International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Trace Zero Subvariety for Cryptosystems

Tanja Lange
Search ePrint
Search Google
Abstract: We present a kind of group suitable for cryptographic applications: the trace zero subvariety. The construction is based on Weil descent from curves of genus two over extension fields $\F_{p^n}$, $n=3$. On the Jacobian of the curve the group can be seen as a prime order subgroup, however, considering the construction as Weil descent we can argue that the security is equivalent to that of groups based on low-genus hyperelliptic curves over prime fields. The advantage is that the complexity to compute scalar multiples is lower, as one can make use of the Frobenius endomorphism of the initial curve. Thus the trace zero subvariety can be used efficiently in protocols based on the discrete logarithm problem.
  title={Trace Zero Subvariety for Cryptosystems},
  booktitle={IACR Eprint archive},
  keywords={Public key cryptography, discrete logarithm, hyperelliptic curves, abelian varieties, Frobenius endomorphism, fast arithmetic},
  note={submitted 12194 received 16 May 2003, last revised 22 May 2003},
  author={Tanja Lange},