Abstract. We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field Fq. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the second algorithm depends primarily on log |DE|, where DE is the discriminant of the order isomorphic to End(E). As a byproduct, our method yields a short certificate that may be used to verify that the endomorphism ring is as claimed. 1.

We present a new algorithm to compute the classical modular polynomial Φl in the rings Z[X, Y] and (Z/mZ)[X, Y], for a prime l and any positive integer m. Our approach uses the graph of l-isogenies to efficiently compute Φl mod p for many primes p of a suitable form, and then applies the Chinese Remainder Theorem (CRT). Under the Generalized Riemann Hypothesis (GRH), we achieve an expected running time of O(l3 (log l) 3 log log l), and compute Φl mod m using O(l2 (log l) 2 + l2 log m) space. We have used the new algorithm to compute Φl with l over 5000, and Φl mod m with l over 20000. We also consider several modular functions g for which Φ g l is smaller than Φl, allowing us to handle l over 60000.

Abstract. A pairing-friendly curve is a curve over a finite field whose Jacobian has small embedding degree with respect to a large prime-order subgroup. In this paper we construct pairing-friendly genus 2 curves over finite fields Fq whose Jacobians are ordinary and simple, but not absolutely simple. We show that constructing such curves is equivalent to constructing elliptic curves over Fq that become pairing-friendly over a finite extension of Fq. Our main proof technique is Weil restriction of elliptic curves. We describe adaptations of the Cocks-Pinch and Brezing-Weng methods that produce genus 2 curves with the desired properties. Our examples include a parametric family of genus 2 curves whose Jacobians have the smallest recorded ρ-value for simple, nonsupersingular abelian surfaces. 1.

Abstract. We apply the Cocks-Pinch method to obtain pairing-friendly composite order groups with prescribed embedding degree associated to ordinary elliptic curves, and we show that new security issues arise in the composite order setting. 1.

Modular polynomials are an important tool in many algorithms involving elliptic curves. In this article we investigate their generalization to the genus 2 case following pioneering work by Gaudry and Dupont. We prove various properties of these genus 2 modular polynomials and give an improved way to explicitly compute them.

Abstract. We adapt the CRTapproach to computing Hilbertclass polynomials to handle a wide range of class invariants. Forsuitable discriminantsD, this improves its performance by a large constant factor, more than 200 in the most favourable circumstances. This has enabled record-breaking constructions of elliptic curves via the CM method, including examples with |D |> 10 15. 1.

Some models of an algebraic curve C are better than others. In particular, low-degree models are useful: • practically, to locate points on C quickly; • theoretically, to prove upper bounds on the gonality of C. Given a defining equation F (r, s) = 0 for C, we seek a bilinear transformation that reduces the degree of F in one of its variables. Our motivating example is the modular curve X1(N), which parameterizes elliptic curves with a point of order N. A general method to obtain a defining equation F (r, s) = 0 for X1(N) (more precisely, the affine curve Y1(N)) is given in [4]. Roots of F may then be used to construct elliptic curves with a point of order N (over a finite field, say), an idea exploited in [6]. The efficiency of this construction depends critically on F, which is typically larger and of higher degree than necessary. We wish to construct an optimized equation f(x, y) = 0, together with an explicit birational map φ that relates the roots of f and F.

Abstract. We develop a new p-adic algorithm to compute the minimal polynomial of a class invariant. Our approach works for virtually any modular function yielding class invariants. The main algorithmic tool is modular polynomials, a concept which we generalize to functions of higher level. 1.

Abstract not found

Abstract. We describe a cache-friendly version of van der Hoeven’s truncated FFT and inverse truncated FFT, focusing on the case of ‘large ’ coefficients, such as those arising in the Schönhage–Strassen algorithm for multiplication in Z[x]. We describe two implementations and examine their performance. 1.