A Generic Approach to Searching for Jacobians
Andrew V. Sutherland
TL;DR
This paper introduces a probabilistic generic algorithm to efficiently find Jacobians with large prime order subgroups in low genus curves, improving previous results and enabling practical cryptographic applications.
Contribution
It presents a novel probabilistic approach to identify cryptographically suitable Jacobians with large prime order subgroups, especially effective over low-degree extension fields.
Findings
Subexponential complexity for genus 2 Jacobians.
O(N^{1/12}) complexity for genus 3 Jacobians.
Successfully found Jacobians over prime fields with 180+ bits group order.
Abstract
We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.