Reconstructing points of superelliptic curves over a prime finite field

Abstract

<p style='text-indent:20px;'>Let <inline-formula><tex-math id="M1">\begin{document}$ p $\end{document}</tex-math></inline-formula> be a prime and <inline-formula><tex-math id="M2">\begin{document}$ \mathbb{F}_p $\end{document}</tex-math></inline-formula> the finite field with <inline-formula><tex-math id="M3">\begin{document}$ p $\end{document}</tex-math></inline-formula> elements. We show how, when given an superelliptic curve <inline-formula><tex-math id="M4">\begin{document}$ Y^n+f(X) \in \mathbb{F}_p[X,Y] $\end{document}</tex-math></inline-formula> and an approximation to <inline-formula><tex-math id="M5">\begin{document}$ (v_0,v_1) \in \mathbb{F}_p^2 $\end{document}</tex-math></inline-formula> such that <inline-formula><tex-math id="M6">\begin{document}$ v_1^n = -f(v_0) $\end{document}</tex-math></inline-formula>, one can recover <inline-formula><tex-math id="M7">\begin{document}$ (v_0,v_1) $\end{document}</tex-math></inline-formula> efficiently, if the approximation is good enough. As consequence we provide an upper bound on the number of roots of such bivariate polynomials where the roots have certain restrictions. The results has been motivated by the predictability problem for non-linear pseudorandom number generators and, other potential applications to cryptography.</p>