International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves (Update)

Jan Pelzl
Thomas Wollinger
Jorge Guajardo
Christof Paar
Search ePrint
Search Google
Abstract: For most of the time since they were proposed, it was widely believed that hyperelliptic curve cryptosystems (HECC) carry a substantial performance penalty compared to elliptic curve cryptosystems (ECC) and are, thus, not too attractive for practical applications. Only quite recently improvements have been made, mainly restricted to curves of genus 2. The work at hand advances the state-of-the-art considerably in several aspects. First, we generalize and improve the closed formulae for the group operation of genus 3 for HEC defined over fields of characteristic two. For certain curves we achieve over 50% complexity improvement compared to the best previously published results. Second, we introduce a new complexity metric for ECC and HECC defined over characteristic two fields which allow performance comparisons of practical relevance. It can be shown that the HECC performance is in the range of the performance of an ECC; for specific parameters HECC can even possess a lower complexity than an ECC at the same security level. Third, we describe the first implementation of a HEC cryptosystem on an embedded (ARM7) processor. Since HEC are particularly attractive for constrained environments, such a case study should be of relevance.
  title={Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves (Update)},
  booktitle={IACR Eprint archive},
  keywords={implementation / hyperelliptic curves, explicit formulae, comparison HECC vs.\ ECC, efficient implementation},
  note={ 12139 received 10 Feb 2003, last revised 28 Mar 2003},
  author={Jan Pelzl and Thomas Wollinger and Jorge Guajardo and Christof Paar},