128 research outputs found
Computing endomorphism rings of abelian varieties of dimension two
Generalizing a method of Sutherland and the author for elliptic curves, we
design a subexponential algorithm for computing the endomorphism rings of
ordinary abelian varieties of dimension two over finite fields. Although its
correctness and complexity analysis rest on several assumptions, we report on
practical computations showing that it performs very well and can easily handle
previously intractable cases.Comment: 14 pages, 2 figure
Evaluating Large Degree Isogenies between Elliptic Curves
An isogeny between elliptic curves is an algebraic morphism which is a group homomorphism. Many applications in cryptography require evaluating large degree isogenies between elliptic curves efficiently. For ordinary curves of the same endomorphism ring, the previous fastest algorithm known has a worst case running time which is exponential in the length of the input. In this thesis we solve this problem in subexponential time under reasonable heuristics. We give two versions of our algorithm, a slower version assuming GRH and a faster version assuming stronger heuristics. Our approach is based on factoring the ideal corresponding to the kernel of the isogeny, modulo principal ideals, into a product of smaller prime ideals for which the isogenies can be computed directly. Combined with previous work of Bostan et al., our algorithm yields equations for large degree isogenies in quasi-optimal time given only the starting curve and the kernel
On the evaluation of modular polynomials
We present two algorithms that, given a prime ell and an elliptic curve E/Fq,
directly compute the polynomial Phi_ell(j(E),Y) in Fq[Y] whose roots are the
j-invariants of the elliptic curves that are ell-isogenous to E. We do not
assume that the modular polynomial Phi_ell(X,Y) is given. The algorithms may be
adapted to handle other types of modular polynomials, and we consider
applications to point counting and the computation of endomorphism rings. We
demonstrate the practical efficiency of the algorithms by setting a new
point-counting record, modulo a prime q with more than 5,000 decimal digits,
and by evaluating a modular polynomial of level ell = 100,019.Comment: 19 pages, corrected a typo in equation (8) and added equation (9
Computing the endomorphism ring of an ordinary elliptic curve over a finite field
We present two algorithms to compute the endomorphism ring of an ordinary
elliptic curve E defined over a finite field F_q. Under suitable heuristic
assumptions, both have subexponential complexity. We bound the complexity of
the first algorithm in terms of log q, while our bound for the second algorithm
depends primarily on log |D_E|, where D_E is the discriminant of the order
isomorphic to End(E). As a byproduct, our method yields a short certificate
that may be used to verify that the endomorphism ring is as claimed.Comment: 16 pages (minor edits
A low-memory algorithm for finding short product representations in finite groups
We describe a space-efficient algorithm for solving a generalization of the
subset sum problem in a finite group G, using a Pollard-rho approach. Given an
element z and a sequence of elements S, our algorithm attempts to find a
subsequence of S whose product in G is equal to z. For a random sequence S of
length d log_2 n, where n=#G and d >= 2 is a constant, we find that its
expected running time is O(sqrt(n) log n) group operations (we give a rigorous
proof for d > 4), and it only needs to store O(1) group elements. We consider
applications to class groups of imaginary quadratic fields, and to finding
isogenies between elliptic curves over a finite field.Comment: 12 page
- …