Search for: All records

Abstract The Hilbert class polynomial has as roots the j -invariants of elliptic curves whose endomorphism ring is a given imaginary quadratic order. It can be used to compute elliptic curves over finite fields with a prescribed number of points. Since its coefficients are typically rather large, there has been continued interest in finding alternative modular functions whose corresponding class polynomials are smaller. Best known are Weber’s functions, which reduce the size by a factor of 72 for a positive density subset of imaginary quadratic discriminants. On the other hand, Bröker and Stevenhagen showed that no modular function will ever do better than a factor of 100.83. We introduce a generalization of class polynomials, with reduction factors that are not limited by the Bröker–Stevenhagen bound. We provide examples matching Weber’s reduction factor. For an infinite family of discriminants, their reduction factors surpass those of all previously known modular functions by a factor at least 2. 

Abstract We show how the Weil pairing can be used to evaluate the assigned characters of an imaginary quadratic order $${\mathcal {O}}$$ O in an unknown ideal class $$[{\mathfrak {a}}] \in {{\,\textrm{cl}\,}}({\mathcal {O}})$$ [ a ] ∈ cl ( O ) that connects two given $${\mathcal {O}}$$ O -oriented elliptic curves $$(E, \iota )$$ ( E , ι ) and $$(E', \iota ') = [{\mathfrak {a}}](E, \iota )$$ ( E ′ , ι ′ ) = [ a ] ( E , ι ) . When specialized to ordinary elliptic curves over finite fields, our method is conceptually simpler and often somewhat faster than a recent approach due to Castryck, Sotáková and Vercauteren, who rely on the Tate pairing instead. The main implication of our work is that it breaks the decisional Diffie–Hellman problem for practically all oriented elliptic curves that are acted upon by an even-order class group. It can also be used to better handle the worst cases in Wesolowski’s recent reduction from the vectorization problem for oriented elliptic curves to the endomorphism ring problem, leading to a method that always works in sub-exponential time.