm problem.

Category / Keywords: Public key cryptography, discrete logarithm, hyperelliptic curves, abelian varieties, Frobenius endomorphism, fast arithmetic

Publication Info: submitted

Date: received 16 May 2003, last revised 22 May 2003

Contact author: lange at itsc rub de

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Nicer picture

Version: 20030522:213035 (All versions of this report)

Short URL: ia.cr/2003/094

Discussion forum: Show discussion | Start new discussion