##
**Handbook of elliptic and hyperelliptic curve cryptography.**
*(English)*
Zbl 1082.94001

Discrete Mathematics and its Applications. Boca Raton, FL: Chapman & Hall/CRC (ISBN 1-58488-518-1/hbk; 978-1-4200-3498-1/ebook). xxxiv, 808 p. (2006).

This thick book (more than 800 pages) is a collective work: seven authors and eight contributors, H. Cohen and G. Frey being the scientific editors. Its declared aim is “to explain in great detail the theory and algorithms involved on elliptic and hyperelliptic curve cryptography”.

The book presents the state of the art in the field including the most recent developments (“This book contains many algorithms of which some appear for the first time in book form”) in topics as point counting algorithms or transfer of discrete logarithm by Weil descent.

Classically public-key cryptosystems and digital signature schemes based on the Discrete Logarithm Problem (DLP) used as underlying group the multiplicative group of a finite field. However the Index-Calculus method provided a subexponential way of attack to the DL on those groups.

The group of points of an elliptic curve defined over a finite field was proposed as an alternative by V. Miller and N. Koblitz twenty years ago, because on this group the Index-Calculus does not work. This is also the case for Jacobians of hyperelliptic curves of small genus. Although the arithmetic in these groups is more complicate this is compensated by the smaller size of the keys.

Like other excellent books in the area [for instance, I. Blake, G. Seroussi and N. P. Smart, Elliptic Curves in Cryptography. London Mathematical Society L.N.S. 265, Cambridge (1999; Zbl 0937.94008)], “it is not a text-book and in particular contains very few proofs”, but this one tries to be self contained “in that essentially all of the mathematical background is explained quite precisely”. Parts I and II of the book (Chapters 2 to 12, about 250 pages) are concerned with such mathematical background: finite and \(p\)-adic fields, algebraic curves and Jacobians, Tate pairing, Weil descent, as well as algorithms for doing arithmetic in finite and \(p\)-adic fields.

The arithmetic of elliptic and hyperelliptic curves is the object of Part III, including arithmetic of special curves (chapter 15) and the implementation of pairings (Chapter 16).

Part IV of the book (Chapters 17 and 18) gives a survey of point counting methods on elliptic and hyperelliptic curves, including a complete version of the Schoof-Elkies-Atkin algorithm and \(p\)-adic methods (Satoh’s algorithm and its successors).

Part V (Chapters 19–22) discusses in detail security issues related to attacks to the DLP: generic algorithms, Index-Calculus and methods that allow the transfer of the DLP for apparently secure instances to other susceptible to attacks by Index-Calculus methods.

Part VI discusses how to find secure cryptographic primitives for DL systems (Chapter 23) and pairing-based Cryptography (Chapter 24) as well as applications to primality tests and factoring methods (Chapter 25).

The last Part of the book (Chapter 26–30) discusses methods to implement elliptic and hyperelliptic DL systems in environments such as smart cards, side-channel attacks and random number generation using elliptic and hyperelliptic curves.

The book is supplemented with an exhaustive Bibliography (pages 737–775), a Notation Index (pages 777–784) and a General Index (pages 785–808). As conclusion we can say that this handbook is an invaluable source of information for both students and researchers interested in Cryptography with Elliptic and Hyperelliptic Curves.

The book presents the state of the art in the field including the most recent developments (“This book contains many algorithms of which some appear for the first time in book form”) in topics as point counting algorithms or transfer of discrete logarithm by Weil descent.

Classically public-key cryptosystems and digital signature schemes based on the Discrete Logarithm Problem (DLP) used as underlying group the multiplicative group of a finite field. However the Index-Calculus method provided a subexponential way of attack to the DL on those groups.

The group of points of an elliptic curve defined over a finite field was proposed as an alternative by V. Miller and N. Koblitz twenty years ago, because on this group the Index-Calculus does not work. This is also the case for Jacobians of hyperelliptic curves of small genus. Although the arithmetic in these groups is more complicate this is compensated by the smaller size of the keys.

Like other excellent books in the area [for instance, I. Blake, G. Seroussi and N. P. Smart, Elliptic Curves in Cryptography. London Mathematical Society L.N.S. 265, Cambridge (1999; Zbl 0937.94008)], “it is not a text-book and in particular contains very few proofs”, but this one tries to be self contained “in that essentially all of the mathematical background is explained quite precisely”. Parts I and II of the book (Chapters 2 to 12, about 250 pages) are concerned with such mathematical background: finite and \(p\)-adic fields, algebraic curves and Jacobians, Tate pairing, Weil descent, as well as algorithms for doing arithmetic in finite and \(p\)-adic fields.

The arithmetic of elliptic and hyperelliptic curves is the object of Part III, including arithmetic of special curves (chapter 15) and the implementation of pairings (Chapter 16).

Part IV of the book (Chapters 17 and 18) gives a survey of point counting methods on elliptic and hyperelliptic curves, including a complete version of the Schoof-Elkies-Atkin algorithm and \(p\)-adic methods (Satoh’s algorithm and its successors).

Part V (Chapters 19–22) discusses in detail security issues related to attacks to the DLP: generic algorithms, Index-Calculus and methods that allow the transfer of the DLP for apparently secure instances to other susceptible to attacks by Index-Calculus methods.

Part VI discusses how to find secure cryptographic primitives for DL systems (Chapter 23) and pairing-based Cryptography (Chapter 24) as well as applications to primality tests and factoring methods (Chapter 25).

The last Part of the book (Chapter 26–30) discusses methods to implement elliptic and hyperelliptic DL systems in environments such as smart cards, side-channel attacks and random number generation using elliptic and hyperelliptic curves.

The book is supplemented with an exhaustive Bibliography (pages 737–775), a Notation Index (pages 777–784) and a General Index (pages 785–808). As conclusion we can say that this handbook is an invaluable source of information for both students and researchers interested in Cryptography with Elliptic and Hyperelliptic Curves.

Reviewer: Juan Tena Ayuso (Valladolid)

### MSC:

94-00 | General reference works (handbooks, dictionaries, bibliographies, etc.) pertaining to information and communication theory |

94A60 | Cryptography |

11G20 | Curves over finite and local fields |

14G50 | Applications to coding theory and cryptography of arithmetic geometry |

11Y16 | Number-theoretic algorithms; complexity |

11Y05 | Factorization |

11Y11 | Primality |