. We describe some algorithms for computing the cardinality of hyperelliptic curves and their Jacobians over finite fields. They include several methods for obtaining the result modulo small primes and prime powers, in particular an algorithm `a la Schoof for genus 2 using Cantor 's division polynomials. These are combined with a birthday paradox algorithm to calculate the cardinality. Our methods are practical and we give actual results computed using our current implementation. The Jacobian groups we handle are larger than those previously reported in the literature. Introduction In recent years there has been a surge of interest in algorithmic aspects of curves. When presented with any curve, a natural task is to compute the number of points on it with coordinates in some finite field. When the finite field is large this is generally difficult to do. Ren'e Schoof gave a polynomial time algorithm for counting points on elliptic curves i.e., those of genus 1, in his ground-...

Conjectures of Langlands, Fontaine and Mazur [22] predict that certain Galois representations ρ: Gal(Q/Q) → GL2(Qℓ) (where ℓ denotes a fixed prime) should arise from modular forms. This applies in particular to representations defined by the action of Gal(Q/Q) on the ℓ-adic Tate

Abstract. The heart of the improvements by Elkies to Schoof’s algorithm for computing the cardinality of elliptic curves over a finite field is the ability to compute isogenies between curves. Elkies ’ approach is well suited for the case where the characteristic of the field is large. Couveignes showed how to compute isogenies in small characteristic. The aim of this paper is to describe the first successful implementation of Couveignes’s algorithm. In particular, we describe the use of fast algorithms for performing incremental operations on series. We also insist on the particular case of the characteristic 2. 1.

Abstract. We present a primality proving algorithm—a probabilistic primality test that produces short certificates of primality on prime inputs. We prove that the test runs in expected polynomial time for all but a vanishingly small fraction of the primes. As a corollary, we obtain an algorithm for generating large certified primes with distribution statistically close to uniform. Under the conjecture that the gap between consecutive primes is bounded by some polynomial in their size, the test is shown to run in expected polynomial time for all primes, yielding a Las Vegas primality test. Our test is based on a new methodology for applying group theory to the problem of prime certification, and the application of this methodology using groups generated by elliptic curves over finite fields. We note that our methodology and methods have been subsequently used and improved upon, most notably in the primality proving algorithm of Adleman and Huang using hyperelliptic curves and

Abstract not found

We present an algorithm for computing the zeta function of an arbitrary hyperelliptic curve over a finite field Fq of characteristic 2, thereby extending the algorithm of Kedlaya for odd characteristic. For a genus g hyperelliptic curve defined over F2 n , the average-case time complexity is O(g ) and the average-case space complexity is O(g ), whereas the worst-case time and space complexities are O(g ) and ) respectively.

Abstract. We analyse and compare the complexity of several algorithms for computing modular polynomials. Under the assumption that rounding errors do not influence the correctness of the result, which appears to be satisfied in practice, we show that an algorithm relying on floating point evaluation of modular functions and on interpolation has a complexity that is up to logarithmic factors linear in the size of the computed polynomials. In particular, it obtains the classical modular polynomial Φℓ of prime level ℓ in time O ( ℓ 2 log 3 ℓM(ℓ) ) ⊆ O ( ℓ 3 log 4+ε ℓ), where M(ℓ) is the time needed to multiply two ℓ-bit numbers. Besides treating modular polynomials for Γ0 (ℓ), which are an important ingredient in many algorithms dealing with isogenies of elliptic curves, the algorithm is easily adapted to more general situations. Composite levels are handled just as easily as prime levels, as well as polynomials between a modular function and its transform of prime level, such as the Schläfli polynomials and their generalisations.

In the paper an upper bound is established for certain exponential sums, analogous to Gaussian sums, defined on the points of an elliptic curve over a prime finite field. The bound is applied to prove the existence of group generators for the set of points on an elliptic curve over Fq among certain sets of bounded size. We apply this estimate to obtain a deterministic O(q 1=2+" ) algorithm for finding generators of the group in echelon form, and in particular to determine its group structure.

The decision-Diffie-Hellman problem (DDH) is an important computational problem in cryptography. It is known that the Weil and Tate pairings can be used to solve many DDH problems on elliptic curves. Distortion maps are an important tool for solving DDH problems using pairings and it is known that distortion maps exist for all supersingular elliptic curves. We present an algorithm to construct suitable distortion maps. The algorithm is efficient on the curves usable in practice, and hence all DDH problems on these curves are easy. We also discuss the issue of which DDH problems on ordinary curves are easy.

We describe a fast algorithm for counting points on elliptic curves defined over finite fields of small characteristic, following Satoh. Our main contribution is an extension to characteristics two and three. We give a detailed description with the optimisations necessary for an efficient implementation. Finally we give the number of points we have computed on a "random" curve defined over the field F q with q = 2 8009 .