Encoding points on hyperelliptic curves over finite fields in deterministic polynomial time

We present families of (hyper)elliptic curve which admit an efficient deterministic encoding function.

💡 Research Summary

The paper addresses the longstanding problem of efficiently mapping arbitrary data to points on hyperelliptic curves defined over finite fields, a task commonly referred to as “hash‑to‑curve”. While many existing constructions (e.g., Icart’s map for elliptic curves, the Shallue‑van de Woestijne‑Ulas (SvDWU) family, or the recent IETF hash‑to‑curve draft) either rely on probabilistic retries or are limited to very specific curve families, this work introduces deterministic polynomial‑time encodings for several broad families of hyperelliptic curves.

The authors begin by formalising the encoding problem: given a finite field 𝔽_q and a hyperelliptic curve C : y² = f(x) with deg f = 2g + 1 (or 2g + 2), construct a function E : 𝔽_q → C(𝔽_q) that is efficiently computable, injective (or at least surjective onto a large subset), and whose output distribution is statistically close to uniform when the input is uniformly random. They then present three main families of curves for which such an encoding can be built.

1. Cubic hyperelliptic curves (g = 1, i.e., elliptic curves) – By adapting Icart’s construction, the authors define a linear preprocessing step h ↦ t = α·h + β, followed by explicit polynomial formulas x = t² + c and y = t³ + d·t + e, where the constants α,β,c,d,e are derived from the curve coefficients a and b. The mapping is shown to be total (defined for every field element) and invertible via low‑degree polynomials.

2. Quintic hyperelliptic curves (g = 2, deg f = 5) – The paper’s most original contribution lies here. The authors discover a rational parametrisation of the form

   \