We present a space-efficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D | 1/2+ɛ log P) space and has an expected running time of O(|D | 1+ɛ). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D | as large as 1013 and h(D) up to 106. We apply these results to construct pairing-friendly elliptic curves of prime order, using the CM method.

We present a new algorithm to compute the classical modular polynomial Φl in the rings Z[X, Y] and (Z/mZ)[X, Y], for a prime l and any positive integer m. Our approach uses the graph of l-isogenies to efficiently compute Φl mod p for many primes p of a suitable form, and then applies the Chinese Remainder Theorem (CRT). Under the Generalized Riemann Hypothesis (GRH), we achieve an expected running time of O(l3 (log l) 3 log log l), and compute Φl mod m using O(l2 (log l) 2 + l2 log m) space. We have used the new algorithm to compute Φl with l over 5000, and Φl mod m with l over 20000. We also consider several modular functions g for which Φ g l is smaller than Φl, allowing us to handle l over 60000.

Modular polynomials are an important tool in many algorithms involving elliptic curves. In this article we investigate their generalization to the genus 2 case following pioneering work by Gaudry and Dupont. We prove various properties of these genus 2 modular polynomials and give an improved way to explicitly compute them.

Abstract. We develop a new p-adic algorithm to compute the minimal polynomial of a class invariant. Our approach works for virtually any modular function yielding class invariants. The main algorithmic tool is modular polynomials, a concept which we generalize to functions of higher level. 1.

c t i v it y e p o r t 2009 Table of contents

c t i v it y e p o r t 2009 Table of contents

Abstract. The modular curve X1(N) parametrizes elliptic curves with a point of order N. For N ≤ 50 we obtain plane models of X1(N) that have been optimized for fast computation, and provide explicit birational maps to transform a point on our model of X1(N) to an elliptic curve. Over a finite field, these allow us to quickly construct elliptic curves containing a point of order N, and can accelerate the search for an elliptic curve whose order is divisible by N. 1.

Abstract. The modular curve X1(N) parametrizes elliptic curves with a point of order N. For N ≤ 50 we obtain plane models for X1(N) that have been optimized for fast computation, and provide explicit birational maps to transform a point on our model of X1(N) to an elliptic curve. Over a finite field Fq, these allow us to quickly construct elliptic curves containing a point of order N, and can accelerate the search for an elliptic curve of order divisible by N. For odd N we also give a method to generate elliptic curves over Fq with order congruent to 2N mod 4N. 1.