Fast computation of canonical lifts of elliptic curves and its application to point counting

  • Authors:

  • Takakazu Satoh;Berit Skjernaa;Yuichiro Taguchi

  • Affiliations:

  • Department of Mathematics, Faculty of Science, Saitama University, Urawa, Saitama 338-8570, Japan;Department of Mathematics, Aarhus University, Ny Munkegade, 8000 Aarhus C, Denmark;Graduate School of Mathematics, Kyushu University 33, Fukuoka 812-8581, Japan

  • Venue:
  • Finite Fields and Their Applications
  • Year:
  • 2003

Quantified Score

Hi-index 0.00

Visualization

Abstract

Let p be a fixed small prime. We give an algorithm with preprocessing to compute the j-invariant of the canonical lift of a given ordinary elliptic curve E/F"q (q=p^N, j(E)@?F"p"^"2) modulo p^N^/^2^+^O^(^1^) in O(N^2^@m^+^1^/^@m^+^1) bit operations (assuming the time complexity of multiplying two n-bit objects is O(n^@m)) using O(N^2) memory, not including preprocessing. This is faster than the algorithm of Vercauteren et al. [14] by a factor of N^@m^/^@m^+^1. Let K be the unramified extension field of degree N over Q"p. We also develop an algorithm to compute N"K"/"Q"""p(x)modp^N^/^2^+^O^(^1^) with O(N^2^@m^+^0^.^5) bit operations and O(N^2) memory when x@?K satisfies certain conditions, which are always satisfied when applied to our point counting algorithm. As a result, we get an O(N^2^@m^+^0^.^5) time, O(N^2) memory algorithm for counting the F"q-rational points on E/F"q, which turns out to be very fast in practice for cryptographic size elliptic curves.