Talk:Hyperelliptic curve cryptography
|WikiProject Mathematics||(Rated Start-class, Low-priority)|
|WikiProject Cryptography / Computer science||(Rated Start-class, Low-importance)|
What is the group operation? Does such information belong here, or in Hyperelliptic_curve ?
- I'll try to spruce up the article later today with the group operation. It would belong in this article CryptoDerk
Complexity of attacks against hyperelliptic curves
The article currently contains the following claim:
- Also, for hyperelliptic curves of genus higher that 3, there are known efficient sub-exponential attacks.
I doubt that this claim is correct. E.g., the paper P.Gaudry, "An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves", presented at Eurocrypt 2000 gives an algorithm that under a minor practical assumption computes discrete logarithms in time on hyperelliptic curves of genus g over a field of order q. While this is faster than e.g. Pollard rho this is not sub-exponential. Has a better attack been published or did I misinterpret Gaudry's result? 220.127.116.11 (talk) 19:55, 5 July 2008 (UTC)
I think you are right. Although there are some improvement to the Gaudry's result, the complexity of these attacks for small genus is slightly better than Pollard's Rho and still exponential. However, for large genus, index-calculus is subexponential. Thank you for your correction.Bossudenotredame (talk) 07:18, 1 December 2008 (UTC)