A Generic Approach to Searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio

Quasi-quadratic elliptic curve point counting using rigid cohomology

We present a deterministic algorithm that computes the zeta function of a nonsupersingular elliptic curve E over a finite field with p^n elements in time quasi-quadratic in n. An older algorithm having the same time complexity uses the canonical lift of E, whereas our algorithm uses rigid cohomology combined with a deformation approach. An implementation in small odd characteristic turns out to give very good results.Comment: 14 page

A p-adic quasi-quadratic point counting algorithm

In this article we give an algorithm for the computation of the number of rational points on the Jacobian variety of a generic ordinary hyperelliptic curve defined over a finite field of cardinality $q$ with time complexity $O(n^{2+o(1)})$ and space complexity $O(n^2)$, where $n=\log(q)$. In the latter complexity estimate the genus and the characteristic are assumed as fixed. Our algorithm forms a generalization of both, the AGM algorithm of J.-F. Mestre and the canonical lifting method of T. Satoh. We canonically lift a certain arithmetic invariant of the Jacobian of the hyperelliptic curve in terms of theta constants. The theta null values are computed with respect to a semi-canonical theta structure of level $2^\nu p$ where $\nu >0$ is an integer and p=\mathrm{char}(\F_q)>2. The results of this paper suggest a global positive answer to the question whether there exists a quasi-quadratic time algorithm for the computation of the number of rational points on a generic ordinary abelian variety defined over a finite field.Comment: 32 page

Computing Hilbert Class Polynomials

We present and analyze two algorithms for computing the Hilbert class polynomial $H_D$ . The first is a p-adic lifting algorithm for inert primes p in the order of discriminant D < 0. The second is an improved Chinese remainder algorithm which uses the class group action on CM-curves over finite fields. Our run time analysis gives tighter bounds for the complexity of all known algorithms for computing $H_D$, and we show that all methods have comparable run times