Hyperelliptic curves encryption combined with block codes for Gaussian channel

INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMSInt. J. Commun. Syst. 2006; 19:809–830Published online 13 January 2006 in Wiley InterScience (www.interscience.wiley.com). DOI: 10.1002/dac.771

Hyperelliptic curves encryption combined with blockcodes for Gaussian channel

I. Jiron, I. Soto, R. Carrascon,y and N. Becerra

E2.12, Merz Court, University of Newcastle upon Tyne, Newcastle upon Tyne NE1 7RU, U.K.

SUMMARY

In this paper, a new cryptographic system is constructed using a combination of a hyperelliptic curve ofgenus g ¼ 2 over the Galois field GF(2n) and a Reed–Solomon code (N, K) over the Galois field GF(2m)and this system uses a smaller key than the elliptic curves cryptosystem and the Rivest, Shamir, andAdleman cryptosystem. The design criterion for the combination can be expressed as the data compressioncondition and addressing capability of the code. In addition, the system performance is compared withother systems; extraordinary improvements of 8 and 16.5 dB can be obtained for a BER=10�5, whencompared with binary phase shift keying and differential chaos shift keying, respectively. This system has apolynomial complexity, which depends on data length and the number of operations in GF(2n). Copyright# 2005 John Wiley & Sons, Ltd.

KEY WORDS: cryptography; hyperelliptic curves; error correction; Reed–Solomon codes

1. INTRODUCTION

The Internet and e-commerce have had an explosive growth in the last decade and broadbandsubscribers per 100 inhabitants have increased its size by 6:7; 10:1 and 18.1 times in Japan,France and United Kingdom, respectively, from years 2001–2004. Therefore, protection systemsare very important and vital for the security of this huge amount of information andcryptography is the basis of this new infrastructure. In Reference [1] an increasing modelis presented. The main objectives of cryptography are the information confidentiality,data integrity, user authentication, signature and non-repudiation [2]. A traditional way toprotect e-commerce has been implemented using cryptosystems for public key cryptography asDiffie–Hellman (DH) and Rivest, Shamir, and Adleman (RSA), invented in 1976 and 1978,respectively.

Received 1 March 2004Revised 1 August 2005

Accepted 1 September 2005Copyright # 2005 John Wiley & Sons, Ltd.

yE-mail: [email protected]

Contract/grant sponsor: FONDECYT; contract/grant number: 1030149Contract/grant sponsor: PBCT; contract/grant number: ACT11

nCorrespondence to: R. Carrasco, E2.12, Merz Court, University of Newcastle upon Tyne, Newcastle upon TyneNE1 7RU, U.K.

https://www.researchgate.net/publication/227654018_Limits_to_growth_in_the_new_economy_Exploring_the_'get_big_fast'_strategy_in_e-commerce?el=1_x_8&enrichId=rgreq-8f8c4453a938bcaded3f68cd4ea843a6-XXX&enrichSource=Y292ZXJQYWdlOzIyODk0ODczMDtBUzoxMDIxNjkzMDY5OTI2NDRAMTQwMTM3MDQ2OTQwMg==

In 1983, the International Standard Organization (ISO) developed the Open SystemInterconnection seven layer (OSI) model. The seven-layer model has the followingfunctionalities: (1) physical layer connects the entity to the transmission media. (2) Data linklayer provides error control between adjacent nodes. (3) Network layer routes the informationin the network. (4) Transport layer provides an end-to-end communication control. (5) Sessionlayer handles problems, which are not communication issues. (6) Presentation layer converts theinformation to the user format. (7) Application layer provides different services to the users [3].Furthermore, the OSI model was firstly systematized for wired network but later extended towireless network [4]. This model is used as a reference to explain information security issues andthe operation of the wired and wireless digital communications.

Most of the public key algorithms have been constructed at the presentation layer, based onlarge integer number theory, as for the case of RSA public key algorithm. Unfortunately, in2003, RSA was broken, so to avoid such weakness the key size was increased from 576 to 1024bits [5, 6]. The DH cryptosystem can be implemented using elliptic curves cryptosystem (ECC)where its key size is smaller than the RSA key size [7], for example, 160 bits ECC key offerssecurity equivalent to 1024 bits RSA key. A hyperelliptic curve cryptosystem (HCC) allows ashorter key size than ECC; in fact, an elliptic curve (EC) is a hyperelliptic curve (HC) of genusone. In References [8, 9], the use of HC has been restricted to genus two since some attacks havebeen reported.

Nowadays, for secure data transmission at the presentation layer, the ElGamal encryptionalgorithm is used. In this algorithm a transmitter T and the receiver R generate their own privatekeys kt, kr and public keys ktD, krD in a public multiplicative group J, respectively. The messageunits M are embedded in the elements of the group J. Then, T sends to R the encrypted message(ktD, M+kt(krD)) and R decrypts M using kr(ktD) and ðM þ ktðkrDÞ � krðktDÞÞ ¼M [2].

Data cryptographic implementations at the data layer are less expensive computationally thanthose at the presentation layer. In fact, recently for wireless applications the algorithm RC4 hasbeen implemented at the data layer (The RC4 is a variable-key-size stream cipher developed in1987 by Ron Rivest [2]). Unfortunately, some problems concerned with the exclusive-or (XOR)operation have been reported [10].

The aim of this paper is the construction of a new cryptosystem that combines cryptographyand coding systems to avoid the above problems, by the deployment of a HC and a Reed–Solomon code (RSC) using BPSK with hard decisions.

The remainder of this paper is organized as follows. Section 2 presents a clear formalism withthe necessary definitions. Section 3 describes the proposed system. Section 4 shows a case studyin order to clarify the proposed system. Section 5 presents a set of experiments and analysis ofthe results separated in four subsections: (1) security, (2) the explanation of the combinationmethod and (3) the comparison against BPSK and the differential chaos shift keying (DCSK)[11] and (4) complexity studies. Section 6 presents the conclusions. Although, if the readerwants a quick understanding of the proposed system, the authors recommend going directly toSection 5 and revisiting the earlier sections to learn the formalism.

