Constructing elliptic curves of prime order

We present a very efficient algorithm to construct an elliptic curve E and a finite field F such that the order of the point group E(F) is a given prime number N. Heuristically, this algorithm only takes polynomial time Otilde((\log N)^3), and it is so fast that it may profitably be used to tackle the related problem of finding elliptic curves with point groups of prime order of prescribed size. We also discuss the impact of the use of high level modular functions to reduce the run time by large constant factors and show that recent gonality bounds for modular curves imply limits on the time reduction that can be obtained.Comment: 13 page

Constructing practical Fuzzy Extractors using QIM

Fuzzy extractors are a powerful tool to extract randomness from noisy data. A fuzzy extractor can extract randomness only if the source data is discrete while in practice source data is continuous. Using quantizers to transform continuous data into discrete data is a commonly used solution. However, as far as we know no study has been made of the effect of the quantization strategy on the performance of fuzzy extractors. We construct the encoding and the decoding function of a fuzzy extractor using quantization index modulation (QIM) and we express properties of this fuzzy extractor in terms of parameters of the used QIM. We present and analyze an optimal (in the sense of embedding rate) two dimensional construction. Our 6-hexagonal tiling construction offers ( log2 6 / 2-1) approx. 3 extra bits per dimension of the space compared to the known square quantization based fuzzy extractor

Examples of CM curves of genus two defined over the reflex field

In "Proving that a genus 2 curve has complex multiplication", van Wamelen lists 19 curves of genus two over $\mathbf{Q}$ with complex multiplication (CM). For each of the 19 curves, the CM-field turns out to be cyclic Galois over $\mathbf{Q}$. The generic case of non-Galois quartic CM-fields did not feature in this list, as the field of definition in that case always contains a real quadratic field, known as the real quadratic subfield of the reflex field. We extend van Wamelen's list to include curves of genus two defined over this real quadratic field. Our list therefore contains the smallest "generic" examples of CM curves of genus two. We explain our methods for obtaining this list, including a new height-reduction algorithm for arbitrary hyperelliptic curves over totally real number fields. Unlike Van Wamelen, we also give a proof of our list, which is made possible by our implementation of denominator bounds of Lauter and Viray for Igusa class polynomials.Comment: 31 pages; Updated some reference

Horizontal isogeny graphs of ordinary abelian varieties and the discrete logarithm problem

Fix an ordinary abelian variety defined over a finite field. The ideal class group of its endomorphism ring acts freely on the set of isogenous varieties with same endomorphism ring, by complex multiplication. Any subgroup of the class group, and generating set thereof, induces an isogeny graph on the orbit of the variety for this subgroup. We compute (under the Generalized Riemann Hypothesis) some bounds on the norms of prime ideals generating it, such that the associated graph has good expansion properties. We use these graphs, together with a recent algorithm of Dudeanu, Jetchev and Robert for computing explicit isogenies in genus 2, to prove random self-reducibility of the discrete logarithm problem within the subclasses of principally polarizable ordinary abelian surfaces with fixed endomorphism ring. In addition, we remove the heuristics in the complexity analysis of an algorithm of Galbraith for explicitly computing isogenies between two elliptic curves in the same isogeny class, and extend it to a more general setting including genus 2.Comment: 18 page

A Generic Approach to Searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio