International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Christian Robenhagen Ravnshoj

Publications

Year
Venue
Title
2008
EPRINT
Non-Cyclic Subgroups of Jacobians of Genus Two Curves with Complex Multiplication
Christian Robenhagen Ravnshoj
Let E be an elliptic curve defined over a finite field. Balasubramanian and Koblitz have proved that if the l-th roots of unity m_l is not contained in the ground field, then a field extension of the ground field contains m_l if and only if the l-torsion points of E are rational over the same field extension. We generalize this result to Jacobians of genus two curves with complex multiplication. In particular, we show that the Weil- and the Tate-pairing on such a Jacobian are non-degenerate over the same field extension of the ground field.
2008
EPRINT
Non-Cyclic Subgroups of Jacobians of Genus Two Curves
Christian Robenhagen Ravnshoj
Let E be an elliptic curve defined over a finite field. Balasubramanian and Koblitz have proved that if the l-th roots of unity m_l is not contained in the ground field, then a field extension of the ground field contains m_l if and only if the l-torsion points of E are rational over the same field extension. We generalize this result to Jacobians of genus two curves. In particular, we show that the Weil- and the Tate-pairing are non-degenerate over the same field extension of the ground field. From this generalization we get a complete description of the l-torsion subgroups of Jacobians of supersingular genus two curves. In particular, we show that for l>3, the l-torsion points are rational over a field extension of degree at most 24.
2008
EPRINT
Generators of Jacobians of Genus Two Curves
Christian Robenhagen Ravnshoj
We prove that in most cases relevant to cryptography, the Frobenius endomorphism on the Jacobian of a genus two curve is represented by a diagonal matrix with respect to an appropriate basis of the subgroup of l-torsion points. From this fact we get an explicit description of the Weil-pairing on the subgroup of l-torsion points. Finally, the explicit description of the Weil-pairing provides us with an efficient, probabilistic algorithm to find generators of the subgroup of l-torsion points on the Jacobian of a genus two curve.
2007
EPRINT
Large Cyclic Subgroups of Jacobians of Hyperelliptic Curves
Christian Robenhagen Ravnsh{\o}j
In this paper we obtain conditions on the divisors of the group order of the Jacobian of a hyperelliptic genus 2 curve, generated by the complex multiplication method described by Weng (2003) and Gaudry (2005). Examples, where these conditions imply that the Jacobian has a large cyclic subgroup, are given.
2007
EPRINT
Generators of Jacobians of Hyperelliptic Curves
Christian Robenhagen Ravnshoj
This paper provides a probabilistic algorithm to determine generators of the m-torsion subgroup of the Jacobian of a hyperelliptic curve of genus two.
2007
EPRINT
Embedding Degree of Hyperelliptic Curves with Complex Multiplication
Christian Robenhagen Ravnshoj
Consider the Jacobian of a genus two curve defined over a finite field and with complex multiplication. In this paper we show that if the l-Sylow subgroup of the Jacobian is not cyclic, then the embedding degree of the Jacobian with respect to l is one.
2007
EPRINT
Pairings on Jacobians of Hyperelliptic Curves
Christian Robenhagen Ravnshoj
Consider the jacobian of a hyperelliptic genus two curve defined over a finite field. Under certain restrictions on the endomorphism ring of the jacobian we give an explicit description all non-degenerate, bilinear, anti-symmetric and Galois-invariant pairings on the jacobian. From this description it follows that no such pairing can be computed more efficiently than the Weil pairing. To establish this result, we need an explicit description of the representation of the Frobenius endomorphism on the l-torsion subgroup of the jacobian. This description is given. In particular, we show that if the characteristic polynomial of the Frobenius endomorphism splits into linear factors modulo l, then the Frobenius is diagonalizable. Finally, under the restriction that the Frobenius element is an element of a certain subring of the endomorphism ring, we prove that if the characteristic polynomial of the Frobenius endomorphism splits into linear factors modulo l, then the embedding degree and the total embedding degree of the jacobian with respect to l are the same number.