## Subtleties in the distribution of the numbers of points on elliptic curves over a finite prime field (1999)

Venue: | Journal of the London Mathematical Society |

Citations: | 4 - 1 self |

### BibTeX

@ARTICLE{Mckee99subtletiesin,

author = {James Mckee},

title = {Subtleties in the distribution of the numbers of points on elliptic curves over a finite prime field},

journal = {Journal of the London Mathematical Society},

year = {1999},

volume = {2},

pages = {448--460}

}

### OpenURL

### Abstract

Three questions concerning the distribution of the numbers of points on elliptic curves over a finite prime field are considered. First, the previously published bounds for the distribution are tightened slightly. Within these bounds, there are wild fluctuations in the distribution, and some heuristics are discussed (supported by numerical evidence) which suggest that numbers of points with no large prime divisors are unusually prevalent. Finally, allowing the prime field to vary while fixing the field of fractions of the endomorphism ring of the curve, the order of magnitude of the average order of the number of divisors of the number of points is determined, subject to assumptions about primes in quadratic progressions. There are implications for factoring integers by Lenstra’s elliptic curve method. The heuristics suggest that (i) the subtleties in the distribution actually favour the elliptic curve method, and (ii) this gain is transient, dying away as the factors to be found tend to infinity. 1.

### Citations

208 |
Speeding the Pollard and elliptic curve methods of factorization
- Montgomery
- 1987
(Show Context)
Citation Context ...g classical result. Theorem 1 (see [2]). With notation as abo�e, the probability that N(a,b) equals p�1�t gi�en 4a��27b��0 is H(∆)�2p. For a full description of the elliptic curve method, see [7] and =-=[10]-=-. The aim is to factor a composite integer n (where we may assume that n is not divisible by either 2 or 3). First, one fixes smoothness parameters B � and B � . Then one chooses an elliptic curve, E,... |

150 |
Some Problems of ’Partitio Numerorum.’ III. On the Expression of a Number as a Sum of Primes
- Hardy, Littlewood
- 1923
(Show Context)
Citation Context ...n��∆�4 if∆iseven, n��n�(1�∆)�4 if∆isodd. The difficulty is that we do not even know if there are infinitely many primes of the form Q ∆(n), although Hardy and Littlewood give a conjectured density in =-=[4]-=-. To proceed, we shall have to assume infinitely many primes in such progressions, and a little more besides. Observe that if p�Q ∆(n), then p�1��t��Q ∆(n�1) and p�1��t��Q ∆(n�1). Thus for fixed ∆, th... |

70 |
Introduction to analytic number theory. Undergraduate Texts in Mathematics
- Apostol
- 1976
(Show Context)
Citation Context ...2. Factoring with elliptic cur�es Let p be a prime greater than 3. Any elliptic curve over the field with p elements, � , is isomorphic to one defined affinely by a Weierstrass equation p y��x��ax�b, =-=(1)-=- where a, b�� p ,4a��27b��0. Apart from classes with j-invariant either 0 or 1728, every isomorphism class is represented the same number of times as a and b range through � p . Indeed, the number of ... |

43 |
An FFT extension of the elliptic curve method of factorization
- Montgomery
- 1992
(Show Context)
Citation Context ...done in [8], assuming that the contributions from different factors are independent, and one still predicts that P � �P � �1asp��. An alternative approach is based on an observation of Montgomery (in =-=[11]-=-), proved by Howe ([6], extending a result of Lenstra in [7]), that the probability that small m divides p�1�t is a little larger than 1�m. One then has the heuristic argument that numbers divisible b... |

29 |
How the number of points of an elliptic curve over a fixed prime field varies
- Birch
- 1968
(Show Context)
Citation Context ...text indicates otherwise, (m,n) will denote the greatest common divisor of m and n. Received 8 January 1996; revised 8 August 1996. 1991 Mathematics Subject Classification 11Y05. J. London Math. Soc. =-=(2)-=- 59 (1999) 448–460snumbers of points on elliptic curves 449 2. Factoring with elliptic cur�es Let p be a prime greater than 3. Any elliptic curve over the field with p elements, � , is isomorphic to o... |

