Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Home
  • Home
Article
  • Cited by 9

  • Access

Accelerating the CM method

  • Andrew V. Sutherland (a1)

Abstract

Given a prime q and a negative discriminant D, the CM method constructs an elliptic curve E/Fq by obtaining a root of the Hilbert class polynomial HD(X) modulo q. We consider an approach based on a decomposition of the ring class field defined by HD, which we adapt to a CRT setting. This yields two algorithms, each of which obtains a root of HD mod q without necessarily computing any of its coefficients. Heuristically, our approach uses asymptotically less time and space than the standard CM method for almost all D. Under the GRH, and reasonable assumptions about the size of log q relative to ∣D∣, we achieve a space complexity of O((m+n)log q) bits, where mn=h(D) , which may be as small as O(∣D1/4 log q) . The practical efficiency of the algorithms is demonstrated using ∣D∣>1016 and q≈2256, and also ∣D∣>1015 and q≈233220. These examples are both an order of magnitude larger than the best previous results obtained with the CM method.

    •

      • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      Accelerating the CM method
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      Accelerating the CM method
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      Accelerating the CM method
      Available formats
      ×

Copyright

COPYRIGHT: © London Mathematical Society 2012

References

Hide All
[1]Agashe, A., Lauter, K. and Venkatesan, R., ‘Constructing elliptic curves with a known number of points over a prime field’, High primes and misdemeanours: lectures in honour of the 60th Birthday of Hugh Cowie Williams, Fields Institute Communications 41 (eds van der Poorten, A. J. and Stein, A.; American Mathematical Society, 2004) 117.
[2]Agrawal, M., Kayal, N. and Saxena, N., ‘PRIMES is in P’, Ann. Math. (2) 160 (2004) 781793.
[3]Atkin, A. O. L. and Morain, F., ‘Elliptic curves and primality proving’, Math. Comp. 61 (1993) 2968.
[4]Bach, E., ‘Analytic methods in the analysis and design of number-theoretic algorithms’, ACM Distinguished Dissertation 1984 (MIT Press, 1985).
[5]Bach, E., ‘Explicit bounds for primality testing and related problems’, Math. Comp. 55 (1990) no. 191, 355380.
[6]Baier, S. and Zhao, L., ‘On primes in arithmetic progressions’, Int. J. Number Theory 5 (2009) no. 6, 10171035.
[7]Belding, J., Bröker, R., Enge, A. and Lauter, K., ‘Computing Hilbert class polynomials’, Algorithmic Number Theory Symposium–ANTS VIII, Lecture Notes in Computer Science 5011 (eds van der Poorten, A. J. and Stein, A.; Springer, 2008) 282295.
[8]Berlekamp, E. R., ‘Factoring polynomials over large finite fields’, Math. Comp. 24 (1970) no. 111, 713735.
[9]Bernstein, D. J., ‘Detecting perfect powers in essentially linear time, and other studies in computational number theory’, PhD Thesis, University of California at Berkeley, 1995.
[10]Bernstein, D. J. and Sorenson, J. P., ‘Modular exponentiation via the explicit Chinese Remainder theorem’, Math. Comp. 76 (2007) 443454.
[11]Bisson, G. and Sutherland, A. V., ‘Computing the endomorphism ring of an ordinary elliptic curve over a finite field’, J. Number Theory 113 (2011) 815831.
[12]Bröker, R., ‘A p-adic algorithm to compute the Hilbert class polynomial’, Math. Comp. 77 (2008) 24172435.
[13]Bröker, R., Lauter, K. and Sutherland, A. V., ‘Modular polynomials via isogeny volcanoes’, Math. Comp. 81 (2012) 12011231.
[14]Buchmann, J. and Vollmer, U., Binary quadratic forms: an algorithmic approach, Algorithms and Computations in Mathematics 20 (Springer, Berlin, 2007).
[15]Chao, J., Nakamura, O., Sobataka, K. and Tsujii, S., ‘Construction of secure elliptic cryptosystems using CM tests and liftings’, Advances in cryptology–ASIACRYPT’98, Lecture Notes in Computer Science 1514 (Springer, 1998) 95109.
[16]Childs, A. M., Jao, D. and Soukharev, V., Constructing elliptic curve isogenies in quantum subexponential time, Preprint, 2011, http://arxiv.org/abs/1012.4019v2.
[17]Cohen, H. and Lenstra, H. W. Jr., ‘Heuristics on class groups of number fields’, Number Theory, Noordwijkerhout 1983, Lecture Notes in Mathematics 1068 (Springer, 1984) 3362.
[18]Couveignes, J.-M. and Henocq, T., ‘Action of modular correspondences around CM points’, Algorithmic Number Theory Symposium–ANTS V, Lecture Notes in Computer Science 2369 (eds Fieker, C. and Kohel, D. R.; Springer, 2002) 234243.
[19]Cox, D. A., Primes of the form x 2+ny 2: Fermat, class field theory, and complex multiplication (John Wiley and Sons, 1989).
[20]Crandall, R. and Pomerance, C., Prime numbers: a computational perspective, 2nd edn (Springer, 2005).
[21]Enge, A., ‘The complexity of class polynomial computation via floating point approximations’, Math. Comp. 78 (2009) 10891107.
[22]Enge, A. and Morain, F., ‘Comparing invariants for class fields of imaginary quadratic fields’, Algorithmic Number Theory Symposium–ANTS V, Lecture Notes in Computer Science 2369 (eds Fieker, C. and Kohel, D. R.; Springer, 2002) 252266.
[23]Enge, A. and Morain, F., ‘Fast decomposition of polynomials with known Galois group’, Applied algebra, algebraic algorithms, and error correcting codes — 2003, Lecture Notes in Computer Science 2643 (Springer, 2003) 254264.
[24]Enge, A. and Sutherland, A. V., ‘Class invariants for the CRT method’, Algorithmic Number Theory Symposium–ANTS IX, Lecture Notes in Computer Science 6197 (eds Hanrot, G., Morain, F. and Thomé, E.; Springer, 2010) 142156.
[25] Free software foundation, ‘GNU compiler collection’, version 4.4.3, 2010, available at http://gcc.gnu.org/.
[26]Gee, A. and Stevenhagen, P., ‘Generating class fields with Shimura reciprocity’, Algorithmic Number Theory Symposium–ANTS III, Lecture Notes in Computer Science 1423 (Springer, 1998) 442453.
[27]Granlund, T.et al., GNU multiple precision arithmetic library, September 2010, version 5.0.1, available at http://gmplib.org/.
[28]Hanrot, G. and Morain, F., ‘Solvability by radicals from an algorithmic point of view’, International Conference on Symbolic and Algebraic Computation–ISSAC 2001 (ACM, 2001) 175182.
[29]Hardy, G. H. and Wright, E. M., An introduction to the theory of numbers, 5th edn (Oxford Science Publications, 1979).
[30]Harvey, D., zn_poly: a library for polynomial arithmetic, version 0.9, 2008,http://cims.nyu.edu/∼harvey/zn_poly.
[31]Harvey, D., ‘A cache-friendly truncated FFT’, Theoret. Comput. Sci. 410 (2009) 26492658.
[32]Ionica, S. and Joux, A., ‘Pairing the volcano’, Algorithmic Number Theory Symposium–ANTS IX, Lecture Notes in Computer Science 6197 (eds Hanrot, G., Morain, F. and Thomé, E.; Springer, 2010) 201218.
[33]Lagarias, J. C. and Odlyzko, A. M., ‘Effective versions of the Chebotarev density theorem’, Algebraic number fields: L-functions and Galois properties (Proc. Sympos., Univ. Durham, Durham, 1975) (Academic Press, 1977) 409464.
[34]Lang, S., Elliptic functions, 2nd edn (Springer, 1987).
[35]Littlewood, J. E., ‘On the class-number of the corpus ’, Proc. Lond. Math. Soc. 27 (1928) 358372.
[36]Morain, F., ‘Primality proving using elliptic curves: an update’, Algorithmic Number Theory Symposium–ANTS III, Lecture Notes in Computer Science 1423 (Springer, 1998) 111127.
[37]Rubin, K. and Silverberg, A., ‘Choosing the correct elliptic curve in the CM method’, Math. Comp. 79 (2010) 545561.
[38]Schönhage, A., ‘Fast reduction and composition of binary quadratic forms’, International Symposium on Symbolic and Algebraic Computation–ISSAC’91 (ed. Watt, S. M.; ACM, 1991) 128133.
[39]Schönhage, A. and Strassen, V., ‘Schnelle Multiplikation großer zahlen’, Computing 7 (1971) 281292.
[40]Serre, J.-P., ‘Complex multiplication’, Algebraic number theory (eds Cassels, J.W.S. and Fröhlich, A.; Academic Press, 1967).
[41]Sutherland, A. V., ‘Order computations in generic groups’, PhD Thesis, MIT, 2007,http://groups.csail.mit.edu/cis/theses/sutherland-phd.pdf.
[42]Sutherland, A. V., ‘Computing Hilbert class polynomials with the Chinese remainder theorem’, Math. Computation 80 (2011) 501538.
[43]Sutherland, A. V., ‘Structure computation and discrete logarithms in finite abelian p-groups’, Math. Comp. 80 (2011) 477500.
[44]Leendert, B. and Waerden, van der, Algebra, vol. I (Springer, 1991). Originally published in German as Moderne algebra in 1930–1931.
[45]von zur Gathen, J. and Gerhard, J., Modern computer algebra, 2nd edn (Cambridge University Press, 2003).
[46]Weber, H., Lehrbuch der algebra, 3rd edn, vol. III (Chelsea, 1961).
MathJax
MathJax is a JavaScript display engine for mathematics. For more information see http://www.mathjax.org.

MSC classification

  • Cited by 9

  • Access

Accelerating the CM method

  • Andrew V. Sutherland (a1)

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed