We present a space-efficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D | 1/2+ɛ log P) space and has an expected running time of O(|D | 1+ɛ). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D | as large as 1013 and h(D) up to 106. We apply these results to construct pairing-friendly elliptic curves of prime order, using the CM method.

Abstract. We present a very efficient algorithm to construct an elliptic curve E and a finite field F such that the order of the point group E(F) is a given prime number N. Heuristically, this algorithm only takes polynomial time e O((log N) 3), and it is so fast that it may profitably be used to tackle the related problem of finding elliptic curves with point groups of prime order of prescribed size. We also discuss the impact of the use of high level modular functions to reduce the run time by large constant factors and show that recent gonality bounds for modular curves imply limits on the time reduction that can be obtained. 1.

Abstract not found