Cryptology ePrint Archive: Report 2007/112

Decomposed Attack for the Jacobian of a Hyperelliptic Curve over an Extension Field

Koh-ichi Nagao

Abstract: We study the solution of the discrete logarithm problem for the Jacobian of a curve of genus g defined over an extension field Fqn, by decomposed attack, considering a external elements B0 given by points of the curve whose x-coordinates are defined in Fq. In the decomposed attack, an element of the group which is written by a sum of some elements of external elements is called (potentially) decomposed and the set of the terms, that appear in the sum, is called decomposed factor. In order for the running of the decomposed attack, a test for the (potential) decomposeness and the computation of the decomposed factor are needed. Here, we show that the test to determine if an element of the Jacobian (i.e., reduced divisor) is written by an ng sum of the elements of the external elements and the computation of decomposed factor are reduced to the problem of solving some multivariable polynomial system of equations by using the Riemann-Roch theorem. In particular, in the case of a hyperelliptic curve, we construct a concrete system of equations, which satisfies these properties and consists of (n2¡n)g quadratic equations. Moreover, in the case of (g; n) = (1; 3); (2; 2) and (3; 2), we give examples of the concrete computation of the decomposed factors by using the computer algebra system Magma.

Category / Keywords: Decomposed Attack, Hyperelliptic curve, Discrete logarithm problem,Weil descent attack

Date: received 28 Mar 2007, last revised 10 Feb 2008

Contact author: nagao at kanto-gakuin ac jp

Available formats: PDF | BibTeX Citation

Note: Many correction of minor errors

Version: 20080210:174616 (All versions of this report)

Discussion forum: Show discussion | Start new discussion