Efficient CM-constructions of elliptic curves over finite fields
HTML articles powered by AMS MathViewer
- by Reinier Bröker and Peter Stevenhagen PDF
- Math. Comp. 76 (2007), 2161-2179 Request permission
Abstract:
We present an algorithm that, on input of an integer $N\ge 1$ together with its prime factorization, constructs a finite field $\mathbf {F}$ and an elliptic curve $E$ over $\mathbf {F}$ for which $E({\mathbf {F} })$ has order $N$. Although it is unproved that this can be done for all $N$, a heuristic analysis shows that the algorithm has an expected run time that is polynomial in $2^{\omega (N)}\log N$, where $\omega (N)$ is the number of distinct prime factors of $N$. In the cryptographically relevant case where $N$ is prime, an expected run time $O((\log N)^{4+\varepsilon })$ can be achieved. We illustrate the efficiency of the algorithm by constructing elliptic curves with point groups of order $N=10^{2004}$ and $N=\text {nextprime}(10^{2004})=10^{2004}+4863$.References
- Manindra Agrawal, Neeraj Kayal, and Nitin Saxena, PRIMES is in P, Ann. of Math. (2) 160 (2004), no. 2, 781–793. MR 2123939, DOI 10.4007/annals.2004.160.781
- R. C. Baker, G. Harman, and J. Pintz, The difference between consecutive primes. II, Proc. London Math. Soc. (3) 83 (2001), no. 3, 532–562. MR 1851081, DOI 10.1112/plms/83.3.532
- D. Bernstein, Proving primality in essentially quartic random time, Math. Comp., to appear.
- R. Bröker, Constructing elliptic curves of prescribed order, Ph.D. Thesis, Universiteit Leiden, 2006. See www.math.leidenuniv.nl/scripties/Broker.pdf.
- Reinier Bröker and Peter Stevenhagen, Elliptic curves with a given number of points, Algorithmic number theory, Lecture Notes in Comput. Sci., vol. 3076, Springer, Berlin, 2004, pp. 117–131. MR 2137348, DOI 10.1007/978-3-540-24847-7_{8}
- J. Buhler, S. Wagon, Basic algorithms in number theory, Surveys in Algorithmic Number Theory, Cambridge University Press, 2006.
- Henri Cohen, A course in computational algebraic number theory, Graduate Texts in Mathematics, vol. 138, Springer-Verlag, Berlin, 1993. MR 1228206, DOI 10.1007/978-3-662-02945-9
- Jean-Marc Couveignes and Thierry Henocq, Action of modular correspondences around CM points, Algorithmic number theory (Sydney, 2002) Lecture Notes in Comput. Sci., vol. 2369, Springer, Berlin, 2002, pp. 234–243. MR 2041087, DOI 10.1007/3-540-45455-1_{1}9
- A. Enge, The complexity of class polynomial computations via floating point approximations, preprint, January 2006.
- Joachim von zur Gathen and Jürgen Gerhard, Modern computer algebra, Cambridge University Press, New York, 1999. MR 1689167
- Pierrick Gaudry, A comparison and a combination of SST and AGM algorithms for counting points of elliptic curves in characteristic 2, Advances in cryptology—ASIACRYPT 2002, Lecture Notes in Comput. Sci., vol. 2501, Springer, Berlin, 2002, pp. 311–327. MR 2087393, DOI 10.1007/3-540-36178-2_{2}0
- Alice Gee and Peter Stevenhagen, Generating class fields using Shimura reciprocity, Algorithmic number theory (Portland, OR, 1998) Lecture Notes in Comput. Sci., vol. 1423, Springer, Berlin, 1998, pp. 441–453. MR 1726092, DOI 10.1007/BFb0054883
- Aleksandar Ivić, The Riemann zeta-function, A Wiley-Interscience Publication, John Wiley & Sons, Inc., New York, 1985. The theory of the Riemann zeta-function with applications. MR 792089
- Kiran S. Kedlaya, Counting points on hyperelliptic curves using Monsky-Washnitzer cohomology, J. Ramanujan Math. Soc. 16 (2001), no. 4, 323–338. MR 1877805
- Elisavet Konstantinou, Yannis C. Stamatiou, and Christos Zaroliagis, On the construction of prime order elliptic curves, Progress in cryptology—INDOCRYPT 2003, Lecture Notes in Comput. Sci., vol. 2904, Springer, Berlin, 2003, pp. 309–322. MR 2092390, DOI 10.1007/978-3-540-24582-7_{2}3
- Georg-Johann Lay and Horst G. Zimmer, Constructing elliptic curves with given group order over large finite fields, Algorithmic number theory (Ithaca, NY, 1994) Lecture Notes in Comput. Sci., vol. 877, Springer, Berlin, 1994, pp. 250–263. MR 1322728, DOI 10.1007/3-540-58691-1_{6}4
- H. W. Lenstra Jr. and Carl Pomerance, A rigorous time bound for factoring integers, J. Amer. Math. Soc. 5 (1992), no. 3, 483–516. MR 1137100, DOI 10.1090/S0894-0347-1992-1137100-0
- H. W. Lenstra, C. Pomerance, Primality testing with Gaussian periods, To appear.