2. FORMALISM AND DEFINITIONS FOR PROPOSED CRYPTOGRAPHIC SYSTEM

This section presents some formal aspects and definitions before the system description. Theproposed cryptographic system security is based on the DH key exchange and ElGamal

Copyright # 2005 John Wiley & Sons, Ltd. Int. J. Commun. Syst. 2006; 19:809–830

I. JIRON ET AL.810

https://www.researchgate.net/publication/221451628_A_subexponential_algorithm_for_discrete_logarithms_over_the_rational_subgroup_of_the_Jacobians_of_large_genus_hyperelliptic_curves_over_finite_fields?el=1_x_8&enrichId=rgreq-8f8c4453a938bcaded3f68cd4ea843a6-XXX&enrichSource=Y292ZXJQYWdlOzIyODk0ODczMDtBUzoxMDIxNjkzMDY5OTI2NDRAMTQwMTM3MDQ2OTQwMg==

https://www.researchgate.net/publication/225171505_Selecting_Cryptographic_Key_Sizes?el=1_x_8&enrichId=rgreq-8f8c4453a938bcaded3f68cd4ea843a6-XXX&enrichSource=Y292ZXJQYWdlOzIyODk0ODczMDtBUzoxMDIxNjkzMDY5OTI2NDRAMTQwMTM3MDQ2OTQwMg==

https://www.researchgate.net/publication/3323625_Optimal_Detection_of_Differential_Chaos_Shift_Keying?el=1_x_8&enrichId=rgreq-8f8c4453a938bcaded3f68cd4ea843a6-XXX&enrichSource=Y292ZXJQYWdlOzIyODk0ODczMDtBUzoxMDIxNjkzMDY5OTI2NDRAMTQwMTM3MDQ2OTQwMg==

https://www.researchgate.net/publication/234780608_OSI_Reference_Model_for_Telecommunications?el=1_x_8&enrichId=rgreq-8f8c4453a938bcaded3f68cd4ea843a6-XXX&enrichSource=Y292ZXJQYWdlOzIyODk0ODczMDtBUzoxMDIxNjkzMDY5OTI2NDRAMTQwMTM3MDQ2OTQwMg==

encryption algorithm [12] and these are based on the discrete logarithm problem intractability ina finite cyclic group J with order denoted by #J. The discrete logarithm of b in J to the base a inJ, denoted by loga b, is the unique integer x belonging to f0; 1; . . . ;#J � 1g where b ¼ x � a and ais a generator of J. The group J should be carefully chosen to satisfy the following twoconditions: firstly, the group operation in J should be easy to apply and secondly, the discretelogarithm problem in J should be computationally infeasible. In this context, the Jacobian of aHC over a finite field meets the conditions.

Equation (1) corresponds to a HC of genus g51 C over a finite field F:

C : v2 þ hðuÞv ¼ f ðuÞ ð1Þ

where hðuÞ belongs to F ½u� with degðhðuÞÞ4g; and f(u) belongs to F ½u� is a monic withdegðf ðuÞÞ ¼ 2gþ 1: F ½u� represents to the set of all polynomial with coefficient in the field F.

Furthermore, there are no points P on C

P ¼ ðu; vÞ 2 %F � %F

which simultaneously satisfy Equation (1) and the partial derivative equations 2vþ hðuÞ ¼ 0 andh0ðuÞv� f 0ðuÞ ¼ 0 where %F denotes the algebraic closure of F [12].

Equation (2) defines a reduced divisor as a formal sum.

D ¼X

miPi �X

mi

� �1 ð2Þ

where Pi ¼ ðui; viÞ is a point on C and only a finite number of the integers mi are non-zero, mi50and X

mi4g

The Jacobian of C is denoted by JðCÞ and contains all the reduced divisors. Additionally, eachreduced divisor D can be represented by two polynomials aðuÞ and bðuÞ in F ½u�; then

D ¼ divðaðuÞ; bðuÞÞ

In particular, Equations (3) represent the polynomials aðuÞ and bðuÞ for genus g ¼ 2; which willbe used in the proposed system.

aðuÞ ¼ a0 þ a1uþ u2

bðuÞ ¼ b0 þ b1uð3Þ

The system embeds and extracts the data in the elements of the Jacobian; these processes will beexplained in Section 3. Besides, the system has reliable data transmission because the Jacobianelements are embedded in a RSC.

A RSC ðN;KÞ over GFð2mÞ [13] is a non-binary cyclic code with symbols made up of m-bitsequences, where m > 2; 05K5N52m þ 2; K is the number of data symbols being encoded andN is the total number of code symbols in the codeword. For the most conventional RSCðN;KÞ ¼ ð2m � 1; 2m � 1� 2T), T is the symbol-error correcting capability of the code andN � K ¼ 2T is the number of parity symbols. Besides, Equation (4) represents a generatorpolynomial of the RSC ðN;KÞ

gðuÞ ¼ g0 þ g1uþ g2u2 þ g3u

3 þ � � � þ g2T�1u2T�1 þ u2T ð4Þ


HYPERELLIPTIC CURVES ENCRYPTION 811

and gðuÞ has precisely 2T roots. In this case, the roots are given for successive powers of aprimitive element b in GFð2mÞ which are represented for the following powers:

b;b2; . . . ;b2T ð5Þ

Consequently,

gðuÞ ¼ ðuþ bÞðuþ b2Þðuþ b3Þ � � � ðuþ b2T Þ ð6Þ

Equation (7) represents the codeword polynomial, where a message polynomial c(u) ismultiplied by uN�K

UðuÞ ¼ uN�KcðuÞ þ pðuÞ ð7Þ

where pðuÞ is the remainder polynomial of uN�KcðuÞ divided by gðuÞ. In the decoding a receivedcorrupted-codeword polynomial

#UðuÞ ¼ UðuÞ þ eðuÞ ð8Þ

is represented by the sum of the transmitted codeword and the error polynomial. Then, thesyndrome

S ¼ ðS1;S2; . . . ;SN�K Þ ð9Þ

is calculated with

Si ¼ #UðbiÞ ð10Þ

where i ¼ 1; 2; . . . ; 2T : If S ¼ 0 then #UðuÞ is a valid codeword, otherwise the codeword has Zerror symbols in the positions

u j1 ; u j2 ; . . . ; u jZ ð11Þ

and the error polynomial can be written as

eðuÞ ¼ ej1uj1 þ ej2u

j2 þ � � � þ ejZujZ ð12Þ

where eji is error value in the position uji : Then, to find out positions and values of the errors,System (13) should be solved

S1 ¼ ej1w1 þ ej2w2 þ � � � þ ejZwZ

S2 ¼ ej1w21 þ ej2w

22 þ � � � þ ejZw

2Z

..

.

S2T ¼ ej1w2T1 ej2w

2T2 þ � � � þ ejZw

2TZ

ð13Þ

where the error value eji is associated with locator number

wi ¼ b ji ð14Þ

Next, the error-locator polynomial is defined as

sðuÞ ¼ ð1þ w1uÞð1þ w2uÞ � � � ð1þ wZuÞ ¼ 1þ s1uþ s2u2 þ � � � þ sZuZ ð15Þ


I. JIRON ET AL.812

and the reciprocal of the roots of sðuÞ are the locator numbers in the error vector eðuÞ. Then, thesolution of System (16) represents the coefficient values of the polynomial sðuÞ:

S1 S2 S3 � � � ST�1 ST

S2 S3 S4 � � � ST STþ1

..

