Results 1  10
of
73
Counting Points on Hyperelliptic Curves over Finite Fields
"... . We describe some algorithms for computing the cardinality of hyperelliptic curves and their Jacobians over finite fields. They include several methods for obtaining the result modulo small primes and prime powers, in particular an algorithm `a la Schoof for genus 2 using Cantor 's division pol ..."
Abstract

Cited by 59 (7 self)
 Add to MetaCart
. We describe some algorithms for computing the cardinality of hyperelliptic curves and their Jacobians over finite fields. They include several methods for obtaining the result modulo small primes and prime powers, in particular an algorithm `a la Schoof for genus 2 using Cantor 's division polynomials. These are combined with a birthday paradox algorithm to calculate the cardinality. Our methods are practical and we give actual results computed using our current implementation. The Jacobian groups we handle are larger than those previously reported in the literature. Introduction In recent years there has been a surge of interest in algorithmic aspects of curves. When presented with any curve, a natural task is to compute the number of points on it with coordinates in some finite field. When the finite field is large this is generally difficult to do. Ren'e Schoof gave a polynomial time algorithm for counting points on elliptic curves i.e., those of genus 1, in his ground...
Noisy Polynomial Interpolation and Noisy Chinese Remaindering
, 2000
"... Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange’s polynomial interpo ..."
Abstract

Cited by 41 (2 self)
 Add to MetaCart
Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange’s polynomial interpolation. This paper presents new algorithms to solve the noisy polynomial interpolation problem. In particular, we prove a reduction from noisy polynomial interpolation to the lattice shortest vector problem, when the parameters satisfy a certain condition that we make explicit. Standard lattice reduction techniques appear to solve many instances of the problem. It follows that noisy polynomial interpolation is much easier than expected. We therefore suggest simple modifications to several cryptographic schemes recently proposed, in order to change the intractability assumption. We also discuss analogous methods for the related noisy Chinese remaindering problem arising from the wellknown analogy between polynomials and integers. 1
Classical and modular approaches to exponential Diophantine equations I. Fibonacci and Lucas perfect powers
 Annals of Math
"... Abstract. This is the second in a series of papers where we combine the classical approach to exponential Diophantine equations (linear forms in logarithms, Thue equations, etc.) with a modular approach based on some of the ideas of the proof of Fermat’s Last Theorem. In this paper we use a general ..."
Abstract

Cited by 33 (13 self)
 Add to MetaCart
Abstract. This is the second in a series of papers where we combine the classical approach to exponential Diophantine equations (linear forms in logarithms, Thue equations, etc.) with a modular approach based on some of the ideas of the proof of Fermat’s Last Theorem. In this paper we use a general and powerful new lower bound for linear forms in three logarithms, together with a combination of classical, elementary and substantially improved modular methods to solve completely the LebesgueNagell equation for D in the range 1 ≤ D ≤ 100. x 2 + D = y n, x, y integers, n ≥ 3, 1.
Algorithms for computing isogenies between elliptic curves
 Math. Comp
, 2000
"... Abstract. The heart of the improvements by Elkies to Schoof’s algorithm for computing the cardinality of elliptic curves over a finite field is the ability to compute isogenies between curves. Elkies ’ approach is well suited for the case where the characteristic of the field is large. Couveignes sh ..."
Abstract

