Implementing the asymptotically fast version of the elliptic curve primality proving algorithm

The elliptic curve primality proving (ECPP) algorithm is one of the current fastest practical algorithms for proving the primality of large numbers. Its running time cannot be proven rigorously, but heuristic arguments show that it should run in time O ((log N)^5) to prove the primality of N. An asymptotically fast version of it, attributed to J. O. Shallit, runs in time O ((log N)^4). The aim of this article is to describe this version in more details, leading to actual implementations able to handle numbers with several thousands of decimal digits

Constructing elliptic curves of prime order

We present a very efficient algorithm to construct an elliptic curve E and a finite field F such that the order of the point group E(F) is a given prime number N. Heuristically, this algorithm only takes polynomial time Otilde((\log N)^3), and it is so fast that it may profitably be used to tackle the related problem of finding elliptic curves with point groups of prime order of prescribed size. We also discuss the impact of the use of high level modular functions to reduce the run time by large constant factors and show that recent gonality bounds for modular curves imply limits on the time reduction that can be obtained.Comment: 13 page

Deterministic elliptic curve primality proving for a special sequence of numbers

We give a deterministic algorithm that very quickly proves the primality or compositeness of the integers N in a certain sequence, using an elliptic curve E/Q with complex multiplication by the ring of integers of Q(sqrt(-7)). The algorithm uses O(log N) arithmetic operations in the ring Z/NZ, implying a bit complexity that is quasi-quadratic in log N. Notably, neither of the classical "N-1" or "N+1" primality tests apply to the integers in our sequence. We discuss how this algorithm may be applied, in combination with sieving techniques, to efficiently search for very large primes. This has allowed us to prove the primality of several integers with more than 100,000 decimal digits, the largest of which has more than a million bits in its binary representation. At the time it was found, it was the largest proven prime N for which no significant partial factorization of N-1 or N+1 is known.Comment: 16 pages, corrected a minor sign error in 5.

Edwards curves and CM curves

Edwards curves are a particular form of elliptic curves that admit a fast, unified and complete addition law. Relations between Edwards curves and Montgomery curves have already been described. Our work takes the view of parameterizing elliptic curves given by their j-invariant, a problematic that arises from using curves with complex multiplication, for instance. We add to the catalogue the links with Kubert parameterizations of X0(2) and X0(4). We classify CM curves that admit an Edwards or Montgomery form over a finite field, and justify the use of isogenous curves when needed