. ... ..

. ... ..

.

ST�1 ST STþ1 � � � S2T�3 S2T�2

ST STþ1 STþ2 � � � S2T�2 S2T�1

26666666664

37777777775

sT

sT�1

..

.

s2

s1

26666666664

37777777775¼

�STþ1

�STþ2

..

.

�S2T�1

�S2T

26666666664

37777777775

ð16Þ

Therefore, each root of the polynomial sðuÞ indicates an error position in the codeword fromwhich symbol can be changed according to the input alphabet, according to Equation (17).

wi ¼ 1=b ji ¼ b ji ð17Þ

Subsequently, any subgroup of T equations of System (16) is chosen and the error value eji isassociated with the location wi: Next, the codeword is calculated by

UðuÞ ¼ #UðuÞ � eðuÞ ð18Þ

and the message polynomial cðuÞ is obtained from UðuÞ.The modulator maps a binary codeword

U ¼ ðu1; u2; . . . ; uNÞ

into a bipolar sequence represented by

X ¼ ðx1; x2; . . . ; xNÞ

where xi is calculated according to Equation (19).

xi ¼�1 if ui ¼ 0 i ¼ 1; 2; . . . ;N

þ1 if ui ¼ 1

(ð19Þ

Afterwards, the system will transmit the sequence X through an additive white Gaussian noise(AWGN) Channel and the sequence

W ¼ ðw1;w2; . . . ;wNÞ

will be generated. Next, a hard decision on each transmitted code bit is used in the demodulator;hence, the output is quantized to two levels 0 and 1.

In the next section, the above formalism will be used to describe the system and additionallyin Section 4 a step-by-step example will be constructed.

3. SYSTEM DESCRIPTION

Figure 1 represents the diagram of the proposed system, where kt is the transmitter secret key,Tx is the transmitter, the binary data sequence of an arbitrary length c ¼ z � n is given by

d ¼ fdc�1 � � � d1d0g



Mr is the non-linear hyperelliptic encrypt/encoder mapping, U is a codeword, X is a modulatedcodeword, W is a corrupted modulated sequence by the AWGN channel, #U is an estimatedtransmitted codeword, M�1

r is the inverse non-linear hyperelliptic encrypt/encoder mapping, anestimated transmitted binary data sequence of length c is given by

#d ¼ f #dc�1 � � � #d1#d0g

Rx is the receiver and kr is the receiver secret key.The data embedding and data compression processes are made in the non-linear hyperelliptic

encrypt/encoder block. On the other hand, data decompression and data extracting processesare made in the non-linear hyperelliptic decoder/decryption block.

First of all, Tx and Rx select a public HC of genus g ¼ 2C over a finite field F ¼ GFð2nÞaccording to Equation (1) and they calculate the order of the Jacobian

K ¼ #JðCÞ ¼ qg

using the Hasse–Weil theorem (see Formula (A1) in the Appendix), where q ¼ #F is the orderof the field F.

Next, Tx and Rx construct Table I, which contains the identifier numbers t and the reduceddivisors Dt on C. Each reduced divisor Dt has a pair of polynomials, which are given inEquations (20).

atðuÞ ¼ a0u2 þ ai1tuþ ai0t 2 GFð2nÞ½u� and btðuÞ ¼ a j1tuþ a j0t 2 GFð2nÞ½u� ð20Þ

According to Equations (3) and (20), a is a generator of GF(2n) and the exponents are

i1t; i0t; j1t; j0t 2 f0; 1; 2; . . . ; 2n � 2g ð21Þ

The coefficient zero cannot be represented as a power of the generator a (see an example forGF(25) in the Appendix). In that case, the polynomial coefficients at(u) and bt(u) are binarysequences of length n; then a binary data block of length 5 � n can be embedded in a reduceddivisor Dt; according to Equation (28), which will be discussed later.

Public: Field F, Curve C, theirs points and Jacobian J (C)

AWGN Channel

Dem

odul

ator

d

Mod

ulat

or

Non-linear Hyperelliptic

encrypt/ encoder

( )CJn →5

BrM :

d

Non-linear Hyperelliptic

decoder/decryption

( ) 5B1-rM nJ →C:

U X W U

xT xR

tk rk

Figure 1. System diagram.


I. JIRON ET AL.814

Equation (22) is a corollary of the Hasse–Weil theorem, given in Formula (A1) of theAppendix, and it establishes that each identifier number can be represented as a binary sequenceof length I; i.e. all reduced divisors are addressed by a binary sequence of length I:

I ¼dlog2 K e 8K ;K55

2 K ¼ 1; 2; 3; 4

(ð22Þ

Secondly, to complete the design criterion of the combination, Equations (23) and (24) will beused to represent the compression and addressing of HC and RSC, respectively. Tx and Rx

choose a RSC (N,K) over field GF(2m) according to the above design criterion.

Nnm55nn ½bit� ð23Þ

Knm� I ½bit� ð24Þ

Thirdly, Tx and Rx apply the DH key exchange. In this case, the secret keys are the randomsecret integers kt and kr, Formulas (25) represents the public keys based on the reduced divisorsof Tx and Rx, respectively.

ktDl ; krDl ð25Þ

Equation (26) represents the way in which the common secret key is generated by several scalarmultiplications based on Equation (25),

ktðkrDlÞ ¼ krðktDlÞ ¼ Ds ð26Þ

where Dl and Ds are reduced divisors which are addressed by the identifier numbers denoted byl and s represented in Table I.

Equation (27) shows how the binary data d of length c ¼ z � n can be divided into z differentdata blocks of length n:

d ¼ fdzn�1 � � � dz1d

z0g [ � � � [ fd

2n�1 � � �d

21d

20g [ fd

1n�1 � � � d

11d

10g ð27Þ

Table I. Look-up table for the identifiers numbers andreduced divisor on curve C.

Identifier number Id Reduced divisor

0 D0

1 D1

� � � � � �t Dt� � � � � �s Ds

� � � � � �l Dl

� � � � � �K � 1 DK�1



Equation (28) represents the way the proposed system embeds the data in the Jacobian JðCÞ:

Mr : B5n ! JðCÞ

bl1bl2bl3bl4bl5 !Mrðbl1bl2bl3bl4bl5Þ ¼ Dt ¼ divðatðuÞ; btðuÞÞ ð28Þ

where the reduced divisor Dt is included in Table I and the set

Bn ¼ fbl=bl ¼ fdln�1 � � � d

l1d

l0gg ð29Þ

contains all data block of n bits. Then, the data block l1 is embedded in the coefficient withposition i0t of polynomial at(u), the data block l2 is embedded in the coefficient with position i1tof polynomial at(u), and so on, the data block l5 is embedded in the coefficient with position j1tof polynomial bt(u), using Equations (20).