Cited by 31 (6 self)
 Add to MetaCart
Abstract. The heart of the improvements by Elkies to Schoof’s algorithm for computing the cardinality of elliptic curves over a finite field is the ability to compute isogenies between curves. Elkies ’ approach is well suited for the case where the characteristic of the field is large. Couveignes showed how to compute isogenies in small characteristic. The aim of this paper is to describe the first successful implementation of Couveignes’s algorithm. In particular, we describe the use of fast algorithms for performing incremental operations on series. We also insist on the particular case of the characteristic 2. 1.
Schoof's Algorithm and Isogeny Cycles
, 1994
"... . The heart of Schoof's algorithm for computing the cardinality m of an elliptic curve over a finite field is the computation of m modulo small primes `. Elkies and Atkin have designed practical improvements to the basic algorithm, that make use of "good" primes `. We show how to use powers of go ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
. The heart of Schoof's algorithm for computing the cardinality m of an elliptic curve over a finite field is the computation of m modulo small primes `. Elkies and Atkin have designed practical improvements to the basic algorithm, that make use of "good" primes `. We show how to use powers of good primes in an efficient way. This is done by computing isogenies between curves over the ground field. A new structure appears, called "isogeny cycle". We investigate some properties of this structure. 1 Introduction Let E be an elliptic curve over a primitive finite field F p where p is a large prime integer. (We are not dealing with the case of small characteristic here.) The curve is given by some equation E(X; Y ) = 0 in Weierstrass form E(X; Y ) = Y 2 \Gamma X 3 \Gamma AX \Gamma B so that a generic point on the curve is given by (X; Y ) mod E . Let m be the number of points of E. It is well known that m = p + 1 \Gamma t, with t an integer satisfying jtj ! 2 p p. If p is small...
Primality testing using elliptic curves
 Journal of the ACM
, 1999
"... Abstract. We present a primality proving algorithm—a probabilistic primality test that produces short certificates of primality on prime inputs. We prove that the test runs in expected polynomial time for all but a vanishingly small fraction of the primes. As a corollary, we obtain an algorithm for ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
Abstract. We present a primality proving algorithm—a probabilistic primality test that produces short certificates of primality on prime inputs. We prove that the test runs in expected polynomial time for all but a vanishingly small fraction of the primes. As a corollary, we obtain an algorithm for generating large certified primes with distribution statistically close to uniform. Under the conjecture that the gap between consecutive primes is bounded by some polynomial in their size, the test is shown to run in expected polynomial time for all primes, yielding a Las Vegas primality test. Our test is based on a new methodology for applying group theory to the problem of prime certification, and the application of this methodology using groups generated by elliptic curves over finite fields. We note that our methodology and methods have been subsequently used and improved upon, most notably in the primality proving algorithm of Adleman and Huang using hyperelliptic curves and
Counting points on varieties over finite fields of small characteristic
 ALGORITHMIC NUMBER THEORY
, 2008
"... ..."
Computing zeta functions of nondegenerate curves
 Intl. Math. Res. Notices
, 2007
"... We present a padic algorithm to compute the zeta function of a nondegenerate curve over a finite field using MonskyWashnitzer cohomology. The paper vastly generalizes previous work since in practice all known cases, for example, hyperelliptic, superelliptic, and Cab curves, can be transformed to f ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
We present a padic algorithm to compute the zeta function of a nondegenerate curve over a finite field using MonskyWashnitzer cohomology. The paper vastly generalizes previous work since in practice all known cases, for example, hyperelliptic, superelliptic, and Cab curves, can be transformed to fit the nondegenerate case. For curves with a fixed Newton polytope, the property of being nondegenerate is generic, so that the algorithm works for almost all curves with given Newton polytope. For a genus g curve over Fpn, the expected running time is � O(n3g6 + n2g6.5), whereas the space complexity amounts to �O(n 3g4), assuming p is fixed. 1
Computing the endomorphism ring of an ordinary elliptic curve over a finite field
 Journal of Number Theory
"... Abstract. We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field Fq. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the se ..."
Abstract

Cited by 15 (7 self)
 Add to MetaCart
Abstract. We present two algorithms to compute the endomorphism ring of an ordinary elliptic curve E defined over a finite field Fq. Under suitable heuristic assumptions, both have subexponential complexity. We bound the complexity of the first algorithm in terms of log q, while our bound for the second algorithm depends primarily on log DE, where DE is the discriminant of the order isomorphic to End(E). As a byproduct, our method yields a short certificate that may be used to verify that the endomorphism ring is as claimed. 1.
An extension of Satoh's algorithm and its implementation
 J. RAMANUJAN MATH. SOC
, 2000
"... We describe a fast algorithm for counting points on elliptic curves defined over finite fields of small characteristic, following Satoh. Our main contribution is an extension to characteristics two and three. We give a detailed description with the optimisations necessary for an efficient implementa ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
We describe a fast algorithm for counting points on elliptic curves defined over finite fields of small characteristic, following Satoh. Our main contribution is an extension to characteristics two and three. We give a detailed description with the optimisations necessary for an efficient implementation. Finally we give the number of points we have computed on a "random" curve defined over the field F q with q = 2 8009 .