Faster computation of isogenies of large prime degree

Abstract: Let $E/\F_q$ be an elliptic curve, and $P$ a point in $E(\F_q)$ of prime order $\ell$. Vélu's formulae let us compute a quotient curve $E' = E/\langle P \rangle$ and rational maps defining the quotient isogeny $\phi\colon E \to E'$ in $\tilde{O}(\ell)$ $\F_q$-operations, where the $\tilde{O}$ is uniform in $q$. This article shows how to compute $E'$, and $\phi(Q)$ for $Q$ in $E(\F_q)$, using only $\tilde{O}(\sqrt{\ell})$ $\F_q$-operations, where the $\tilde{O}$ is again uniform in $q$. As an application, we speed up some computations used in the isogeny-based cryptosystems CSIDH and CSURF.

cryptography and securityalgebraic geometrynumber theory

Audience: researchers in the topic

( chat | paper | slides | video )

Comments: Chairs: Wouter Castryck and Chloe Martindale

---

Algorithmic Number Theory Symposium (ANTS XIV)

Series comments: Registration is now open. Registration is free but required to access the chat and livestream.

This is a hybrid synchronous/asynchronous conference with several ways to participate.

• Click the "paper" link to view contributed papers and posters (open to all).
• Click the "video" link to view pre-recorded talks of accepted papers (open to all).
  These are 15-20 minutes aimed at a general algorithmic number theory audience.
• Click the "slides" link to view slides used in the pre-recorded video when available (open to all).
• Click the "chat" link to access the chat stream related to the talk or poster before, during, and after the live event (registration required).
• Click the "livestream" button to join the live event when it is taking place (registration required and you must be logged in).
  For accepted papers the audience will be expected to have watched the pre-recorded video and have the paper in front of them.

The invited talks will be recorded and made available via the "video" link after the talk is over. None of the other sessions will be recorded.

---