Then, Dt is obtained by applying the mapping Mr to the data blocks

bl1bl2bl3bl4bl5 ð30Þ

and Dt is addressed by identifier number t according to Table I. Equation (31) shows how Dt isencrypted using the ElGamal algorithm with the secret common key Ds.

Dl ¼ Dt þDs ð31Þ

where the divisor Ds has been calculated in Equation (26).The identifier number l of Dl, according to Table I, is transformed into its equivalent

K-message

cl ¼ ðcl1; cl2; . . . ; clkÞ ð32Þ

for the RSC (N, K). Then, cl is encoded and the codeword Ul is generated using Equation (7).Therefore, Ul is the output of non-linear hyperelliptic encrypt/encoder block.

The bipolar sequence Xl is obtained from the BPSK modulating of Ul, according to Equation(19). Consequently, the sequence Xl is the output of the modulator block.

The sequence Wl is produced from the AWGN channel corruption of Xl. Next, Wl isdemodulated using a hard decision on each transmitted code bit, according to Section 2.Therefore, the codeword #Ul is the output of the demodulator block. The codeword #Ul isdecoded using the RSC (N, K) decoding, which has been explained with Equations (13) and (16)in Section 2. Therefore, message cl is obtained.

The identifier number l is obtained from cl. Then, Dl is obtained using l and Table I.Next, Dt is decrypted using the ElGamal algorithm

Dt ¼ Dl �Ds ð33Þ

where the divisor Ds is the secret common key according to Equation (26).Equation (34) represents how the proposed system extracts the data from the Jacobian JðCÞ

using the inverse mapping Mr�1.

M�1r : JðCÞ ! B5

n

Dt !M�1r ðDtÞ ¼ bl1bl2bl3bl4bl5

ð34Þ

Then, the generic data block l1 is extracted from the coefficient with position i0t of polynomialat(u), the generic data block l2 is extracted from the coefficient with position i1t of polynomialat(u), and so on, the generic data block l5 is extracted from the coefficient with position j1t ofpolynomial bt(u), using Equation (20).


I. JIRON ET AL.816

Therefore, the data blocks (30) constitute the output of the non-linear hyperelliptic decoder/decryption blocks, which are concatenated to obtain the binary data sequence #d:

4. CASE STUDY

In this section, a particular case study is presented in order to gain a better understanding of theproposed system.

The combination between HC and RSC is constructed by users Tx and Rx. Equation (35)corresponds to the public HC C of genus g ¼ 2 over the field GF(25) with n ¼ 5 selected by theusers Tx and Rx, this curve is shown in Figure 2.

c : v2 þ ðu2 þ uÞv ¼ u5 þ u3 þ 1 ð35Þ

Table AI is used in the graphic of the curve C. For example, the points

Pk ¼ ða15; a8Þ Pj ¼ ða30; 0Þ ð36Þ

are substituted by the points (15,8) and (30,�1), respectively. Then, the reduced divisorD0 is given by

D0 ¼ Pk þ Pj � 21 ¼ ða15; a8Þ þ ða30; 0Þ � 21 ð37Þ

in accordance with Equation (2) and D0 can be described by the following polynomials:

a0ðuÞ ¼ a0u2 þ a8uþ a14 b0ðuÞ ¼ a0uþ a30 ð38Þ

in accordance with Equations (3). Therefore,

D0 ¼ divða0u2 þ a8uþ a14; a0uþ a30Þ

The order of the Jacobian JðCÞ is calculated using Equation (A2) and #JðCÞ ¼ ð25Þ2 ¼ 1024:Each reduced divisor has five coefficients in the field GF(25) which are shown in Table AI. Then,a binary sequence of length 5 can be embedded in a coefficient; therefore, each data block has alength of 25 [bit].

-20

24

6

81012

1416

1820

22

2426

283032

-2 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32

u

v

Figure 2. The hyperelliptic curve C : v2 þ ðu2 þ uÞv ¼ u5 þ u3 þ 1 over the field GF(25).



Table II is constructed by users Tx and Rx. In this table, each reduced divisor Dt is addressedby an identifier number t belong to f0; 1; 2; . . . ; 1023g: Then, each identifier number isrepresented by a sequence of

I ¼ 10 ½bit�

in accordance with Equation (22).If the data block length is equal to 25 [bit], then the conditions in Formulas (23) and (24) must

be satisfied by the RSC (N, K) over GF(2m). Therefore,

mN525 ½bit� ð39Þ

mK ¼ 10 ½bit� ð40Þ

Consequently, the RSC (7, 5) over the field GF(23) with m ¼ 3 is selected by users Tx and Rx.In this case, the RSC has the parameters N ¼ 7; K ¼ 5 and T ¼ 1: Also, the parameter K cantake the values K ¼ 1; 3 but the length of generated message is smaller than 10 [bit] for bothvalues; i.e. RSC (7, 3) and RSC (7, 1) have no addressing capability.

Afterwards, the DH key exchange is applied by the users Tx and Rx using Formulas (25) andEquations (26).

The reduced divisor

D165 ¼ divða0u2 þ a17uþ a30; a23uþ a12Þ ¼ Dl ð41Þ

is selected by the users Tx and Rx according to Table II. If the secret keys are

kt ¼ 2 kr ¼ 3

Table II. Look up table for the identifier numbers t and reduced divisors Dt oncurve C : v2 þ ðu2 þ uÞv ¼ u5 þ u3 þ 1:

Identifier number t Reduced divisor

0 D0 ¼ divða0u2 þ a8uþ a14; a0uþ a30Þ

1 D1 ¼ divða0u2 þ a30u; a1uþ a0Þ


� � � � � �


� � � � � �


� � � � � �

523 D523 ¼ divða0u2 þ a29; a9uþ a28Þ

� � � � � �

K ¼ 1023 D1023 ¼ divða0u2 þ a4uþ a7; a10uþ a7Þ


I. JIRON ET AL.818

then public keys are

2D165 ¼ divða0u2 þ a29; a9uþ a28Þ ¼ D407 ð42Þ

and

3D165 ¼ divða0u2 þ a3uþ a17; a22uþ a10Þ ¼ D657 ð43Þ

for Tx and Rx. Therefore, the common secret key is

6D165 ¼ divða0u2 þ a2uþ a8; a0uþ a16Þ ¼ D873 ð44Þ

where the identifier number is s ¼ 873 according to Table II.Equation (46) represents how the data are embedded in the reduced divisor, according to

Equation (28), the data blocks

b1b2b3b4b5 ¼ 00001 11101 00011 01000 01010 ð45Þ

are embedded in the reduced divisor D326 ðt ¼ 326Þ using the mapping Mr.

