We give an algorithm for computing an inseparable endomorphism of a supersingular elliptic curve E defined over Fpjavax.xml.bind.JAXBElement@5c584bab, which, conditional on GRH, runs in expected O(p1/2(logp)2(loglogp)3) bit operations and requires O((logp)2) storage. This matches the time and storage complexity of the best conditional algorithms for computing a nontrivial supersingular endomorphism, such as those of Eisenträger–Hallgren–Leonardi–Morrison–Park and Delfs–Galbraith. Unlike these prior algorithms, which require two paths from E to a curve defined over Fp, the algorithm we introduce only requires one; thus when combined with the algorithm of Corte-Real Santos–Costello–Shi, our algorithm will be faster in practice. Moreover, our algorithm produces endomorphisms with predictable discriminants, enabling us to prove properties about the orders they generate. With two calls to our algorithm, we can provably compute a Bass suborder of End(E). This result is then used in an algorithm for computing a basis for End(E) with the same time complexity, assuming GRH. We also argue that End(E) can be computed using O(1) calls to our algorithm along with polynomial overhead, conditional on a heuristic assumption about the distribution of the discriminants of these endomorphisms. Conditional on GRH and this additional heuristic, this yields a O(p1/2(logp)2(loglogp)3) algorithm for computing End(E) requiring O((logp)2) storage.
Computing supersingular endomorphism rings using inseparable endomorphisms / Fuselier, Jenny; Iezzi, Annamaria; Kozek, Mark; Morrison, Travis; Namoijam, Changningphaabi. - In: JOURNAL OF ALGEBRA. - ISSN 0021-8693. - 668:(2025), pp. 145-189. [10.1016/j.jalgebra.2025.01.012]
Computing supersingular endomorphism rings using inseparable endomorphisms
Iezzi, Annamaria;
2025
Abstract
We give an algorithm for computing an inseparable endomorphism of a supersingular elliptic curve E defined over Fpjavax.xml.bind.JAXBElement@5c584bab, which, conditional on GRH, runs in expected O(p1/2(logp)2(loglogp)3) bit operations and requires O((logp)2) storage. This matches the time and storage complexity of the best conditional algorithms for computing a nontrivial supersingular endomorphism, such as those of Eisenträger–Hallgren–Leonardi–Morrison–Park and Delfs–Galbraith. Unlike these prior algorithms, which require two paths from E to a curve defined over Fp, the algorithm we introduce only requires one; thus when combined with the algorithm of Corte-Real Santos–Costello–Shi, our algorithm will be faster in practice. Moreover, our algorithm produces endomorphisms with predictable discriminants, enabling us to prove properties about the orders they generate. With two calls to our algorithm, we can provably compute a Bass suborder of End(E). This result is then used in an algorithm for computing a basis for End(E) with the same time complexity, assuming GRH. We also argue that End(E) can be computed using O(1) calls to our algorithm along with polynomial overhead, conditional on a heuristic assumption about the distribution of the discriminants of these endomorphisms. Conditional on GRH and this additional heuristic, this yields a O(p1/2(logp)2(loglogp)3) algorithm for computing End(E) requiring O((logp)2) storage.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
