Cryptology ePrint Archive: Report 2013/644

Elliptic and Hyperelliptic Curves: a Practical Security Analysis

Joppe W. Bos and Craig Costello and Andrea Miele

Abstract: Motivated by the advantages of using elliptic curves for discrete logarithm-based public-key cryptography, there is an active research area investigating the potential of using hyperelliptic curves of genus 2. For both types of curves, the best known algorithms to solve the discrete logarithm problem are generic attacks such as Pollard rho, for which it is well-known that the algorithm can be sped up when the target curve comes equipped with an efficiently computable automorphism. In this paper we incorporate all of the known optimizations (including those relating to the automorphism group) in order to perform a systematic security assessment of two elliptic curves and two hyperelliptic curves of genus 2. We use our software framework to give concrete estimates on the number of core years required to solve the discrete logarithm problem on four curves that target the 128-bit security level: on the standardized NIST CurveP-256, on a popular curve from the Barreto-Naehrig family, and on their respective analogues in genus 2.

Category / Keywords: public-key cryptography /

Original Publication (in the same form): IACR-PKC-2014

Date: received 7 Oct 2013, last revised 13 Jan 2014

Contact author: jbos at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20140114:051033 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]