M. Brown, D. Hankerson, J. L. , and A. Menezes, Software Implementation of the NIST Elliptic Curves Over Prime Fields, Topics in Cryptology -CT-RSA 2001, pp.250-265, 2001.
DOI : 10.1007/3-540-45353-9_19

D. G. Cantor, Computing in the Jacobian of a hyperelliptic curve, Mathematics of Computation, vol.48, issue.177, pp.95-101, 1987.
DOI : 10.1090/S0025-5718-1987-0866101-0

C. Clavier, B. Feix, G. Gagnerot, M. Roussellet, and V. Verneuil, Horizontal Correlation Analysis on Exponentiation, ICICS 2010, pp.46-61, 2010.
DOI : 10.1007/11554868_13
URL : https://hal.archives-ouvertes.fr/inria-00540384

H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange et al., Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman and Hall/CRC, 2005.

J. Coron, Resistance Against Differential Power Analysis For Elliptic Curve Cryptosystems, CHES, pp.292-302, 1999.
DOI : 10.1007/3-540-48059-5_25

C. Costello and K. E. Lauter, Group Law Computations on Jacobians of Hyperelliptic Curves, SAC 2011, pp.92-117, 2012.
DOI : 10.1109/TC.2005.109

S. Duquesne, Montgomery Scalar Multiplication for Genus 2 Curves, ANTS-VI, 2004.
DOI : 10.1007/978-3-540-24847-7_11
URL : https://hal.archives-ouvertes.fr/hal-00457826

X. Fan, T. J. Wollinger, and G. Gong, Efficient explicit formulae for genus 3 hyperelliptic curve cryptosystems, 2006.

P. Gaudry, Fast genus 2 arithmetic based on Theta functions, Journal of Mathematical Cryptology, vol.15, issue.3, pp.243-265, 2007.
DOI : 10.1090/S0025-5718-02-01422-9
URL : https://hal.archives-ouvertes.fr/inria-00000625

R. Harley, Fast arithmetic on genus 2 curves, source code and further explanations

H. Hisil and C. Costello, Jacobian Coordinates on Genus 2 Curves, ASIACRYPT 2014, pp.338-357, 2014.

M. Joye and M. Tunstall, Exponent Recoding and Regular Exponentiation Algorithms, AFRICACRYPT 2009, pp.334-349, 2009.
DOI : 10.1007/11554868_13

N. Koblitz, Elliptic curve cryptosystems Mathematics of computation, pp.203-209, 1987.

N. Koblitz, Hyperelliptic cryptosystems, Journal of Cryptology, vol.2, issue.4, pp.139-150, 1989.
DOI : 10.2140/pjm.1988.131.157

P. C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Advances in Cryptology -CRYPTO '96, pp.104-113, 1996.
DOI : 10.1007/3-540-68697-5_9

P. C. Kocher, J. Jaffe, and B. Jun, Differential Power Analysis, Advances in Cryptology, CRYPTO'99, pp.388-397, 1999.
DOI : 10.1007/3-540-48405-1_25

T. Lange, Efficient arithmetic on hyperelliptic curves, 2001.

T. Lange, Formulae for Arithmetic on Genus 2 Hyperelliptic Curves, Applicable Algebra in Engineering, Communication and Computing, vol.15, issue.5, pp.295-328, 2005.
DOI : 10.1007/s00200-004-0154-8

A. Langley, C25519 code, p.25519, 2008.

N. Meloni, New Point Addition Formulae for ECC Applications, WAIFI 2007, pp.189-201, 2007.
DOI : 10.1007/978-3-540-73074-3_15
URL : https://hal.archives-ouvertes.fr/lirmm-00188957

V. Miller, Use of Elliptic Curves in Cryptography, Crypto'85, 1985.
DOI : 10.1007/3-540-39799-X_31

P. Montgomery, Speeding the Pollard and elliptic curve methods of factorization, Mathematics of Computation, vol.48, issue.177, pp.243-264, 1987.
DOI : 10.1090/S0025-5718-1987-0866113-7

C. Negre and T. Plantard, Efficient regular modular exponentiation using multiplicative half-size splitting, Journal of Cryptographic Engineering, vol.49, issue.9, pp.245-253, 2017.
DOI : 10.1017/CBO9781139856065
URL : https://hal.archives-ouvertes.fr/hal-01185249

J. Nyukai, K. Matsuo, J. Chao, and S. Tsujii, On the resultat computation in the addition Harley algorithms on hyperelliptic curves, 2006.

