Bisection for genus 2 curves with a real model

Abstract

Integer multiplication in Jacobians of genus $2$ curves over a finite field $\mathbb{F}_q$ is a fundamental operation for hyperelliptic curve cryptography. Algorithmically, the result of this operation is given by the very well known algorithms of Cantor. One method to reverse duplication in these cases consists in associating, to every preimage of the desired doubled divisor defined over $\mathbb{F}_q$, a root in $\mathbb{F}_q$ of the so called bisection polynomial. We generalize this approach to genus $2$ curves with two points at infinity, both in even and odd characteristics. We attach a bisection polynomial to each possible type of Mumford coordinate, we show the factorization of these in terms of Galois orbits in the set of bisections, and we compare the efficiency of our approach versus brute-force adaptations of the existing methods to our setting.