Mr : B55 ! JðCÞ

Mrðb1b2b3b4b5Þ ¼ D326 ¼ divða0u2 þ a14uþ a18; a6uþ a3Þ ð46Þ

00001! a0

11101! a14

00011! a18

01000! a6

01010! a3

Next, the reduced divisor D326 is encrypted by user Tx using Equation (31), as follows:

D673 ¼ D326 þD873 ð47Þ

The identifier numberId1 ¼ 673, ð1010100001Þbase¼2

becomes the message

c1 ¼ b0u þ b1u2 þ b2u3 þ b0u4

where b is a generator of the field GF(23). Besides,

gðuÞ ¼ b3 þ b4uþ b0u2

is the generator polynomial of the RSC (7, 5). Then, the codeword

U1 ¼ b4 þ b3uþ b0u3 þ b1u4 þ b2u5 þ b0u6

is produced by the encoder, according to Equation (7). After that, the bipolar sequence X1 isobtained from the BPSK modulation of U1 according to Equation (19) and the sequence W1 isgenerated by AWGN channel. Then, the bipolar sequence X1 is obtained from the hard decisionover W1.



Next, the codeword

U1 ¼ b4 þ b3uþ b0u3 þ b1u4 þ b2u5 þ b0u6

is produced from the BPSK demodulation of X1. Thus, the message

c1 ¼ b0uþ b1u2 þ b2u3 þ b0u4

is obtained from the decoder. Consequently, the identifier number Id1=673 is extracted frommessage c1. Thus, the reduced divisor D326 is decrypted by Rx using ElGamal scheme, in thefollowing form:

D326 ¼ D673 �D873 ¼ D673 þ divða0u2 þ a2uþ a8; a2uþ a28Þ

Then, data blocks

b1b2b3b4b5 ¼ 00001 11101 00011 01000 01010

are extracted using the inverse mapping

M�1r : JðCÞ ! B5

5

in Equation (34) on D326.

5. EXPERIMENT AND ANALYSIS

In this section the experiment and their analysis are presented.

5.1. Security

In order to understand the key exchange, the data encryption and other security issues in thissubsection, a paragraph for the scalar multiplication, the time to perform such operation, thesecurity level and the design criterion are presented. The key exchange and data encryption startwith the use of Equations (2) and (3) which represent the reduced divisor used in this system.The proposed system has been constructed using the new experimental combination of a HC Cof genus two over the field GF(2n) and a RSC (N, K) over the field GF(2m), where the data areembedded in the reduced divisors D in JðCÞ of the HC. Furthermore, the public and commonsecret keys are generated using the scalar multiplication operation that is represented byEquation (48) where k is an integer number that indicates the addition times.

kD ¼ DþDþ � � � þD|fflfflfflfflfflfflfflfflfflfflfflfflffl{zfflfflfflfflfflfflfflfflfflfflfflfflffl}k-times

ð48Þ

Equation (48) has a big impact on the complexity of the overall system, as will be discussed laterin this section. But for the moment, the analysis will concentrate on the time and the cost of ascalar multiplication.

In Table III, a list of the average time for one scalar multiplication has been tabulated. Theperforming of scalar multiplication has been studied in Reference [14], where 10 000 scalarmultiplications per curve were performed over the ECs in Equations (49) and (50) over the fieldsGF(2163) and GF(2181), respectively.

C1 : v2 þ v ¼ u3 þ 1 ð49Þ

C2 : v2 þ v ¼ u3 þ u2 þ 1 ð50Þ


I. JIRON ET AL.820

https://www.researchgate.net/publication/2533588_Efficient_Arithmetic_on_Genus_2_Hyperelliptic_Curves_over_Finite_Fields_via_Explicit_Formulae?el=1_x_8&enrichId=rgreq-8f8c4453a938bcaded3f68cd4ea843a6-XXX&enrichSource=Y292ZXJQYWdlOzIyODk0ODczMDtBUzoxMDIxNjkzMDY5OTI2NDRAMTQwMTM3MDQ2OTQwMg==

And the HC C3 over GF(283) and C4 over GF(297), which will be presented later in Equations(52) and (53), respectively.

For the study of the cost of the scalar multiplication extensive results have been carried outin physical processors that take into consideration the atomic operations such as SHIFTsand XORs denoted by AOPS. In Reference [15], the cost of a scalar multiplication is measuredusing the metric based in multiplications per inversion denoted by MI-ratio which is based onthe total number of AOPS for a multiplication in GF(2n). In that paper the scalar multiplicationcost for HCs of genus g ¼ 1; 2; 3 over fields GF(2162), GF(281) and GF(254) is measured withthis metric and concluded. Therefore, a scalar multiplication on HC is cheaper than ascalar multiplication on EC ðg ¼ 1Þ for MI-ratio 58.6. Therefore, the HC offer smaller sizeoperands compared with ECs and the arithmetic on HCs is more efficient than the arithmeticon EC.

Moreover, a 160-bit ECC key offers security equivalent to that of a 1024-bit RSA key, thisresult was presented in Reference [7]. In the year 2000 the comparison of security level curves ofRSA and ECC was published in Reference [16] and these curves have an exponential behaviour.

In order to include the HC, in this paper, Equation (51) has been used to compare the HCswith RSA and ECC.

jðtÞ ¼ j02bt ð51Þ

Figure 3 represents Equation (51) for the three cryptosystems using a shorter time scale that isused in Reference [16]. The curves in Figure 3 have an exponential behaviour and will nevercross each other. This function represents the key size in bits and t is the time to break the key.The parameter j0 is the initial key size in t0 ¼ 0: In this case, an assumption in the initial key sizeis considered according to field size j0 ¼ 12kHC for RSA, j0 ¼ 2kHC for an ECC and j0 ¼ kHC

which represents the key size of a HC. The parameter b represents a required proportion ofAOPS in the three systems; in fact, b ¼ 3 for RSA, b ¼ 0:5 for ECC and b ¼ 0:2 for HCs. Theresults of this model are shown in Figure 3.

The proposed system has security level better than RSA and ECC and this result is shown inFigure 4. In general, the OSI model can be used to organize the cryptography at the presentationlayer and the data link layer, a good treatment and study of the different vulnerabilities of thesealternatives can be found in Reference [17]. The presentation layer allows the datastandardization using a generic character sets such as ASCII or UNICODE. In that case, thecryptography is applied on the data characters. While in the data link layer the cryptography isapplied on the data bits. This layer is responsible for the packaging of the data to betransmitted, which are combined into packets and then handed into the physical layer forsynchronous or asynchronous transmission.

