Abstract
AbstractGiven a prime q and a negative discriminant D, the CM method constructs an elliptic curve E/Fq by obtaining a root of the Hilbert class polynomial HD(X) modulo q. We consider an approach based on a decomposition of the ring class field defined by HD, which we adapt to a CRT setting. This yields two algorithms, each of which obtains a root of HD mod q without necessarily computing any of its coefficients. Heuristically, our approach uses asymptotically less time and space than the standard CM method for almost all D. Under the GRH, and reasonable assumptions about the size of log q relative to ∣D∣, we achieve a space complexity of O((m+n)log q) bits, where mn=h(D) , which may be as small as O(∣D∣1/4 log q) . The practical efficiency of the algorithms is demonstrated using ∣D∣>1016 and q≈2256, and also ∣D∣>1015 and q≈233220. These examples are both an order of magnitude larger than the best previous results obtained with the CM method.
Subject
Computational Theory and Mathematics,General Mathematics
Reference46 articles.
1. Fast Decomposition of Polynomials with Known Galois Group
2. Factoring polynomials over large finite fields
3. [27] Granlund T. et al., GNU multiple precision arithmetic library, September 2010, version 5.0.1, available at http://gmplib.org/.
4. [16] Childs A. M. , Jao D. and Soukharev V. , Constructing elliptic curve isogenies in quantum subexponential time, Preprint, 2011, http://arxiv.org/abs/1012.4019v2.
Cited by
16 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献