On the product of small Elkies primes

Igor E. Shparlinski

doi:10.1090/S0002-9939-2014-12345-8

On the product of small Elkies primes

Igor E. Shparlinski^*

^*Corresponding author for this work

School of Computing

Research output: Contribution to journal › Article › peer-review

Abstract

Given an elliptic curve E over a finite field F_q of q elements, we say that an odd prime ℓ + q is an Elkies prime for E if t² _E − 4q is a quadratic residue modulo ℓ, where t_E = q + 1 − #E(F_q) and #E(F_q) is the number of F_q-rational points on E. The Elkies primes are used in the presently most efficient algorithm to compute #E(F_q). In particular, the quantity L_q(E) defined as the smallest L such that the product of all Elkies primes for E up to L exceeds 4q^1/2 is a crucial parameter of this algorithm. We show that there are infinitely many pairs (p,E) of primes p and curves E over F_p with L_p(E) ≥ c log p log log log p for some absolute constant c > 0, while a naive heuristic estimate suggests that L_p(E) ∼ log p. This complements recent upper bounds on L_q(E) proposed by Galbraith and Satoh in 2002, conditional under the Generalised Riemann Hypothesis, and by Shparlinski and Sutherland in 2011, unconditional for almost all pairs (p,E).

Original language	English
Pages (from-to)	1441-1448
Number of pages	8
Journal	Proceedings of the American Mathematical Society
Volume	143
Issue number	4
DOIs	https://doi.org/10.1090/S0002-9939-2014-12345-8
Publication status	Published - 2015

Keywords

Character sums
Elkies primes
Elliptic curves

Access to Document

10.1090/S0002-9939-2014-12345-8

Cite this

@article{4631a4d019204332826be429f55d43bd,

title = "On the product of small Elkies primes",

abstract = "Given an elliptic curve E over a finite field Fq of q elements, we say that an odd prime ℓ + q is an Elkies prime for E if t2 E − 4q is a quadratic residue modulo ℓ, where tE = q + 1 − #E(Fq) and #E(Fq) is the number of Fq-rational points on E. The Elkies primes are used in the presently most efficient algorithm to compute #E(Fq). In particular, the quantity Lq(E) defined as the smallest L such that the product of all Elkies primes for E up to L exceeds 4q1/2 is a crucial parameter of this algorithm. We show that there are infinitely many pairs (p,E) of primes p and curves E over Fp with Lp(E) ≥ c log p log log log p for some absolute constant c > 0, while a naive heuristic estimate suggests that Lp(E) ∼ log p. This complements recent upper bounds on Lq(E) proposed by Galbraith and Satoh in 2002, conditional under the Generalised Riemann Hypothesis, and by Shparlinski and Sutherland in 2011, unconditional for almost all pairs (p,E).",

keywords = "Character sums, Elkies primes, Elliptic curves",

author = "Shparlinski, {Igor E.}",

year = "2015",

doi = "10.1090/S0002-9939-2014-12345-8",

language = "English",

volume = "143",

pages = "1441--1448",

journal = "Proceedings of the American Mathematical Society",

issn = "0002-9939",

publisher = "American Mathematical Society",

number = "4",

}

TY - JOUR

T1 - On the product of small Elkies primes

AU - Shparlinski, Igor E.

PY - 2015

Y1 - 2015

N2 - Given an elliptic curve E over a finite field Fq of q elements, we say that an odd prime ℓ + q is an Elkies prime for E if t2 E − 4q is a quadratic residue modulo ℓ, where tE = q + 1 − #E(Fq) and #E(Fq) is the number of Fq-rational points on E. The Elkies primes are used in the presently most efficient algorithm to compute #E(Fq). In particular, the quantity Lq(E) defined as the smallest L such that the product of all Elkies primes for E up to L exceeds 4q1/2 is a crucial parameter of this algorithm. We show that there are infinitely many pairs (p,E) of primes p and curves E over Fp with Lp(E) ≥ c log p log log log p for some absolute constant c > 0, while a naive heuristic estimate suggests that Lp(E) ∼ log p. This complements recent upper bounds on Lq(E) proposed by Galbraith and Satoh in 2002, conditional under the Generalised Riemann Hypothesis, and by Shparlinski and Sutherland in 2011, unconditional for almost all pairs (p,E).

AB - Given an elliptic curve E over a finite field Fq of q elements, we say that an odd prime ℓ + q is an Elkies prime for E if t2 E − 4q is a quadratic residue modulo ℓ, where tE = q + 1 − #E(Fq) and #E(Fq) is the number of Fq-rational points on E. The Elkies primes are used in the presently most efficient algorithm to compute #E(Fq). In particular, the quantity Lq(E) defined as the smallest L such that the product of all Elkies primes for E up to L exceeds 4q1/2 is a crucial parameter of this algorithm. We show that there are infinitely many pairs (p,E) of primes p and curves E over Fp with Lp(E) ≥ c log p log log log p for some absolute constant c > 0, while a naive heuristic estimate suggests that Lp(E) ∼ log p. This complements recent upper bounds on Lq(E) proposed by Galbraith and Satoh in 2002, conditional under the Generalised Riemann Hypothesis, and by Shparlinski and Sutherland in 2011, unconditional for almost all pairs (p,E).

KW - Character sums

KW - Elkies primes

KW - Elliptic curves

UR - http://www.scopus.com/inward/record.url?scp=84923233810&partnerID=8YFLogxK

UR - http://purl.org/au-research/grants/arc/DP130100237

U2 - 10.1090/S0002-9939-2014-12345-8

DO - 10.1090/S0002-9939-2014-12345-8

M3 - Article

AN - SCOPUS:84923233810

VL - 143

SP - 1441

EP - 1448

JO - Proceedings of the American Mathematical Society

JF - Proceedings of the American Mathematical Society

SN - 0002-9939

IS - 4

ER -

On the product of small Elkies primes

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this