Table III. A list of the average time (ms) for one scalar multiplication.

Field Elliptic curves Hyperelliptic curves

GFð2nÞ C1 C2 C3 C4

#JðCÞ ¼ ð2nÞg ¼ 160 bits 26.208 26.504 18.875 21.143#JðCÞ ¼ ð2nÞg ¼ 190 bits 31.958 32.240 25.215 27.188



https://www.researchgate.net/publication/220336239_Hyperelliptic_Curve_Cryptosystems_Closing_the_Performance_Gap_to_Elliptic_Curves_Update?el=1_x_8&enrichId=rgreq-8f8c4453a938bcaded3f68cd4ea843a6-XXX&enrichSource=Y292ZXJQYWdlOzIyODk0ODczMDtBUzoxMDIxNjkzMDY5OTI2NDRAMTQwMTM3MDQ2OTQwMg==


5.2. Combination method and channel code at the data level

Although most of the implementation is related to the presentation layer in this section, animplementation at the data link layer will be discussed. The most important concept in thissystem is the reduced divisor defined in Equation (2) in general terms. But in order to implementsuch a concept a polynomial representation was elaborated in Equation (3). As was explainedbefore, the reduced divisor allows the combination of cryptography and channel coding into asingle entity at the data link layer.

1

10

100

0.01 0.1 1

Key

Siz

e (b

it)

RSA

ECC

HCC

Time to break key

Figure 3. Security levels for model using Equation (51).


I. JIRON ET AL.822

The design criterion has been analysed using different combinations of a HC of genus g ¼ 2over a field GF(2n) and a RSC (N, K) over a field GF(2m). In each combination the HC staysfixed and the RSC is changing for the analysis of the compression levels and the addressingcapability. Then, the combination parameters are given in Table IV.

The experiment results showed that the parameter m can take any value in the set f3; 4; 5;6; 7; 8g; since these values satisfy the previous conditions for the parameter n in the set f5; 6; 7;8; . . . ; 1012g and these conditions are given in (23) and (24).

For example, the design criterion will be applied on the HCs in Equations (52) and (53) whichhave been studied in Reference [14] and are very suitable for cryptography [15].

c3 : v2 þ uv ¼ u5 þ u2 þ 1 ð52Þ

C4 : v2 þ ðu2 þ uþ 1Þ ¼ u5 þ u ð53Þ

where C3 is defined over the field GF(283) and C4 is defined over the field GF(297). The curve C3

has the parameters n ¼ 83; g ¼ 2; data block length 5n ¼ 415 ½bit�; K ¼ ð283Þ2 and

I ¼ 116 ½bit�

0

1000

2000

3000

4000

5000

6000

1,E+04 1,E+08 1,E+12 1,E+16 1,E+20 1,E+24 1,E+28 1,E+32 1,E+36

Time to break Key (MIPS year)

Key

Siz

e (b

its)

RSA

ECCHCC

Figure 4. Security levels for RSA, ECC and hyperelliptic curves cryptosystem.





Next, in the case of the code, a RSC must be selected according to the design criterion. Theparameter m can take any value in the set f3; 4; 5; 6; 7; 8g: The data compression and addressingcapability conditions are shown in Table V. The values m ¼ 3; 4; 5 satisfy the compressioncondition but they do not allow addressing all the reduced divisors of the Jacobian JðC3Þ:Besides, the values m ¼ 7; 8 do not satisfy the compression condition but they allow theaddressing of all the reduced divisors of the Jacobian JðC3Þ: Furthermore, the value m ¼ 6satisfies both conditions simultaneously. Finally, the RSC (63, 29) over the field GF(26) shouldbe chosen for the curve C3.

The same analysis can be performed for the curve C4 and the RSC (63, 33) over the fieldGF(26).

Figure 5 shows different compression levels versus the size of the operands in the HC. Theupper curve corresponds to the combination of a HC with the RSC (63, K) where K correspondsto the length of the message over a field GF(2m) with m ¼ 6: Observe that the range of the curvesis from 804n4183; the smallest curve corresponds to a HC over the field 280 and the biggestcorrespond to a HC over the field 2183. After that the RSC loses the addressing capability as wasexplained in Section 3 by Equations (23) and (24).

The middle curve can be analysed in two segments, the first one indicates that thecombination has no compression for curves with a field between 280 and 2183, while in the secondsegment the combination has data compression and addressing capability. Also observe that thecombination can be used with HCs over 2184 and 2200.

Table IV. Parameters of a combination.

Hyperelliptic curve Reed–Solomon code

Parameter Description Parameter Description

n represents the field GFð2nÞ m Represents the field GFð2mÞ

g ¼ 2 genus of the curve N ¼ 2m � 1 Codeword length [symbol]

5nn data block length [bit] Nm Codeword length [bit]

K ¼ #JðCÞ ¼ ð2nÞg order of de Jacobian K ¼ 2m � 1� 2T Message length [symbol]

I identifier number length [bit] Km Message length [bit]

N/A none correction capability T Symbol-error correcting capability

Table V. Data compression and addressing capability conditions for curve C3.

m K Km ½bit� N ¼ 2m � 1 Nm ½bit� Compressed bits

3 5 15 7 21 3944 13 52 15 60 3555 29 145 31 155 2606 29 174 63 378 377 25 175 127 889 �4748 21 21 255 2040 �1625


I. JIRON ET AL.824

The lower curve for m ¼ 8 has addressing capability but loses the data compression,indicating that such combination is not suitable for implementation at the data link layer.

Therefore, the best combination at the data link layer corresponds to m ¼ 6 between theboundaries 280 and 2183, the middle one is useless because the key size corresponds to ECC.Alternatively, a HC with field less than 80 can be implemented using a HC with insecure genusas was explained in Section 1.

The aim of this paper has not been related to the suitability of the proposed cryptographicsystem to the data link layer cryptography level using a Rician fading channel, since the RSCshave not been optimized for this environment. But the indoor 802.11 Wireless Local AreaNetwork (WLAN) environment can be approximated to an AWGN channel condition when thereceivers are well illuminated by the access point. The wired equivalent privacy (WEP)algorithm used in this case, constructed using RC4 [2] and cyclic redundancy code with 32 bits

-1700

-1500

-1300

-1100

-900

-700

-500

-300

-100

100

300

500

700

900

1100

1300

1500

1700

80 100 120 140 160 180 200

n

Com

pres

sed

bits

m = 6 m = 7 m = 8

Figure 5. Compression levels for a HC of genus g ¼ 2 over a field GF(2n) and a RSC over a GF(2m).



length of checksum (CRC-32) integrity check algorithm combination is extremely weak. Sincethe initialization vector used to generate the RC4 encryption is transmitted in clear and it is tooshort at 24 bits, and the CRC-32 is non-cryptographic. Moreover, the encryption anddecryption processes in RC4 are based in XOR bit to bit and it is vulnerable to the collectingtraffic and this collecting allows the original plain text discovery [10]. Therefore, the proposedsystem can be additionally used with advantage in the indoor 802.11 WLAN environment.

