Invalid-curve attacks on (hyper)elliptic curve cryptosystems
Koray Karabina Berkant Ustaoglu
We extend the notion of an invalid-curve attack from elliptic curves to genus 2 hyperelliptic curves. We also show that invalid singular (hyper)elliptic curves can be used in mounting invalid-curve attacks on (hyper)elliptic curve cryptosystems, and make quantitative estimates of the practicality of these attacks. We thereby show that proper key validation is necessary even in cryptosystems based on hyperelliptic curves. As a byproduct, we enumerate the isomorphism classes of genus g hyperelliptic curves over a finite field by a new counting argument that is simpler than the previous methods.
keywords: hyperelliptic curves. Invalid-curve attacks
Generalizations of Verheul's theorem to asymmetric pairings
Koray Karabina Edward Knapp Alfred Menezes
For symmetric pairings $e : \mathbb{G} \times \mathbb{G} \rightarrow \mathbb{G}_T$, Verheul proved that the existence of an efficiently-computable isomorphism $\phi : \mathbb{G}_T \rightarrow \mathbb{G}$ implies that the Diffie-Hellman problems in $\mathbb{G}$ and $\mathbb{G}_T$ can be efficiently solved. In this paper, we explore the implications of the existence of efficiently-computable isomorphisms $\phi_1 : \mathbb{G}_T \rightarrow \mathbb{G}_1$ and $\phi_2 : \mathbb{G}_T \rightarrow \mathbb{G}_2$ for asymmetric pairings $e : \mathbb{G}_1 \times \mathbb{G}_2 \rightarrow \mathbb{G}_T$. We also give a simplified proof of Verheul's theorem.
keywords: cryptography discrete logarithm problem. asymmetric pairings Verheul's theorem

Year of publication

Related Authors

Related Keywords

[Back to Top]