On the quaternion -isogeny path problem

AbstractLet $\mathcal{O}$ be a maximal order in a definite quaternion algebra over $\mathbb{Q}$ of prime discriminant $p$, and $\ell $ a small prime. We describe a probabilistic algorithm which, for a given left $\mathcal{O}$-ideal, computes a representative in its left ideal class of $\ell $-power norm. In practice the algorithm is efficient and, subject to heuristics on expected distributions of primes, runs in expected polynomial time. This solves the underlying problem for a quaternion analog of the Charles–Goren–Lauter hash function, and has security implications for the original CGL construction in terms of supersingular elliptic curves.

Download Full-text

Constructing supersingular elliptic curves with a given endomorphism ring

LMS Journal of Computation and Mathematics ◽

10.1112/s1461157014000254 ◽

2014 ◽

Vol 17 (A) ◽

pp. 71-91 ◽

Cited By ~ 4

Author(s):

Ilya Chevyrev ◽

Steven D. Galbraith

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Endomorphism Ring ◽

Quaternion Algebra ◽

Maximal Order ◽

Running Time ◽

Successive Minima ◽

Supersingular Elliptic Curves ◽

Class Polynomials ◽

Theoretical Results

AbstractLet $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}\mathcal{O}$ be a maximal order in the quaternion algebra $B_p$ over $\mathbb{Q}$ ramified at $p$ and $\infty $. The paper is about the computational problem: construct a supersingular elliptic curve $E$ over $\mathbb{F}_p$ such that ${\rm End}(E) \cong \mathcal{O}$. We present an algorithm that solves this problem by taking gcds of the reductions modulo $p$ of Hilbert class polynomials.New theoretical results are required to determine the complexity of our algorithm. Our main result is that, under certain conditions on a rank three sublattice $\mathcal{O}^T$ of $\mathcal{O}$, the order $\mathcal{O}$ is effectively characterized by the three successive minima and two other short vectors of $\mathcal{O}^T\! .$ The desired conditions turn out to hold whenever the $j$-invariant $j(E)$, of the elliptic curve with ${\rm End}(E) \cong \mathcal{O}$, lies in $\mathbb{F}_p$. We can then prove that our algorithm terminates with running time $O(p^{1+\varepsilon })$ under the aforementioned conditions.As a further application we present an algorithm to simultaneously match all maximal order types with their associated $j$-invariants. Our algorithm has running time $O(p^{2.5 + \varepsilon })$ operations and is more efficient than Cerviño’s algorithm for the same problem.

Download Full-text

Surface abéliennes à multiplication quaternionique munie d'une structure de niveau Γ0(N)

International Journal of Number Theory ◽

10.1142/s1793042117500725 ◽

2017 ◽

Vol 13 (05) ◽

pp. 1317-1333

Author(s):

Florence Gillibert

Keyword(s):

Elliptic Curves ◽

Prime Number ◽

Quaternion Algebra ◽

Level Structure ◽

Maximal Order ◽

Abelian Surfaces ◽

Text Type ◽

Number Formula ◽

Imaginary Field

A theorem of Mazur gives the set of possible prime degrees for rational isogenies between elliptic curves. In this paper, we are working on a similar problem in the case of abelian surfaces of [Formula: see text]-type over [Formula: see text] with quaternionic multiplication (over [Formula: see text]) endowed with a [Formula: see text] level structure. We prove the following result: for a fixed indefinite quaternion algebra [Formula: see text] of discriminant [Formula: see text] and a fixed quadratic imaginary field [Formula: see text], there exists an effective bound [Formula: see text] such that for a prime number [Formula: see text], not dividing the conductor of the order [Formula: see text], there do not exist abelian surfaces [Formula: see text] such that [Formula: see text] is a maximal order of [Formula: see text] and [Formula: see text] is endowed with a [Formula: see text] level structure.

Download Full-text