- P. Mihăilescu, R. M. Avanzi, Efficient ‘quasi’-deterministic primalisty test improving AKS, preprint (2003).
- F. Morain, Implementing the asymptotically fast version of the elliptic curve primality proving algorithm, preprint, arXiv:math.NT/0502097 (2005).
- Takakazu Satoh, The canonical lift of an ordinary elliptic curve over a finite field and its point counting, J. Ramanujan Math. Soc. 15 (2000), no. 4, 247–270. MR 1801221
- Erkay Savaş, Thomas A. Schmidt, and Çetin K. Koç, Generating elliptic curves of prime order, Cryptographic hardware and embedded systems—CHES 2001 (Paris), Lecture Notes in Comput. Sci., vol. 2162, Springer, Berlin, 2001, pp. 142–158. MR 1945401, DOI 10.1007/3-540-44709-1_{1}3
- Reinhard Schertz, Weber’s class invariants revisited, J. Théor. Nombres Bordeaux 14 (2002), no. 1, 325–343 (English, with English and French summaries). MR 1926005
- René Schoof, Elliptic curves over finite fields and the computation of square roots mod $p$, Math. Comp. 44 (1985), no. 170, 483–494. MR 777280, DOI 10.1090/S0025-5718-1985-0777280-6
- René Schoof, Counting points on elliptic curves over finite fields, J. Théor. Nombres Bordeaux 7 (1995), no. 1, 219–254. Les Dix-huitièmes Journées Arithmétiques (Bordeaux, 1993). MR 1413578
- Joseph H. Silverman, The arithmetic of elliptic curves, Graduate Texts in Mathematics, vol. 106, Springer-Verlag, New York, 1986. MR 817210, DOI 10.1007/978-1-4757-1920-8
- Peter Stevenhagen, Hilbert’s 12th problem, complex multiplication and Shimura reciprocity, Class field theory—its centenary and prospect (Tokyo, 1998) Adv. Stud. Pure Math., vol. 30, Math. Soc. Japan, Tokyo, 2001, pp. 161–176. MR 1846457, DOI 10.2969/aspm/03010161
- H. P. F. Swinnerton-Dyer, An application of computing to class field theory, Algebraic Number Theory (Proc. Instructional Conf., Brighton, 1965), Thompson, Washington, D.C., 1967, pp. 280–291. MR 0219514
Additional Information
- Reinier Bröker
- Affiliation: Mathematisch Instituut, Universiteit Leiden, Postbus 9512, 2300 RA Leiden, The Netherlands.
- Address at time of publication: Department of Mathematics and Statistics, University of Calgary, 2500 University Drive NW, Calgary, Alberta, Canada T2N 1N4
- MR Author ID: 759393
- Email: reinier@math.ucalgary.ca
- Peter Stevenhagen
- Affiliation: Mathematisch Instituut, Universiteit Leiden, Postbus 9512, 2300 RA Leiden, The Netherlands.
- MR Author ID: 167210
- Email: psh@math.leidenuniv.nl
- Received by editor(s): November 11, 2005
- Received by editor(s) in revised form: June 9, 2006
- Published electronically: May 3, 2007
- © Copyright 2007
American Mathematical Society
The copyright for this article reverts to public domain 28 years after publication. - Journal: Math. Comp. 76 (2007), 2161-2179
- MSC (2000): Primary 14H52; Secondary 11G15
- DOI: https://doi.org/10.1090/S0025-5718-07-01980-1
- MathSciNet review: 2336289