5.3. Comparison

The proposed system approaches the Shannon’s limit at 1.0 dB for a BER=10�5. Furthermore,an improvement of 1.7 dB for a BER=10�5 can be achieved when it is compared to the systemusing a combination of HC and linear block code (LBC) [18] since a RSC offers better

1,0E-06

1,0E-05

1,0E-04

1,0E-03

1,0E-02

1,0E-01

1,0E+00

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

SNR (dB)

BE

R

DCSK

LBC (14,11) without compression

Theorical curve for BPSK

LBC (10,8) without compression

LBC (10,8) with 1 compression bit

Shannon limit

RSC (7,3) with 3 compression bits.

RSC (7,3) without compression, adds 3 bits.

RSC (7,3) without compression, adds 9 bits.

Figure 6. Comparison curves of BER vs SNR for proposed system againstShannon limit, LBC, BPSK and DCSK.


I. JIRON ET AL.826

conditions for the data compression and the reduced divisor addressing. An improvement of8.0 dB for a BER=10�5 can be achieved when compared with a BPSK system because theproposed system has error correcting capability.

The proposed system is non-linear because the HCs are non-linear structures, whichare combined with a block code and the only place in the literature where non-linearstructures are combined is in DCSK communication systems [11]. An improvement of 16.5 dB ata BER=10�5 can be achieved when it is compared with a DCSK system. These resultsare shown in Figure 6 where there are three curves for RSC and three curves for LBC,which represent different data compression levels and addressing capabilities of thecombinations.

5.4. Complexity

Finally, in the proposed system, the operations in the Jacobian JðCÞ of a HC with genusg ¼ 2 in the field GF(2n) are more dominant than the operations in the field GF(2m) of theRSC (N,K) because the first operations are used in the data encryption and key generationand the second operation uses smaller operands since m5n: In fact, most of the time thesystem is performing an encryption operation over the Jacobian JðCÞ; with only one operationrelated to the encoding. Therefore, the system complexity is hardly dominated by the operationsin the Jacobian JðCÞ: For that reason the system has a polynomial complexity whichdepends on z and given by Oðz �Mð2ÞÞ; where z can be computed using the data lengthof Equation (27) and M(2) is the operations number in GF(2n) involve in the multiplicationof two polynomials of degree at most g ¼ 2: Please see Reference [19] for details on comple-xity issues.

6. CONCLUSIONS

A new cryptographic system has been constructed using a combination of a hyperelliptic curveC of genus two over the field GF(2n) and a Reed–Solomon code (N,K) over the field GF(2m)which uses smaller key size compared with ECC and RSA; therefore, the system security level isbetter than the security level of those cryptosystems.

In the constructed system, the cryptography and channel coding combination is implementedinto a single entity in the data link layer of the OSI model. For this combination the design criterionis based on data compression Equation (23) and on the reduced divisors addressing capability ofthe Reed–Solomon code given by Equation (24). Besides, the security of the constructedcryptographic system is guaranteed by the intractability of the discrete logarithm problem in theDH key exchange and ElGamal encryption algorithm over the hyperelliptic curve C.

This system approaches the Shannon’s limit in 1.0 dB at a BER=10�5. Furthermore, animprovement of 1.7 dB at a BER=10�5 can be achieved when it is compared with the systemusing the hyperelliptic curve and linear block code combination. In addition, an improvement of8.0 dB at a BER=10�5 can be achieved when it is compared with a BPSK system and animprovement of 16.5 dB at a BER=10�5 when it is compared with a DCSK system.

Finally, the proposed system has a polynomial complexity on z which is given by Oðz �Mð2ÞÞ;where data length is c ¼ z � n and M(2) represents the number of operations in GF(2n) requiredto multiply two polynomials of degree at most g ¼ 2:




APPENDIX A

Each non-zero element in the field GF(25) is given as a power ai where a is a generator of thisfield. For example,

a14 ¼ 1�a4 þ 1�a3 þ 1�a2 þ 0�a1 þ 1�a0

is equivalent to the 5-tuple (1, 1, 1, 0, 1). Table AI shows some elements of the field GF(25). Thezero element in GF(25) is represented by the zero 5-tuple (0, 0, 0, 0, 0) and it does not have arepresentation as a power ai. In that case, the zero element in GF(25) is substituted by thenumber �1 in the graphic representation of the points on a HC (see Figure 2).

Inequalities (A1) represent the Hasse–Weil theorem [12], which is used to estimate the orderof the Jacobian denoted by #JðCÞ on genus g51 HC C over a finite field F.

ðffiffiffiq

p� 1Þ2g4#JðCÞ4ð

ffiffiffiq

pþ 1Þ2g ðA1Þ

where q ¼ #F ; and represent the cardinality of the field F.It is accepted that for most cryptographic applications based on elliptic curves or hyperelliptic

curves will need a group order of size at least q� 2160 [19]. Then, � 1 is negligible ininequalities (A1) and Formula (A2) is used for the calculating of #JðCÞ:

#JðCÞ � ðffiffiffiq

pÞ2g ¼ qg ðA2Þ

This approach avoids the zeta-function calculating of HC C over a finite field F [12] and thisfunction is given in Equation (A3)

ZðCÞ ¼ e

Pj51ð@jT

j=jÞ ðA3Þ

Table AI. Some elements belonging to the field GF(25).

ai 2 GFð25Þ

i a4 a3 a2 a1 a0

0 0 0 0 0 1

1 0 0 0 1 0

2 0 0 1 0 03 0 1 0 0 0

� � � � � � � � � � � � � � � � � �6 0 1 0 1 0

� � � � � � � � � � � � � � � � � �14 1 1 1 0 1

� � � � � � � � � � � � � � � � � �17 1 0 0 1 1

18 0 0 0 1 1� � � � � � � � � � � � � � � � � �29 0 1 0 0 1

30 1 0 0 1 0

�1 0 0 0 0 0


I. JIRON ET AL.828

where @j denotes number of points P ¼ ðx; yÞ on C whose components x and y are elements ofthe degree-j extension field of F. Next, for ð2nÞg � 2160 will be needed for hyperelliptic curves ofgenus g over GF(2n), for example the underlying field should have an order of approximately2160 with genus 1, 280 with genus 2 and 254 with genus 3.

