Paper 2003/026

Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves (Update)

Jan Pelzl, Thomas Wollinger, Jorge Guajardo, and Christof Paar


For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements have been made, mainly restricted to curves of genus 2. The work at hand advances the state-of-the-art considerably in several aspects. First, we generalize and improve the closed formulae for the group operation of genus 3 for HEC defined over fields of characteristic two. For certain curves we achieve over 50% complexity improvement compared to the best previously published results. Second, we introduce a new complexity metric for ECC and HECC defined over characteristic two fields which allow performance comparisons of practical relevance. It can be shown that the HECC performance is in the range of the performance of an ECC; for specific parameters HECC can even possess a lower complexity than an ECC at the same security level. Third, we describe the first implementation of a HEC cryptosystem on an embedded (ARM7) processor. Since HEC are particularly attractive for constrained environments, such a case study should be of relevance.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
hyperelliptic curvesexplicit formulaecomparison HECC vs.\ ECCefficient implementation
Contact author(s)
pelzl @ crypto rub de
2003-03-28: revised
2003-02-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jan Pelzl and Thomas Wollinger and Jorge Guajardo and Christof Paar},
      title = {Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves (Update)},
      howpublished = {Cryptology ePrint Archive, Paper 2003/026},
      year = {2003},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.