2012
DOI: 10.1515/jmc.2011.008
|View full text |Cite
|
Sign up to set email alerts
|

Computing endomorphism rings of elliptic curves under the GRH

Abstract: We design a probabilistic algorithm for computing endomorphism rings of ordinary elliptic curves defined over finite fields that we prove has a subexponential runtime in the size of the base field, assuming solely the generalized Riemann hypothesis.Additionally, we improve the asymptotic complexity of previously known, heuristic, subexponential methods by describing a faster isogeny-computing routine.

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
38
0

Year Published

2016
2016
2019
2019

Publication Types

Select...
5
2

Relationship

1
6

Authors

Journals

citations
Cited by 17 publications
(38 citation statements)
references
References 17 publications
0
38
0
Order By: Relevance
“…We begin by recalling a well-known fact about class groups. This map allows us to define the concept of a relation analogously to Bisson [3,4]. Note that we do not follow Bisson and Sutherland's definition of relation in [6] because we do not have the benefit of an easily computable modular polynomial.…”
Section: Class Group Relationsmentioning
confidence: 99%
“…We begin by recalling a well-known fact about class groups. This map allows us to define the concept of a relation analogously to Bisson [3,4]. Note that we do not follow Bisson and Sutherland's definition of relation in [6] because we do not have the benefit of an easily computable modular polynomial.…”
Section: Class Group Relationsmentioning
confidence: 99%
“…To treat the ordinary case, we rely on the algorithm in [8], which gives a GRHbased Las Vegas algorithm to compute the index u p of End(E p ) in the maximal order of the imaginary quadratic field End(E p ) ⊗ Q with expected running time…”
Section: Computing Frobenius Conjugacy Classesmentioning
confidence: 99%
“…The first is Schoof's algorithm [55,56], which computes the trace t ∈ Z of the Frobenius endomorphism in time polynomial in log q. The second is a Las Vegas algorithm to compute the endomorphism ring End(E p ) when E p is ordinary, due to Bisson and the author [8,9]; under the GRH its expected running time is subexponential in log q. It follows from a theorem of Duke and Tóth [25] that the pair (t, End(E p )) determines an integer matrix A p whose reduction modulo m lies in the conjugacy class ρ E,m (Frob p ) for every positive integer m. The third is Miller's algorithm to compute the Weil pairing [49], which we use to compute the rank of the -torsion subgroup of E p (F p ) in quasicubic time.…”
Section: Introductionmentioning
confidence: 99%
“…, b k of the lattice of relations between elements of B such that each b i ∈ Z k has entries with absolute value bounded by e (1+o(1)) log 1/3 |D| . We follow the approach of Bisson [2], which consists of rewriting relations between ideals of B and generators of Cl(O) with respect to short decompositions obtained from Corollary 2. For each invertible fractional ideal a, we define σ(a) ∈ Z k to be one of the vectors v with entries bounded by e -σ(g …”
Section: Existence Of Short Relationsmentioning
confidence: 99%