D. Shanks, Five Number-theoretic Algorithms, Second Manitoba Conference on Numerical Mathematics, pp.51-70, 1973.

C. D. Walter, Sliding Windows Succumbs to Big Mac Attack, CHES 2001, pp.286-299, 2001.
DOI : 10.1007/3-540-44709-1_24

S. Weintraub, The Jacobi Symbol and a Method of Eisenstein For Calculating It, 2000.

Y. Wu, R. Zuccherat, and A. Menezes, An Elementary Introduction to Hyperelliptic Curves APPENDIX Validity of proposed expression for Add21Proj We prove that the formula in (3) leads to (U Algorithm 12 Add32Proj, pp.155-178, 1998.

, Cost = 14M+2S +13a tp0:=uu1 * z; tp1:=(tp0-u2) * uu0; a:=u0+tp1; tp1:=u2?2; tp2:=uu0 * z; tp3:=u0 * u2; tp4:=tp0?2;b:=-tp3+(-u1+tp2) *, pp.2-2

, tp5:=u1 * z; tp6:=u0 * z; tp7:=u1 * u2

. Delta, = (a * d-c * b)

, Cost = 9M+6a coeff1:=(vv0 * z-v0+uu0 * v2), pp.1-1

, L3 := (d * coeff1-b * coeff2); LL4 := (-c * coeff1+a * coeff2)

, L4 := LL4 * z

, Cost = 10M+8a zD:=z * Delta

, tp6-tp7) * L4+v1 * zD

, * tp9-tp10)+(-tp0-u2) * tp11)), p.2

, =L3?2 * z; tp14:=uu1 * u2, tp12:=LL4 * L2

T. , tp2+u1+tp14) * tp15 -Tuuu2 * (tp0+u2); uuu1:=Tuuu1 * z; z2:=z?2; tp19:=tp11 * z2, pp.2-12

, * (tp16+tp17)-tp18)

T. , (uu0 * u2+uu1 * u1+u0) * tp19+(tp2+u1+tp14) * uuu2)+(tp0+u2) * Tuuu1), p.0

, -tp16+Tuuu0) * tp15 + uuu1 * tp20

, -tp12+Tuuu1) * tp11 + Tuuu2 * tp20

L. Delta,

, DRAFT Algorithm 14 MixedAdd33Proj, 2018.

, UU22:=Z1 * U22; UU21:=Z1 * U21

, VV20:=Z1 * V20

, t8:=t2 * t6+t1 * t5; t9:=t2 * t4-t1 * t3

, Pseudo inverse S'=rS=(V2-V1)I mod U2------Cost = 10M+26a i2:=t9; i1 := t8; i0 := t7, pp.10-20

, t4:=t2 * i1; t5:=t1 * i0; t6:=t3 * i2, pp.22-28

, t9:=U20+U22 ; t10:=(t9 + U21) * (t8 -t6), pp.9-21

, =-(U20 * t8+t5); ss1:=(t4+t5-t7) -(t1+t2) * (i0+i1) + (t9-t10

, =(t6-t4-ss0) -(t1+t3) * (i0+i2) -(t9+t10

, =(ss0+ss2) * (U10+U12)-ss2 * U12-ss0 * U10+ss1 * U11

, (ss1+ss2) * (U12+U11)-ss1 * U11-ss2 * U12, pp.0-1

, Cost = 25M+27a ut3:=z4+w1-U22 * w2; t1:=ss1 * z4-(ss2 * ut3) * U22; ut2:=ss2 * (z3+w0-U21 * w2)+t1; t2:=(U22+U21) * (ss2 * ut3+ut2); t3:=(ss0 * z3-U21 * ut2), V12)+(ss0+ss1) * (z3+z4)-r * R-(t1+t2+t3+A * U20), pp.2-12

, ut0 :=ss2 * (t5+r * V11)+ss1 * (t4+r * V12)+t3+RR * U12-(ss2 * ut3) * U20-U22 * ut1

, Cost = 12M+8a t1, pp.3-4

, vt2 := t1 * ut2+w2 * (ss2 * t4-ut1), pp.1-3

, Cost = 22M+D+2S+10a t1:=2 * vt3, pp.4-5

, u30:=E * (w4 * f4-ut1 * Z1)-((vt2 * Z1)?2+u32 * (ut2 * Z1)

, u32:=u32 * w4; u31:=u31 * w2 ; Z3:=G * w4 * r; U32:=u32 * B; U31:=u31 * B, p.30

, Cost = 6M+3a V32:=G * vt2-u32 * vt3; V31:=G * vt1-u31 * vt3; V30:=G * vt0-u30 * vt3; return, DRAFT Algorithm 15 Doub33Proj, 2018.

