On isogeny classes of Edwards curves over finite fields

We count the number of isogeny classes of Edwards curves over finite fields, answering a question recently posed by Rezaeian and Shparlinski. We also show that each isogeny class contains a {\em complete} Edwards curve, and that an Edwards curve is isogenous to an {\em original} Edwards curve over \F_q if and only if its group order is divisible by 8 if $q \equiv -1 \pmod{4}$, and 16 if $q \equiv 1 \pmod{4}$. Furthermore, we give formulae for the proportion of d \in \F_q \setminus \{0,1\} for which the Edwards curve $E_d$ is complete or original, relative to the total number of $d$ in each isogeny class.Comment: 27 page

On the cyclicity of the rational points group of abelian varieties over finite fields

We propose a simple criterion to know if an abelian variety $A$ defined over a finite field $\mathbb{F}_q$ is cyclic, i.e., it has a cyclic group of rational points; this criterion is based on the endomorphism ring End$_{\mathbb{F}_q}(A)$. We also provide a criterion to know if an isogeny class is cyclic, i.e., all its varieties are cyclic; this criterion is based on the characteristic polynomial of the isogeny class. We find some asymptotic lower bounds on the fraction of cyclic $\mathbb{F}_q$-isogeny classes among certain families of them, when $q$ tends to infinity. Some of these bounds require an additional hypothesis. In the case of surfaces, we prove that this hypothesis is achieved and, over all $\mathbb{F}_q$-isogeny classes with endomorphism algebra being a field and where $q$ is an even power of a prime, we prove that the one with maximal number of rational points is cyclic and ordinary.Comment: 13 pages, this is a preliminary version, comments are welcom

On elliptic curves with an isogeny of degree 7

We show that if $E$ is an elliptic curve over $\mathbf{Q}$ with a $\mathbf{Q}$-rational isogeny of degree 7, then the image of the 7-adic Galois representation attached to $E$ is as large as allowed by the isogeny, except for the curves with complex multiplication by $\mathbf{Q}(\sqrt{-7})$. The analogous result with 7 replaced by a prime $p > 7$ was proved by the first author in [7]. The present case $p = 7$ has additional interesting complications. We show that any exceptions correspond to the rational points on a certain curve of genus 12. We then use the method of Chabauty to show that the exceptions are exactly the curves with complex multiplication. As a by-product of one of the key steps in our proof, we determine exactly when there exist elliptic curves over an arbitrary field $k$ of characteristic not 7 with a $k$-rational isogeny of degree 7 and a specified Galois action on the kernel of the isogeny, and we give a parametric description of such curves.Comment: The revision gives a complete answer to the question considered in Version 1. Version 3 will appear in the American Journal of Mathematic

Isogeny graphs of ordinary abelian varieties

Fix a prime number $\ell$. Graphs of isogenies of degree a power of $\ell$ are well-understood for elliptic curves, but not for higher-dimensional abelian varieties. We study the case of absolutely simple ordinary abelian varieties over a finite field. We analyse graphs of so-called $\mathfrak l$-isogenies, resolving that they are (almost) volcanoes in any dimension. Specializing to the case of principally polarizable abelian surfaces, we then exploit this structure to describe graphs of a particular class of isogenies known as $(\ell, \ell)$-isogenies: those whose kernels are maximal isotropic subgroups of the $\ell$-torsion for the Weil pairing. We use these two results to write an algorithm giving a path of computable isogenies from an arbitrary absolutely simple ordinary abelian surface towards one with maximal endomorphism ring, which has immediate consequences for the CM-method in genus 2, for computing explicit isogenies, and for the random self-reducibility of the discrete logarithm problem in genus 2 cryptography.Comment: 36 pages, 4 figure

Do All Elliptic Curves of the Same Order Have the Same Difficulty of Discrete Log?

The aim of this paper is to justify the common cryptographic practice of selecting elliptic curves using their order as the primary criterion. We can formalize this issue by asking whether the discrete log problem (DLOG) has the same difficulty for all curves over a given finite field with the same order. We prove that this is essentially true by showing polynomial time random reducibility of DLOG among such curves, assuming the Generalized Riemann Hypothesis (GRH). We do so by constructing certain expander graphs, similar to Ramanujan graphs, with elliptic curves as nodes and low degree isogenies as edges. The result is obtained from the rapid mixing of random walks on this graph. Our proof works only for curves with (nearly) the same endomorphism rings. Without this technical restriction such a DLOG equivalence might be false; however, in practice the restriction may be moot, because all known polynomial time techniques for constructing equal order curves produce only curves with nearly equal endomorphism rings.Comment: 26 pages, revised, to appear in Advances in Cryptology -- Asiacrypt 200

Abelian varieties isogenous to a power of an elliptic curve over a Galois extension

Given an elliptic curve $E/k$ and a Galois extension $k'/k$, we construct an exact functor from torsion-free modules over the endomorphism ring ${\rm End}(E_{k'})$ with a semilinear ${\rm Gal}(k'/k)$ action to abelian varieties over $k$ that are $k'$-isogenous to a power of $E$. As an application, we show that every elliptic curve with complex multiplication geometrically is isogenous over the ground field to one with complex multiplication by a maximal order.Comment: 6 pages, added reference

Modular Isogeny Complexes

We describe a vanishing result on the cohomology of a cochain complex associated to the moduli of chains of finite subgroup schemes on elliptic curves. These results have applications to algebraic topology, in particular to the study of power operations for Morava E-theory at height 2.Comment: Minor revisions for publicatio

Horizontal isogeny graphs of ordinary abelian varieties and the discrete logarithm problem

Fix an ordinary abelian variety defined over a finite field. The ideal class group of its endomorphism ring acts freely on the set of isogenous varieties with same endomorphism ring, by complex multiplication. Any subgroup of the class group, and generating set thereof, induces an isogeny graph on the orbit of the variety for this subgroup. We compute (under the Generalized Riemann Hypothesis) some bounds on the norms of prime ideals generating it, such that the associated graph has good expansion properties. We use these graphs, together with a recent algorithm of Dudeanu, Jetchev and Robert for computing explicit isogenies in genus 2, to prove random self-reducibility of the discrete logarithm problem within the subclasses of principally polarizable ordinary abelian surfaces with fixed endomorphism ring. In addition, we remove the heuristics in the complexity analysis of an algorithm of Galbraith for explicitly computing isogenies between two elliptic curves in the same isogeny class, and extend it to a more general setting including genus 2.Comment: 18 page