24 |
On integers free of large prime factors
- ldebrand, Tenenbaum
- 1986
(Show Context)
Citation Context ...uristics suggest that P � �P � �1. To quantify the gain, we need an estimate for the probability that a small prime q divides a B-smooth number. This is given by a theorem of Hildebrand and Tenenbaum =-=[5]-=-, and here we have some bad news. If loglogp�logB�0 asp��, then the probability that q divides a B-smooth number below p tends to 1�q as p��. In the elliptic curve method, the smoothness parameters gr... |

21 |
Lenstra Jr. Factoring integers with elliptic curves
- W
- 1987
(Show Context)
Citation Context ...following classical result. Theorem 1 (see [2]). With notation as abo�e, the probability that N(a,b) equals p�1�t gi�en 4a��27b��0 is H(∆)�2p. For a full description of the elliptic curve method, see =-=[7]-=- and [10]. The aim is to factor a composite integer n (where we may assume that n is not divisible by either 2 or 3). First, one fixes smoothness parameters B � and B � . Then one chooses an elliptic ... |

17 |
On the group orders of elliptic curves over finite fields
- Howe
- 1993
(Show Context)
Citation Context ...hat the contributions from different factors are independent, and one still predicts that P � �P � �1asp��. An alternative approach is based on an observation of Montgomery (in [11]), proved by Howe (=-=[6]-=-, extending a result of Lenstra in [7]), that the probability that small m divides p�1�t is a little larger than 1�m. One then has the heuristic argument that numbers divisible by any given m are more... |

5 |
A note on the number of divisors of quadratic polynomials
- McKee
- 1997
(Show Context)
Citation Context ...k,�−∆ )=� ρ(k)�k, (15) which will finally be fed into (12) to establish the lower bound. We start, then, with an estimate for (13) (where d is an odd, square-free divisor of 1�∆), adapting a proof in =-=[9]-=-. Let (a,b,c) denote the binary quadratic form ax��bxy�cy�. For elementary results concerning such forms, see [3]. let R(a, b, c; n) denote the number of proper representations of n by (a,b,c), that i... |

1 |
The higher arithmetic (Cambridge
- Davenport
- 1992
(Show Context)
Citation Context ...estimate for (13) (where d is an odd, square-free divisor of 1�∆), adapting a proof in [9]. Let (a,b,c) denote the binary quadratic form ax��bxy�cy�. For elementary results concerning such forms, see =-=[3]-=-. let R(a, b, c; n) denote the number of proper representations of n by (a,b,c), that is, the number of representations with (x,y)�1. Let w(a,b,c) denote the size of the automorphism group of (a,b,c).... |

1 |
Some elliptic curve algorithms
- McKee
- 1994
(Show Context)
Citation Context ...any such increase should be borne in mind when analysing the elliptic curve method. The numerical evidence given above indicates an increase for the two choices of p, B � and B � considered there. In =-=[8]-=-, more numerical evidence is given. There is also some discussion (joint work with Professor A. Granville) of the asymptotic behaviour, with the simplification of using a single smoothness bound B and... |

1 |
The arithmetic of elliptic cur�es, Graduate Texts
- Silverman
- 1986
(Show Context)
Citation Context ...of a particular curve E is (p�1)�w, where w is the number of automorphisms of E. Let N(a,b) denote the number of points on the curve defined by (1). Writing N(a,b)�p�1�t, it is well known (Hasse, see =-=[12]-=-) that �t��2�p, so that if we write ∆�t��4p,then∆�0.LetH(∆)betheKronecker�Hurwitzclassnumber,whichcounts all reduced binary quadratic forms with discriminant ∆, but counts those proportional to x��y� ... |