, VV10:=Z1 * V10

, Cost = 17M+10a t1:=VV11-U12 * V12, pp.10-11

, (t1 * t7+V12 * t6)); i2:=t7;i1:=t6, p.5

, Cost = 7M+4D+3S+19a t1:=U12?2 * UU10+V12?2), pp.5-6

, z1:=UU12 * (2 * UU11-t3)+Z * t2

, z0:=f3 * Z?2+t1 * (t3-UU11)+UU12 * (2 * UU10-t2)+UU11 * (UU11-f5 * Z)-2 * VV12 * VV11

A. Ss, B. , C. , D. , E. et al., Cost = 19M+2S+28a t1:=i1 * z1; t2:=i0 * z0; t3:=i2 * z2; t4:=U12 * t3; t5:=(i1+Z1 * i2) * (z1+z2)-(t1+Z1 * t3+t4); t6:=U10 * t5; t7:=U10+U12; t8:=t7+U11, pp.7-11

, ss1:=Z1 * (t4-t1)+(i0+Z1 * i1) * (z0+z1)+(t11-t7), pp.2-2

, A:=ss2?2;B:=2 * r * ss2

, =(ss0+ss2) * (U10+U12)-ss2 * U12-ss0 * U10+ss1 * U11

, g3:=ss0 * Z1+(ss1+ss2) * (U12+U11)-ss1 * U11-ss2 * U12, pp.1-1

, Cost = 29M+2S+27a ut3:=2 * ss1, pp.1-2

, * r * Z1-ss2 * V12)+ss1 * VV12+ss2 * VV11), pp.3-4

, vt1:=t1 * ut1+Z1 * A * (g1+2 * r * V11)-ss2 * ut0; vt2:=t1 * ut2+A * (g2+2 * r * V12)-ss2 * ut1, pp.1-3

, u21:=D * (f5 * A-ut2) * t0-(u22 * ut3+t1 * vt2)

, u21:=u21 * ss2; u22:=u22 * A; t2:=2 * r * ss2?2; t3:=Z1 * t2, pp.1-3

, Z2:=t5 * t4; U22:=u22 * t4; U21:=u21 * t4, pp.20-23

, Cost = 9M+1S+3a V22:=(t5 * vt2-u22 * t6) * Z1; V21:=t5 * vt1-u21 * Z1 * t6; V20:=Z1 * t2?2 * vt0-u20 * t6; return, Cost = 120M+6D+13S+114a Algorithm 16 Add33Aff

, Cost = 15M+12a t0, pp.10-20

, Etape 3 ---pseudo inverse I i2:=t9; i1:=t8, p.7

, Cost = 10M+30a t1, pp.10-20

, =(t9-u21) * (t8+t6)

, =-(u20 * t8+t5), pp.4-5

, (r * ss2)?(-1); t2:=r * t1, Cost = 6M+S+1I t1:=, pp.1-2

, =(s0+s1) * (t1+u11); t3:=(s0-s1) * (t1-u11); t4:=u12 * s1, pp.10-10

, z3:=u11+s0+t4;z4:=u12+s1

, Cost = 13M+27a ut3, pp.4-5

, s0+s1) * (z4+z3)+wi * (2 * v12-wi)-(t1+t2+t3+u20, pp.0-3

, * (v11+s1 * v12)+wi * u12)-(u22 * ut1+u20 * ut3), pp.1-3

, Cost = 8M+11a t1:=ut3-z4; vt0:=w * (t1 * ut0+z0)+v10; vt1:=w * (t1 * ut1+z1-ut0)+v11, pp.1-2

, Cost = 5M+2S+11a t1:=2 * vt3, pp.3-3

, Total cost =I+ 64M+3S+109a, pp.2-32, 2018.