Hostname: page-component-cd9895bd7-lnqnp Total loading time: 0 Render date: 2024-12-26T21:12:36.287Z Has data issue: false hasContentIssue false
  • English
  • Français

Accelerating the CM method

Part of: Curves Arithmetic algebraic geometry Computational number theory

Published online by Cambridge University Press:  01 August 2012

Andrew V. Sutherland
Andrew V. Sutherland*
Affiliation:
Department of Mathematics, Massachusetts Institute of Technology, 77 Massachusetts Avenue, Cambridge, MA 02139, USA (email: [email protected])

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

Given a prime q and a negative discriminant D, the CM method constructs an elliptic curve E/Fq by obtaining a root of the Hilbert class polynomial HD(X) modulo q. We consider an approach based on a decomposition of the ring class field defined by HD, which we adapt to a CRT setting. This yields two algorithms, each of which obtains a root of HD mod q without necessarily computing any of its coefficients. Heuristically, our approach uses asymptotically less time and space than the standard CM method for almost all D. Under the GRH, and reasonable assumptions about the size of log q relative to ∣D∣, we achieve a space complexity of O((m+n)log q) bits, where mn=h(D) , which may be as small as O(∣D1/4 log q) . The practical efficiency of the algorithms is demonstrated using ∣D∣>1016 and q≈2256, and also ∣D∣>1015 and q≈233220. These examples are both an order of magnitude larger than the best previous results obtained with the CM method.

MSC classification

Secondary: 11Y16: Algorithms; complexity 11G15: Complex multiplication and moduli of abelian varieties 11G20: Curves over finite and local fields 14H52: Elliptic curves
Type
Research Article
Information
LMS Journal of Computation and Mathematics , Volume 15 , May 2012 , pp. 172 - 204
Copyright
Copyright © London Mathematical Society 2012

