Skip to main content Accessibility help
×
Home

Explicit isogenies in quadratic time in any characteristic

  • Luca De Feo (a1), Cyril Hugounenq (a2), Jérôme Plût (a3) and Éric Schost (a4)

Abstract

Consider two ordinary elliptic curves $E,E^{\prime }$ defined over a finite field $\mathbb{F}_{q}$ , and suppose that there exists an isogeny $\unicode[STIX]{x1D713}$ between $E$ and $E^{\prime }$ . We propose an algorithm that determines $\unicode[STIX]{x1D713}$ from the knowledge of $E$ , $E^{\prime }$ and of its degree $r$ , by using the structure of the $\ell$ -torsion of the curves (where  $\ell$  is a prime different from the characteristic  $p$ of the base field). Our approach is inspired by a previous algorithm due to Couveignes, which involved computations using the $p$ -torsion on the curves. The most refined version of that algorithm, due to De Feo, has a complexity of  $\tilde{O} (r^{2})p^{O(1)}$ base field operations. On the other hand, the cost of our algorithm is $\tilde{O} (r^{2})\log (q)^{O(1)}$ , for a large class of inputs; this makes it an interesting alternative for the medium- and large-characteristic cases.

    • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      Explicit isogenies in quadratic time in any characteristic
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      Explicit isogenies in quadratic time in any characteristic
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      Explicit isogenies in quadratic time in any characteristic
      Available formats
      ×

