Cryptosystems can be designed based on the discrete logarithm problem on the Jacobian of a genus 2 hyperelliptic curve over a finite field (HCDLP). For security, the group of points on the Jacobian should have prime order, or a small cofactor times a prime. This talk will survey known methods for constructing genus 2 curves with a given zeta function, focusing on the complex analytic approach and the Chinese Remainder theorem approach. The talk will highlight the difficulties and open problems in this area, and tell about some recent progress. Parts of this talk will cover joint work with Kirsten Eisentraeger, Eyal Goren, and David Freeman.
In analogy with the known methods for constructing elliptic curves with a given number of points via computation of the Hilbert class polynomial, in the genus 2 situation we construct the Igusa class polynomials. The 3 Igusa class polynomials are the minimal polynomials of the invariants of the genus 2 curve. They can be computed via the complex analytic approach of evaluating certain Siegel modular functions up to a certain amount of precision. Until recently, there were no known bounds on the amount of precision needed. We can now give a bound on the amount of precision needed for this algorithm to succeed. Alternatively, the Igusa class polynomials can be constructed via the Chinese Remainder theorem by first computing them modulo small primes. For this approach, it is important to be able to compute the endomorphism ring efficiently, and we give new fast, probabilistic methods for computing endomorphism rings of Jacobians of genus 2 curves.
Audio (MP3 File, Podcast Ready)
Copyright. All Rights Reserved.