References

[1]Agashe, A., Lauter, K. and Venkatesan, R., ‘Constructing elliptic curves with a known number of points over a prime field’, High primes and misdemeanours: lectures in honour of the 60th Birthday of Hugh Cowie Williams, Fields Institute Communications 41 (eds van der Poorten, A. J. and Stein, A.; American Mathematical Society, 2004) 117.Google Scholar
[2]Agrawal, M., Kayal, N. and Saxena, N., ‘PRIMES is in P’, Ann. Math. (2) 160 (2004) 781793.CrossRefGoogle Scholar
[3]Atkin, A. O. L. and Morain, F., ‘Elliptic curves and primality proving’, Math. Comp. 61 (1993) 2968.CrossRefGoogle Scholar
[4]Bach, E., ‘Analytic methods in the analysis and design of number-theoretic algorithms’, ACM Distinguished Dissertation 1984 (MIT Press, 1985).Google Scholar
[5]Bach, E., ‘Explicit bounds for primality testing and related problems’, Math. Comp. 55 (1990) no. 191, 355380.CrossRefGoogle Scholar
[6]Baier, S. and Zhao, L., ‘On primes in arithmetic progressions’, Int. J. Number Theory 5 (2009) no. 6, 10171035.CrossRefGoogle Scholar
[7]Belding, J., Bröker, R., Enge, A. and Lauter, K., ‘Computing Hilbert class polynomials’, Algorithmic Number Theory Symposium–ANTS VIII, Lecture Notes in Computer Science 5011 (eds van der Poorten, A. J. and Stein, A.; Springer, 2008) 282295.CrossRefGoogle Scholar
[8]Berlekamp, E. R., ‘Factoring polynomials over large finite fields’, Math. Comp. 24 (1970) no. 111, 713735.CrossRefGoogle Scholar
[9]Bernstein, D. J., ‘Detecting perfect powers in essentially linear time, and other studies in computational number theory’, PhD Thesis, University of California at Berkeley, 1995.Google Scholar
[10]Bernstein, D. J. and Sorenson, J. P., ‘Modular exponentiation via the explicit Chinese Remainder theorem’, Math. Comp. 76 (2007) 443454.CrossRefGoogle Scholar
[11]Bisson, G. and Sutherland, A. V., ‘Computing the endomorphism ring of an ordinary elliptic curve over a finite field’, J. Number Theory 113 (2011) 815831.CrossRefGoogle Scholar
[12]Bröker, R., ‘A p-adic algorithm to compute the Hilbert class polynomial’, Math. Comp. 77 (2008) 24172435.CrossRefGoogle Scholar
[13]Bröker, R., Lauter, K. and Sutherland, A. V., ‘Modular polynomials via isogeny volcanoes’, Math. Comp. 81 (2012) 12011231.CrossRefGoogle Scholar
[14]Buchmann, J. and Vollmer, U., Binary quadratic forms: an algorithmic approach, Algorithms and Computations in Mathematics 20 (Springer, Berlin, 2007).CrossRefGoogle Scholar
[15]Chao, J., Nakamura, O., Sobataka, K. and Tsujii, S., ‘Construction of secure elliptic cryptosystems using CM tests and liftings’, Advances in cryptology–ASIACRYPT’98, Lecture Notes in Computer Science 1514 (Springer, 1998) 95109.CrossRefGoogle Scholar
[16]Childs, A. M., Jao, D. and Soukharev, V., Constructing elliptic curve isogenies in quantum subexponential time, Preprint, 2011, http://arxiv.org/abs/1012.4019v2.Google Scholar
[17]Cohen, H. and Lenstra, H. W. Jr., ‘Heuristics on class groups of number fields’, Number Theory, Noordwijkerhout 1983, Lecture Notes in Mathematics 1068 (Springer, 1984) 3362.CrossRefGoogle Scholar
[18]Couveignes, J.-M. and Henocq, T., ‘Action of modular correspondences around CM points’, Algorithmic Number Theory Symposium–ANTS V, Lecture Notes in Computer Science 2369 (eds Fieker, C. and Kohel, D. R.; Springer, 2002) 234243.CrossRefGoogle Scholar
[19]Cox, D. A., Primes of the form x 2+ny 2: Fermat, class field theory, and complex multiplication (John Wiley and Sons, 1989).Google Scholar
[20]Crandall, R. and Pomerance, C., Prime numbers: a computational perspective, 2nd edn (Springer, 2005).Google Scholar
[21]Enge, A., ‘The complexity of class polynomial computation via floating point approximations’, Math. Comp. 78 (2009) 10891107.CrossRefGoogle Scholar
[22]Enge, A. and Morain, F., ‘Comparing invariants for class fields of imaginary quadratic fields’, Algorithmic Number Theory Symposium–ANTS V, Lecture Notes in Computer Science 2369 (eds Fieker, C. and Kohel, D. R.; Springer, 2002) 252266.CrossRefGoogle Scholar
[23]Enge, A. and Morain, F., ‘Fast decomposition of polynomials with known Galois group’, Applied algebra, algebraic algorithms, and error correcting codes — 2003, Lecture Notes in Computer Science 2643 (Springer, 2003) 254264.CrossRefGoogle Scholar
[24]Enge, A. and Sutherland, A. V., ‘Class invariants for the CRT method’, Algorithmic Number Theory Symposium–ANTS IX, Lecture Notes in Computer Science 6197 (eds Hanrot, G., Morain, F. and Thomé, E.; Springer, 2010) 142156.CrossRefGoogle Scholar
[25] Free software foundation, ‘GNU compiler collection’, version 4.4.3, 2010, available at http://gcc.gnu.org/.Google Scholar
[26]Gee, A. and Stevenhagen, P., ‘Generating class fields with Shimura reciprocity’, Algorithmic Number Theory Symposium–ANTS III, Lecture Notes in Computer Science 1423 (Springer, 1998) 442453.Google Scholar
[27]Granlund, T.et al., GNU multiple precision arithmetic library, September 2010, version 5.0.1, available at http://gmplib.org/.Google Scholar
[28]Hanrot, G. and Morain, F., ‘Solvability by radicals from an algorithmic point of view’, International Conference on Symbolic and Algebraic Computation–ISSAC 2001 (ACM, 2001) 175182.Google Scholar
[29]Hardy, G. H. and Wright, E. M., An introduction to the theory of numbers, 5th edn (Oxford Science Publications, 1979).Google Scholar
[30]Harvey, D., zn_poly: a library for polynomial arithmetic, version 0.9, 2008,http://cims.nyu.edu/∼harvey/zn_poly.Google Scholar
[31]Harvey, D., ‘A cache-friendly truncated FFT’, Theoret. Comput. Sci. 410 (2009) 26492658.CrossRefGoogle Scholar
[32]Ionica, S. and Joux, A., ‘Pairing the volcano’, Algorithmic Number Theory Symposium–ANTS IX, Lecture Notes in Computer Science 6197 (eds Hanrot, G., Morain, F. and Thomé, E.; Springer, 2010) 201218.CrossRefGoogle Scholar
[33]Lagarias, J. C. and Odlyzko, A. M., ‘Effective versions of the Chebotarev density theorem’, Algebraic number fields: L-functions and Galois properties (Proc. Sympos., Univ. Durham, Durham, 1975) (Academic Press, 1977) 409464.Google Scholar
[34]Lang, S., Elliptic functions, 2nd edn (Springer, 1987).CrossRefGoogle Scholar
[35]Littlewood, J. E., ‘On the class-number of the corpus ’, Proc. Lond. Math. Soc. 27 (1928) 358372.CrossRefGoogle Scholar
[36]Morain, F., ‘Primality proving using elliptic curves: an update’, Algorithmic Number Theory Symposium–ANTS III, Lecture Notes in Computer Science 1423 (Springer, 1998) 111127.CrossRefGoogle Scholar
[37]Rubin, K. and Silverberg, A., ‘Choosing the correct elliptic curve in the CM method’, Math. Comp. 79 (2010) 545561.CrossRefGoogle Scholar
[38]Schönhage, A., ‘Fast reduction and composition of binary quadratic forms’, International Symposium on Symbolic and Algebraic Computation–ISSAC’91 (ed. Watt, S. M.; ACM, 1991) 128133.Google Scholar
[39]Schönhage, A. and Strassen, V., ‘Schnelle Multiplikation großer zahlen’, Computing 7 (1971) 281292.CrossRefGoogle Scholar
[40]Serre, J.-P., ‘Complex multiplication’, Algebraic number theory (eds Cassels, J.W.S. and Fröhlich, A.; Academic Press, 1967).Google Scholar
[41]Sutherland, A. V., ‘Order computations in generic groups’, PhD Thesis, MIT, 2007,http://groups.csail.mit.edu/cis/theses/sutherland-phd.pdf.Google Scholar
[42]Sutherland, A. V., ‘Computing Hilbert class polynomials with the Chinese remainder theorem’, Math. Computation 80 (2011) 501538.CrossRefGoogle Scholar
[43]Sutherland, A. V., ‘Structure computation and discrete logarithms in finite abelian p-groups’, Math. Comp. 80 (2011) 477500.CrossRefGoogle Scholar
[44]Leendert, B. and Waerden, van der, Algebra, vol. I (Springer, 1991). Originally published in German as Moderne algebra in 1930–1931.Google Scholar
[45]von zur Gathen, J. and Gerhard, J., Modern computer algebra, 2nd edn (Cambridge University Press, 2003).Google Scholar
[46]Weber, H., Lehrbuch der algebra, 3rd edn, vol. III (Chelsea, 1961).Google Scholar