Copyright

References

Hide All
1. Atkin, A. O. L., ‘The number of points on an elliptic curve modulo a prime’, mail to the nmbrthry mailing list, 1988.
2. Atkin, A. O. L., ‘The number of points on an elliptic curve modulo a prime’, mail to the nmbrthry mailing list, 1991.
3. Bostan, A., Morain, F., Salvy, B. and Schost, É., ‘Fast algorithms for computing isogenies between elliptic curves’, Math. Comp. 77 (2008) no. 263, 17551778.
4. Bröker, R., Lauter, K. and Sutherland, A., ‘Modular polynomials via isogeny volcanoes’, Math. Comp. 81 (2012) no. 278, 12011231.
5. Charlap, L. S., Coley, R. and Robbins, D. P., ‘Enumeration of rational points on elliptic curves over finite fields’, Preprint, 1991.
6. Charles, D. X., Lauter, K. E. and Goren, E. Z., ‘Cryptographic hash functions from expander graphs’, J. Cryptology 22 (2009) no. 1, 93113.
7. Couveignes, J.-M., ‘Quelques calculs en théorie des nombres’, PhD Thesis, Université de Bordeaux, 1994.
8. Couveignes, J.-M., ‘Computing l-Isogenies using the p-torsion’, ANTS-II: Proceedings of the Second International Symposium on Algorithmic Number Theory (Springer, London, 1996) 5965.
9. Couveignes, J.-M., ‘Isomorphisms between Artin–Schreier towers’, Math. Comp. 69 (2000) no. 232, 16251631.
10. De Feo, L., ‘Fast algorithms for computing isogenies between ordinary elliptic curves in small characteristic’, J. Number Theory 131 (2011) no. 5, 873893.
11. De Feo, L., Doliskani, J. and Schost, É., ‘Fast algorithms for -adic towers over finite fields’, ISSAC’13: Proceedings of the 2013 International Symposium on Symbolic and Algebraic Computation (ACM, New York, 2013) 165172.
12. De Feo, L., Jao, D. and Plût, J., ‘Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies’, J. Math. Cryptol. 8 (2014) no. 3, 209247.
13. De Feo, L. and Schost, É., ‘Fast arithmetics in Artin–Schreier towers over finite fields’, J. Symbolic Comput. 47 (2012) no. 7, 771792.
14. Doliskani, J. and Schost, É., ‘Computing in degree 2 k -extensions of finite fields of odd characteristic’, Des. Codes Cryptogr. 74 (2015) no. 3, 559569.
15. Elkies, N. D., ‘Elliptic and modular curves over finite fields and related computational issues’, Computational perspectives on number theory (Chicago, IL, 1995) , Studies in Advanced Mathematics 7 (AMS International Press, Providence, RI, 1998) 2176.
16. Enge, A. and Morain, F., ‘Fast decomposition of polynomials with known Galois group’, AAECC’03: Proceedings of the 15th International Conference on Applied Algebra, Algebraic Algorithms and Error-correcting Codes (Springer, Berlin, 2003) 254264.
17. Fouquet, M. and Morain, F., ‘Isogeny volcanoes and the SEA algorithm’, Algorithmic number theory (Sydney, 2002) , Lecture Notes in Computer Science 2369 (Springer, Berlin, 2002).
18. Gallant, R. P., Lambert, R. J. and Vanstone, S. A., ‘Faster point multiplication on elliptic curves with efficient endomorphisms’, CRYPTO ’01: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology (Springer, London, 2001) 190200.
19. Ionica, S. and Joux, A., ‘Pairing the volcano’, Math. Comp. 82 (2013) no. 281, 581603.
20. Jao, D. and Soukharev, V., ‘Isogeny-based quantum-resistant undeniable signatures’, Post-Quantum Cryptography: 6th International Workshop, PQCrypto 2014 (Springer International Publishing, Waterloo, ON, 2014) 160179.
21. Kaltofen, E. and Shoup, V., ‘Fast polynomial factorization over high algebraic extensions of finite fields’, ISSAC’97: Proceedings of the 1997 International Symposium on Symbolic and Algebraic Computation (ACM, New York, 1997) 184188.
22. Kohel, D., ‘Endomorphism rings of elliptic curves over finite fields’, PhD Thesis, University of California at Berkeley, 1996.
23. Lairez, P. and Vaccon, T., ‘On p-adic differential equations with separation of variables’, Proceedings of the ACM on International Symposium on Symbolic and Algebraic Computation, ISSAC’16 (ACM, New York, 2016) 319323.
24. Lercier, R. and Sirvent, T., ‘On Elkies subgroups of -torsion points in elliptic curves defined over a finite field’, J. Théor. Nombres Bordeaux 20 (2008) no. 3, 783797.
25. Longa, P. and Sica, F., ‘Four-dimensional Gallant–Lambert–Vanstone scalar multiplication’, J. Cryptology 27 (2014) no. 2, 248283.
26. Maurer, M., Menezes, A. and Teske, E., ‘Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree’, INDOCRYPT’01: Proceedings of the Second International Conference on Cryptology in India (Springer, Berlin, 2001) 195213.
27. Miret, J. M., Moreno, R., Rio, A. and Valls, M., ‘Determining the 2-sylow subgroup of an elliptic curve over a finite field’, Math. Comp. 74 (2005) no. 249, 411427.
28. The Sage Developers. ‘Sage Mathematics Software (version 7.1)’, 2016.
29. Schoof, R., ‘Elliptic curves over finite fields and the computation of square roots mod p ’, Math. Comp. 44 (1985) no. 170, 483494.
30. Schoof, R., ‘Counting points on elliptic curves over finite fields’, J. Théor. Nombres Bordeaux 7 (1995) no. 1, 219254.
31. Serre, J.-P., Cours d’arithmétique (Presses Universitaires de France, 1970).
32. Serre, J.-P., Arbres, amalgames, SL2 , Astérisque 46 (Société Mathématique de France, Paris, 1977).
33. Shparlinski, I. E. and Sutherland, A. V., ‘On the distribution of Atkin and Elkies primes’, Found. Comput. Math. 14 (2014) no. 2, 285297.
34. Silverman, J. H., The arithmetic of elliptic curves , Graduate Texts in Mathematics 106 (Springer, New York, 1992).
35. Stolbunov, A., ‘Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves’, Adv. Math. Commun. 4 (2010) no. 2, 215235.
36. Sutherland, A., ‘Isogeny volcanoes’, ANTS X: Proceedings of the Algorithmic Number Theory 10th International Symposium, vol. 1 (Mathematical Sciences Publishers, Berkerley, CA, 2013) 507530.
37. Sutherland, A., ‘On the evaluation of modular polynomials’, ANTS X: Proceedings of the Algorithmic Number Theory 10th International Symposium, vol. 1 (Mathematical Sciences Publishers, Berkerley, CA, 2013) 531555.
38. Tate, J., ‘Endomorphisms of abelian varieties over finite fields’, Invent. Math. 2 (1966) no. 2, 134144.
39. Teske, E., ‘An elliptic curve trapdoor system’, J. Cryptology 19 (2006) no. 1, 115133.
40. Vélu, J., ‘Isogénies entre courbes elliptiques’, C. R. Acad. Sci. Paris 273 (1971) 238241.
41. von zur Gathen, J. and Gerhard, J., Modern computer algebra (Cambridge University Press, New York, 1999).
42. von zur Gathen, J. and Shoup, V., ‘Computing Frobenius maps and factoring polynomials’, STOC ’92: Proceedings of the Twenty-Fourth Annual ACM Symposium on Theory of Computing (ACM, New York, 1992) 97105.
MathJax
MathJax is a JavaScript display engine for mathematics. For more information see http://www.mathjax.org.

MSC classification

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed