Computing isogenies between supersingular elliptic curves over Fp\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${\mat

Let $$p>3$$p>3 be a prime and let $$E$$E, $$E'$$E′ be supersingular elliptic curves over $${\mathbb {F}}_p$$Fp. We want to construct an isogeny $$\phi :E\rightarrow E'$$ϕ:E→E′. The currently fastest algorithm for finding isogenies between supersingular elliptic curves solves this problem in the full supersingular isogeny graph over $${\mathbb {F}}_{p^2}$$Fp2. It takes an expected $$\tilde{\mathcal {O}}(p^{1/2})$$O~(p1/2) bit operations, and also $$\tilde{\mathcal {O}}(p^{1/2})$$O~(p1/2) space, by performing a “meet-in-the-middle” breadth-first search in the isogeny graph. In this paper we consider the structure of the isogeny graph of supersingular elliptic curves over $${\mathbb {F}}_p$$Fp. We give an algorithm to construct isogenies between supersingular curves over $${\mathbb {F}}_p$$Fp that works in $$\tilde{\mathcal {O}}(p^{1/4})$$O~(p1/4) bit operations. We then discuss how this algorithm can be used to obtain an improved algorithm for the general supersingular isogeny problem.

[1]  Steven D. Galbraith,et al.  Improved algorithm for the isogeny problem for ordinary elliptic curves , 2011, Applicable Algebra in Engineering, Communication and Computing.

[2]  Anton Stolbunov,et al.  Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves , 2010, Adv. Math. Commun..

[3]  H. Dubner,et al.  Primes of the form . , 2000 .

[4]  J. Silverman Advanced Topics in the Arithmetic of Elliptic Curves , 1994 .

[5]  David Jao,et al.  Do All Elliptic Curves of the Same Order Have the Same Difficulty of Discrete Log? , 2004, ASIACRYPT.

[6]  K. Gandhi Primes of the form x2 + ny2 , 2012 .

[7]  Hans-Georg Rück A note on elliptic curves over finite fields , 1987 .

[8]  Sadao Saito,et al.  Global class field theory of arithmetic schemes , 1986 .

[9]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[10]  K. McCurley,et al.  A rigorous subexponential algorithm for computation of class groups , 1989 .

[11]  E. Bach Analytic methods in the analysis and design of number-theoretic algorithms , 1985 .

[12]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[13]  Claude Tricot,et al.  La méthode des graphes , 1965 .

[14]  Steven D. Galbraith,et al.  Extending the GHS Weil Descent Attack , 2002, EUROCRYPT.

[15]  D. Kohel Endomorphism rings of elliptic curves over finite fields , 1996 .

[16]  S. Galbraith Constructing Isogenies between Elliptic Curves Over Finite Fields , 1999 .

[17]  Ira Sheldon Pohl,et al.  Bi-directional and heuristic search in path problems , 1969 .

[18]  R. Venkatesan,et al.  Expander graphs based on GRH with an application to elliptic curve cryptography , 2008, 0811.0647.

[19]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[20]  W. Waterhouse,et al.  Abelian varieties over finite fields , 1969 .

[21]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[22]  Reinier Bröker,et al.  Constructing elliptic curves of prescribed order , 2008 .