Trace Zero Subvarieties of Genus 2 Curves for Cryptosystems

In this paper we present a kind of group suitable for cryptographic applications: the trace zero subvariety. We describe in detail the case of trace zero varieties constructed from genus 2 curves over prime fields. The curve is considered over an extension field of degree 3 and one performs Weil descent from its Jacobian to the prime field leading to a variety of dimension 6. The trace zero variety is a subvariety thereof. As a group it is isomorphic to a subgroup of the Jacobian of the original curve. For appropriately chosen parameters it is as secure as Jacobians of curves of genus g ≤ 3. Its main advantage is that the complexity of computing scalar multiplication is lower than on other curve based groups. This is achieved by making use of the Frobenius endomorphism. Thus the trace zero subvariety can be used efficiently in protocols based on the discrete logarithm problem.