Paper 2013/644
Elliptic and Hyperelliptic Curves: a Practical Security Analysis
Joppe W. Bos, Craig Costello, and Andrea Miele
Abstract
Motivated by the advantages of using elliptic curves for discrete logarithm-based public-key cryptography, there is an active research area investigating the potential of using hyperelliptic curves of genus 2. For both types of curves, the best known algorithms to solve the discrete logarithm problem are generic attacks such as Pollard rho, for which it is well-known that the algorithm can be sped up when the target curve comes equipped with an efficiently computable automorphism. In this paper we incorporate all of the known optimizations (including those relating to the automorphism group) in order to perform a systematic security assessment of two elliptic curves and two hyperelliptic curves of genus 2. We use our software framework to give concrete estimates on the number of core years required to solve the discrete logarithm problem on four curves that target the 128-bit security level: on the standardized NIST CurveP-256, on a popular curve from the Barreto-Naehrig family, and on their respective analogues in genus 2.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published by the IACR in PKC 2014
- Contact author(s)
- jbos @ microsoft com
- History
- 2014-01-14: revised
- 2013-10-10: received
- See all versions
- Short URL
- https://ia.cr/2013/644
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/644, author = {Joppe W. Bos and Craig Costello and Andrea Miele}, title = {Elliptic and Hyperelliptic Curves: a Practical Security Analysis}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/644}, year = {2013}, url = {https://eprint.iacr.org/2013/644} }