Computing endomorphism rings of abelian varieties of dimension two

Generalizing a method of Sutherland and the author for elliptic curves, we design a subexponential algorithm for computing the endomorphism rings of ordinary abelian varieties of dimension two over finite fields. Although its correctness and complexity analysis rest on several assumptions, we report on practical computations showing that it performs very well and can easily handle previously intractable cases.Comment: 14 pages, 2 figure

Evaluating Large Degree Isogenies between Elliptic Curves

An isogeny between elliptic curves is an algebraic morphism which is a group homomorphism. Many applications in cryptography require evaluating large degree isogenies between elliptic curves efficiently. For ordinary curves of the same endomorphism ring, the previous fastest algorithm known has a worst case running time which is exponential in the length of the input. In this thesis we solve this problem in subexponential time under reasonable heuristics. We give two versions of our algorithm, a slower version assuming GRH and a faster version assuming stronger heuristics. Our approach is based on factoring the ideal corresponding to the kernel of the isogeny, modulo principal ideals, into a product of smaller prime ideals for which the isogenies can be computed directly. Combined with previous work of Bostan et al., our algorithm yields equations for large degree isogenies in quasi-optimal time given only the starting curve and the kernel

On the evaluation of modular polynomials

We present two algorithms that, given a prime ell and an elliptic curve E/Fq, directly compute the polynomial Phi_ell(j(E),Y) in Fq[Y] whose roots are the j-invariants of the elliptic curves that are ell-isogenous to E. We do not assume that the modular polynomial Phi_ell(X,Y) is given. The algorithms may be adapted to handle other types of modular polynomials, and we consider applications to point counting and the computation of endomorphism rings. We demonstrate the practical efficiency of the algorithms by setting a new point-counting record, modulo a prime q with more than 5,000 decimal digits, and by evaluating a modular polynomial of level ell = 100,019.Comment: 19 pages, corrected a typo in equation (8) and added equation (9

Computing the endomorphism ring of an ordinary elliptic curve over a finite field

We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field F_q. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the second algorithm depends primarily on log |D_E|, where D_E is the discriminant of the order isomorphic to End(E). As a byproduct, our method yields a short certificate that may be used to verify that the endomorphism ring is as claimed.Comment: 16 pages (minor edits

A low-memory algorithm for finding short product representations in finite groups

We describe a space-efficient algorithm for solving a generalization of the subset sum problem in a finite group G, using a Pollard-rho approach. Given an element z and a sequence of elements S, our algorithm attempts to find a subsequence of S whose product in G is equal to z. For a random sequence S of length d log_2 n, where n=#G and d >= 2 is a constant, we find that its expected running time is O(sqrt(n) log n) group operations (we give a rigorous proof for d > 4), and it only needs to store O(1) group elements. We consider applications to class groups of imaginary quadratic fields, and to finding isogenies between elliptic curves over a finite field.Comment: 12 page