Tabulation of cubic function fields via polynomial binary cubic forms

We present a method for tabulating all cubic function fields over $\mathbb{F}_q(t)$ whose discriminant $D$ has either odd degree or even degree and the leading coefficient of $-3D$ is a non-square in $\mathbb{F}_{q}^*$, up to a given bound $B$ on the degree of $D$. Our method is based on a generalization of Belabas' method for tabulating cubic number fields. The main theoretical ingredient is a generalization of a theorem of Davenport and Heilbronn to cubic function fields, along with a reduction theory for binary cubic forms that provides an efficient way to compute equivalence classes of binary cubic forms. The algorithm requires $O(B^4 q^B)$ field operations as $B \rightarrow \infty$. The algorithm, examples and numerical data for $q=5,7,11,13$ are included.Comment: 30 pages, minor typos corrected, extra table entries added, revamped complexity analysis of the algorithm. To appear in Mathematics of Computatio

Class number approximation in cubic function fields

We develop explicitly computable bounds for the order of the Jacobian of a cubic function field. We use approximations via truncated Euler products and thus derive effective methods of computing the order of the Jacobian of a cubic function field. Also, a detailed discussion of the zeta function of a cubic function field extension is included

Orienteering with One Endomorphism

In supersingular isogeny-based cryptography, the path-finding problem reduces to the endomorphism ring problem. Can path-finding be reduced to knowing just one endomorphism? It is known that a small endomorphism enables polynomial-time path-finding and endomorphism ring computation (Love-Boneh [36]). An endomorphism gives an explicit orientation of a supersingular elliptic curve. In this paper, we use the volcano structure of the oriented supersingular isogeny graph to take ascending/descending/horizontal steps on the graph and deduce path-finding algorithms to an initial curve. Each altitude of the volcano corresponds to a unique quadratic order, called the primitive order. We introduce a new hard problem of computing the primitive order given an arbitrary endomorphism on the curve, and we also provide a sub-exponential quantum algorithm for solving it. In concurrent work (Wesolowski [54]), it was shown that the endomorphism ring problem in the presence of one endomorphism with known primitive order reduces to a vectorization problem, implying path-finding algorithms. Our path-finding algorithms are more general in the sense that we don't assume the knowledge of the primitive order associated with the endomorphism.Comment: 40 pages, 1 figure; 3rd revision implements small corrections and expositional improvement

Orientations and cycles in supersingular isogeny graphs

The paper concerns several theoretical aspects of oriented supersingular $\ell$-isogeny volcanoes and their relationship to closed walks in the supersingular $\ell$-isogeny graph. Our main result is a bijection between the rims of the union of all oriented supersingular $\ell$-isogeny volcanoes over $\overline{\mathbb{F}}_p$ (up to conjugation of the orientations), and isogeny cycles (non-backtracking closed walks which are not powers of smaller walks) of the supersingular $\ell$-isogeny graph over $\overline{\mathbb{F}}_p$. The exact proof and statement of this bijection are made more intricate by special behaviours arising from extra automorphisms and the ramification of $p$ in certain quadratic orders. We use the bijection to count isogeny cycles of given length in the supersingular $\ell$-isogeny graph exactly as a sum of class numbers of these orders, and also give an explicit upper bound by estimating the class numbers