ACKNOWLEDGEMENTS

The authors would like to thank FONDECYT (Project 1030149) and PBCT (Project ACT11) Chile fortheir financial support.

REFERENCES

1. Oliva R, Sterman JD, Giese M. Limits to growth in the new economy: exploring the ‘get big fast’ strategy ine-commerce. System Dynamics Review 2003; 19(12):83–117.

2. Schneier B. Applied Cryptography (2nd edn). Wiley: New York, 1996, ISBN 0-471-11709-9.3. Wetteroth D. OSI Reference Model for Telecommunications. McGraw-Hill Telecom Professional: New York; 2002,

ISBN 0-07-138041-8.4. IEEE Standard 802.11, available at http://grouper.ieee.org/groups/802/115. CWI contributes to crack RSA-576, available at http://www.cwi.nl/news/Latest News History/archief-LN-

2003.html6. Mathematicians From Around the World Collaborate to Solve Latest RSA Factoring Challenge, 28 April 2004,

available at http://physics.about.com/b/a/082018.htm7. Lenstra AK, Verheul ER. Selecting cryptographic key sizes. Journal of Cryptology 2001; 14(4):255–293.8. Adleman LM, Demarrais J, Huang M. A sub-exponential algorithm for discrete logarithm over the rational

subgroup of the Jacobians of large genus hyperelliptic curves over finite fields. Proceedings of ANTS1, Lecture Notesin Computer Science, vol. 877. Springer: Berlin, 1994; 28–40.

9. Theriault N. Index calculus attack for Hyperelliptic curves of small genus. Advances in Cryptology}ASIACRYPT2003. Lecture Notes in Computer Science, vol. 2894. Springer: Berlin, 2003; 75–92.

10. NISCC. Technical Note 04/02: The Security of 802.11 Wireless Networks, 2002. Available at http://www.niscc.gov.uk/niscc/docs/re-20020814-00479.pdf ?lang=en

11. Schimming T, Hasler M. Optimal detection of differential chaos shift keying. IEEE Transactions on Circuits andSystems I: Fundamental Theory And Applications 2000; 47(12):1712–1719.

12. Koblitz N. Algebraic Aspect of Cryptography. Algorithms and Computation in Mathematics. Springer: Berlin, 1998,ISBN 3-540-63446-0.

13. Bernard S. Digital Communications Fundamentals and Applications (2nd edn). Prentice-Hall, Inc.: Englewood Cliffs,NJ, 2001, ISBN 0130847887.

14. Lange T. Efficient arithmetic on genus 2 hyperelliptic curves over finite fields via explicit formulae. 15 December2003. Available at http://www.itsc.ruhr-uni-bochum.de/tanja

15. Pelzl J, Wollinger T, Guajardo J, Paar C. Hyperelliptic curve cryptosystems: closing the performance gap toelliptic curves (update). In Workshop on Cryptographic Hardware and Embedded Systems, CHES 2003,Walter CD, Koc CK, Paar C (eds), Lecture Notes in Computer Science, vol. 2779. Springer: Berlin, 2003;349–365.

16. Certicom. Current public-key cryptographic systems, October 2000. Available at http://www.ceticom.com/research/wecc2.html

17. Reed D. Applying the OSI seven layer network model to information security. SANS GIAC GSEC PracticalAssignment Version 1.4b Option One. SANS Institute 2003. Available at http://www.sans.org/rr/whitepapers/protocols/1309.php

18. Jiron I, Soto I, Carrasco RA. The combination of hyperelliptic curves and block codes for data encryption.Communication Systems, Networks and Digital Signal Processing, Presented at University of New Castle, 20–22 July2004, U.K.

19. Jacobson Jr M, Menezes A, Stein A. Hyperelliptic curves and cryptography. Available at: http://pages.cpsc.ucalgary.ca/�jacobs/publications.html



















AUTHORS’ BIOGRAPHIES

Ivan Jiron received his BSc Degree in Mathematic and MS in Science in Mathematicfrom Catolica del Norte University, in 1989 and 1993, respectively. From 1997 to1999 he studied computing engineer in the Santiago de Chile University. He iscurrently with the Universidad de Santiago de Chile as part-time lecturer of theIndustrial Engineering Department at Engineering Faculty; current research interestsinclude cryptography, coding theory, and object-oriented programming andmodelling.

Ismael Soto received his Superior Electrical Engineer from Santiago UniversityMEng from Universidad Tecnica Federico Santa Maria and PhD from StaffordshireUniversity U.K. He is currently with the Universidad de Santiago de Chile asAssociate Professor of the Industrial Engineering Department at EngineeringFaculty and part-time lecturer at the Department of Electrical Engineering,Universidad de Chile. Current research interests include optimization techniquesfor mobile communication infrastructure, e-business, cryptography and codingtheory.

Professor Rolando Carrasco received his BSc (Hons) from University of Santiago,Chile (1966–1969) and PhD from University of Newcastle upon Tyne (1977–1980)for work on implementing digital filters using several processors. This was followedby research into underwater data communications. He was awarded the IEEHeaviside Premium in 1982 for his work in multiprocessor systems. Between 1982and 1984 he was employed by Alfred Peters Limited, Sheffield (now Meditech) andcarried out research and development in signal processing associated with cochlearstimulation and response. He has been with Staffordshire University since 1984 andis now Professor of Mobile Communications at the University of Newcastle uponTyne. His principal research interests are digital signal processing algorithm for datacommunication systems, mobile and network communication systems, speechrecognition and processing.

Nestor Becerra received his BSc and MSc degrees from UNICAMP (Campinas StateUniversity), Sao Paulo, Brazil, and the PhD degree from the University ofEdinburgh, U.K., all of them in Electrical Engineering, in 1986, 1993 and 1998,respectively. In 1998 and 1999, he was a post-doc researcher at UNICAMP and afull-time professor at Mackenzie University in Sao Paulo, Brazil. From 2000 to 2002,he was an Assistant Professor at the Department of Electrical Engineering,Universidad de Chile, in Santiago, where he has set up the Speech Processing andTransmission Laboratory to study speech technology applications on the Internetand telephone line. Dr Becerra has been an Associate Professor since 2003. Hisresearch interests include speech processing, real time Internet protocols, QoS, andusability evaluation of interfaces.


I. JIRON ET AL.830

Hyperelliptic curves encryption combined with block codes for Gaussian channel

Documents

Transcript of Hyperelliptic curves encryption combined with block codes for Gaussian channel