A new implementation of Miura-Arita algorithm for Miura curves A. Basiri, S. Rahmany, D. Khatibi Abstract—The aim of this paper is to review some of standard fact on Miura curves. We give some easy theorem in number theory to define Miura curves, then we present a new implementation of Arita algorithm for Miura curves. Keywords—Miura curve, discrete logarithm problem, algebraic curve cryptography, Jacobian group. I. I NTRODUCTION T HE The goal of this paper is to describe a practical and efficient algorithm for computing in the Jacobian of a C A curves over a finite field. Authors in [6] proposed an algorithm to complete the arithmetic in in the base field for superelliptic curves, and the authors in [2], [7], generalise the algorithm to the class of C ab curves and in [3] generalise the algorithm to the class of C A curves, which includes superelliptic and C ab curves as a special case. Furthermore, in [4], [5], [1], for the case of C 34 curves, has presented some faster method to compute the addition of two point on the curve. II. NUMERICAL SEMIGROUP In this paper we denote by IN 0 , the set of all non negative integers numbers, so IN 0 is an additive semigroup. In addition we suppose that M be a proper sub semigroup of IN 0 such that 0 ∈ M =0. Theorem 1: There is an integer number t and there exist some members a 1 ,a 2 , ··· a t in M such that M = 〈a 1 ,a 2 , ··· ,a t 〉, a 1 <a 2 < ··· <a t ,t ≤ a 1 . In other words, M is a finitely generated semigroup in IN 0 . Proof: Since < is a well-ordering order in IN 0 , then there exists a minimal member, say a 1 , in M −{0}. On the other hand since M is a proper semigroup, then 1 = a 1 , so 1 <a 1 . Now let T 2 be the set of all members a ∈ M such that a ≡ 1 mod a 1 , so there are two cases: if T 2 is the empty set then M = 〈a 1 〉 and the proof is completed, else if T 2 = ∅ then the minimum of T 2 , denoted a 2 , exists. we then suppose T 3 be the set of all members a ∈ M such that a ≡ 2 mod a 1 , so if T 3 = ∅ then the minimum of T 3 , denoted a 3 , exists. Here suppose that the T 2 ,T 3 , ··· ,T l and the a 2 ,a 3 , ··· ,a l are chosen, we claim that M = 〈a 1 ,a 2 , ··· ,a t 〉. The inclusion M ⊇〈a 1 ,a 2 , ··· ,a t 〉 follow directly from the definition. Going the other way, note that, w ∈ M , by division algorithm, there exist q ∈ IN 0 and 0 ≤ r ≤ a 1 − 1 such that w = a 1 q + r. A. Basiri, S. Rahmany, D. khatibi : School of Mathematics and Computer Sciences, Damghan University of Basic Science , Damghan, Iran, e-mail: basiri,rahmany@dubs.ac.ir. Manuscript received October 31, 2009. Hence T r+1 is a non empty set and has a minimum denoted by a r+1 and so a r+1 = a 1 q ′ + r with q ′ ≤ q and so w = a 1 (q−q ′ )+a 1 q ′ +r = a 1 (q−q ′ )+a r+1 ∈〈a 1 ,a 2 , ··· ,a t 〉 Example 2: If M = {0, 7, 8, 14, 15, 16, 19, 21, 22, 23, ···} then a 1 =7, a 2 =8, a 3 = 16, a 4 = 24, a 5 = 25, a 6 = 19 and a 7 = 27. The following theorem express whenever the complement of any semigroup with identity of IN 0 is finite? Theorem 3: The set ¯ M = IN 0 − M is finite if and only if gcd(a 1 , a 2 , ··· , a t )=1, and in this case, | ¯ M | = ∑ a1−1 i=1 [ bi a1 ], where b i is the minimum amount of members a in M with a ≡ i mod a 1 . Proof: Firstly, suppose that ¯ M is a finite set, to have a contrast let there exists a prime number p such that p|a i for all 1 ≤ i ≤ t. We claim that for all non negative integer q, a 1 q +1 / ∈ M , if it is not the case then there exists q ∈ IN 0 such that a 1 q +1 ∈ M and so the T = {a 1 u+1 : u ∈ IN 0 ,a 1 u+1 ∈ M } is a non empty set and so has a minimum, denoted by a 2 . Hence there exists r ∈ IN 0 such that a 2 = a 1 r +1, but p|a 1 and p|a 2 , and this implies that p divides 1 and this contradicts the fact that p is a prime number. A consequence of all this is that the set {a 1 q +1: q ∈ IN 0 } is a subset of ¯ M and so ¯ M is infinite which contradicts the hypothesis. To get the opposite direction, let gcd(a 1 ,a 2 , ··· ,a t )=1. Note that for 0 ≤ i ≤ a 1 − 1, b i = min{λa 1 + i : λ ∈ IN 0 , λa 1 + i ∈ M } , let s = a 1 − 1, b i = w i a 1 + i and for 1 ≤ i ≤ s put A i = {i, a 1 + i, 2a 1 + i, ··· , (w i − 1)a 1 + i}, we claim that A 1 ,A 2 , ··· ,A s are a partition of ¯ M . We show first that for i = j , A i  A j = ∅, if this is not the case then there are r, r ′ such that ra 1 + i = r ′ a 1 + j ⇔ (r − r ′ )a 1 = j − i ⇔ a 1 |j − i, but 1 ≤ i, j ≤ s = a 1 − 1 <a 1 , hence j − i =0 which is a contradiction and so A i  A j = ∅. we now show that  s i=1 A i = ¯ M . To establish the desired equality, we use the usual strategy of proving containment in both directions. The inclusion  s i=1 A i ⊆ ¯ M follow directly from the fact that A i ⊆ ¯ M for all 1 ≤ i ≤ s. To get the opposite inclusion, suppose x ∈ ¯ M so there are λ ∈ IN 0 and 1 ≤ j ≤ s such that x = λa 1 + j . We claim that λ ≤ w j − 1 and this implies that x ∈ A j ⊆  s i=1 A i ⊆ ¯ M . If it is not the case, then w j ≤ λ, hence x =(w j +(λ − w j ))a 1 + j = b j +(λ − w j )a 1 ∈ M World Academy of Science, Engineering and Technology 62 2010 51