The point decomposition problem in Jacobian varieties

Abstract : The discrete logarithm problem is a fundamental brick for several protocols for secured communications. Its instantiation over elliptic curves allows the deployment of efficient asymmetric primitives in embedded systems, because of the small size of the parameters considered. Nowadays, elliptic curves cryptosystems are already widely used: it is therefore crucial to precisely understand the hardness of such systems. Because of the existence of mathematical attacks enabling the transfer from an elliptic curve discrete logarithm problem to another algebraic curve, and the upcoming competitivity of genus 2 curves, it is mandatory to study the problem not only for elliptic curves, but for the other curves as well.In this way, this thesis focuses on the algebraic attacks over curves with genus greater than 1. The index calculus family of algorithms is in general preferred for this kind of attacks. Those algorithms run in two phases: the first, called harvesting phase, can be modelled by different algebraic approaches, depending in the targetted curve. The underlying problem amounts to knowing how to decompose efficiently points in the Jacobian variety of the curve into sums of other points.First, we propose a sieving approach to the harvesting, that can be adated to any type of curves with genus greater than 1, and which turns to be experimentally more efficient than state-of-the-art's methods. Moreover, our method allows a close-to-immediate implementation, and avoid complications coming from relations management.Our second focus is on a variant of index calculus called decomposition attack, targetting curves defined over field extensions. In this situation, harvesting is done by solving numerous multivariate polynomial systems. We propose a new approach to this modelling by generalizing the notion of elliptic summation polynomias to any type of algebraic curves. This uses elimination theory, and the computational aspect is handled by Gröbner bases methods.Third, we give algorithms to improve the solving process of the systems arising from a decomposition attacks when the characteristic of the base field is even. By mean of a general theoretical presentation, and using Gröbner bases methods, we give a sharp analysis of the impact of such improvement on the complexity of the resolution process. This sharp analysis together with a dedicated implementation allows us to attack a genus 2 curve satisfying realistic security parameters.
Complete list of metadatas
Contributor : Abes Star <>
Submitted on : Wednesday, March 29, 2017 - 10:57:09 AM
Last modification on : Friday, March 22, 2019 - 1:31:48 AM
Long-term archiving on : Friday, June 30, 2017 - 1:20:21 PM


Version validated by the jury (STAR)


  • HAL Id : tel-01407675, version 2


Alexandre Wallet. The point decomposition problem in Jacobian varieties. Data Structures and Algorithms [cs.DS]. Université Pierre et Marie Curie - Paris VI, 2016. English. ⟨NNT : 2016PA066438⟩. ⟨tel-01407675v2⟩



Record views


Files downloads