Paper 2007/365

Pairings on Jacobians of Hyperelliptic Curves

Christian Robenhagen Ravnshoj

Abstract

Consider the jacobian of a hyperelliptic genus two curve defined over a finite field. Under certain restrictions on the endomorphism ring of the jacobian we give an explicit description all non-degenerate, bilinear, anti-symmetric and Galois-invariant pairings on the jacobian. From this description it follows that no such pairing can be computed more efficiently than the Weil pairing. To establish this result, we need an explicit description of the representation of the Frobenius endomorphism on the l-torsion subgroup of the jacobian. This description is given. In particular, we show that if the characteristic polynomial of the Frobenius endomorphism splits into linear factors modulo l, then the Frobenius is diagonalizable. Finally, under the restriction that the Frobenius element is an element of a certain subring of the endomorphism ring, we prove that if the characteristic polynomial of the Frobenius endomorphism splits into linear factors modulo l, then the embedding degree and the total embedding degree of the jacobian with respect to l are the same number.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Hyperelliptic curve cryptography
Contact author(s)
cr @ imf au dk
History
2007-09-13: received
Short URL
https://ia.cr/2007/365
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2007/365,
      author = {Christian Robenhagen Ravnshoj},
      title = {Pairings on Jacobians of Hyperelliptic Curves},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/365},
      year = {2007},
      url = {https://eprint.iacr.org/2007/365}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.