On the distribution of Atkin and Elkies primes for reductions of elliptic curves on average

For an elliptic curve E/Q without complex multiplication we study the distribution of Atkin and Elkies primes l, on average, over all good reductions of E modulo primes p. We show that, under the Generalised Riemann Hypothesis, for almost all primes p there are enough small Elkies primes l to ensure that the Schoof-Elkies-Atkin point-counting algorithm runs in (log p)^(4+o(1)) expected time.Comment: 20 pages, to appear in LMS J. Comput. Mat

On the Distribution of Atkin and Elkies Primes

Given an elliptic curve E over a finite field F_q of q elements, we say that an odd prime ell not dividing q is an Elkies prime for E if t_E^2 - 4q is a square modulo ell, where t_E = q+1 - #E(F_q) and #E(F_q) is the number of F_q-rational points on E; otherwise ell is called an Atkin prime. We show that there are asymptotically the same number of Atkin and Elkies primes ell < L on average over all curves E over F_q, provided that L >= (log q)^e for any fixed e > 0 and a sufficiently large q. We use this result to design and analyse a fast algorithm to generate random elliptic curves with #E(F_p) prime, where p varies uniformly over primes in a given interval [x,2x].Comment: 17 pages, minor edit

The Counting function for Elkies primes

Let $E$ be an elliptic curve over a finite field $\mathbb{F}_q$ where $q$ is a prime power. The Schoof--Elkies--Atkin (SEA) algorithm is a standard method for counting the number of $\mathbb{F}_q$-points on $E$. The asymptotic complexity of the SEA algorithm depends on the distribution of the so-called Elkies primes. Assuming GRH, we prove that the least Elkies prime is bounded by $(2\log 4q+4)^2$ when $q\geq 10^9$. This is the first such explicit bound in the literature. Previously, Satoh and Galbraith established an upper bound of $O((\log q)^{2+\varepsilon})$. Let $N_E(X)$ denote the number of Elkies primes less than $X$. Assuming GRH, we also show $$ N_E(X)=\frac{\pi(X)}{2}+O\left(\frac{\sqrt{X}(\log qX)^2}{\log X}\right)\,. $

Computing cardinalities of Q-curve reductions over finite fields

We present a specialized point-counting algorithm for a class of elliptic curves over F\_{p^2} that includes reductions of quadratic Q-curves modulo inert primes and, more generally, any elliptic curve over F\_{p^2} with a low-degree isogeny to its Galois conjugate curve. These curves have interesting cryptographic applications. Our algorithm is a variant of the Schoof--Elkies--Atkin (SEA) algorithm, but with a new, lower-degree endomorphism in place of Frobenius. While it has the same asymptotic asymptotic complexity as SEA, our algorithm is much faster in practice.Comment: To appear in the proceedings of ANTS-XII. Added acknowledgement of Drew Sutherlan

On the evaluation of modular polynomials

We present two algorithms that, given a prime ell and an elliptic curve E/Fq, directly compute the polynomial Phi_ell(j(E),Y) in Fq[Y] whose roots are the j-invariants of the elliptic curves that are ell-isogenous to E. We do not assume that the modular polynomial Phi_ell(X,Y) is given. The algorithms may be adapted to handle other types of modular polynomials, and we consider applications to point counting and the computation of endomorphism rings. We demonstrate the practical efficiency of the algorithms by setting a new point-counting record, modulo a prime q with more than 5,000 decimal digits, and by evaluating a modular polynomial of level ell = 100,019.Comment: 19 pages, corrected a typo in equation (8) and added equation (9