Index calculus attack for Jacobian of hyperelliptic curves of small genus using two large primes

This paper introduces a fast algorithm for solving the DLP of Jacobian of hyperelliptic curve of small genus. To solve the DLP, Gaudry first shows that the idea of index calculus is effective, if a subset of the points of the hyperelliptic curve of the base field is taken by the smooth elements of index calculus. In an index calculus theory, a special element (in our case it is the point of hyperelliptic curve), which is not a smooth element, is called a large prime. A divisor, written by the sum of several smooth elements and one large prime, is called an almost smooth divisor. By the use of the almost smooth divisor, Thériault improved this index calculus. In this paper, a divisor, written by the sum of several smooth elements and two large primes, is called a 2-almost smooth divisor. By use of the 2-almost smooth divisor, we are able to give more improvements. The algorithm of this attack consists of the following seven parts: 1) Preparing, 2) Collecting reduced divisors, 3) Making sufficiently large sets of almost smooth divisors, 4) Making sufficiently large sets of smooth divisors, 5) Solving the linear algebra, 6) Finding a relation of collected reduced divisors, and 7) Computing a discreet logarithm. Parts 3) and 4) need complicated eliminations of the large prime, which is the key idea presented within this paper. Before the tasks in these parts are completed, two sub-algorithms for the eliminations of the large prime have been prepared. To explain how this process works, we prove the probability that this algorithm does not work to be negligible, and we present the expected complexity and the expected storage of the attack.