Computing Hilbert class polynomials with the Chinese Remainder Theorem
Andrew V. Sutherland
TL;DR
This paper introduces a space-efficient algorithm for computing Hilbert class polynomials modulo P using the Chinese Remainder Theorem, enabling larger discriminants and practical applications in elliptic curve construction.
Contribution
The paper presents a novel space-efficient algorithm for computing Hilbert class polynomials modulo P, optimized for large discriminants and practical cryptographic applications.
Findings
Handles discriminants up to 10^13
Computes class polynomials efficiently under GRH
Facilitates construction of pairing-friendly elliptic curves
Abstract
We present a space-efficient algorithm to compute the Hilbert class polynomial H_D(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D|^(1/2+o(1))log P) space and has an expected running time of O(|D|^(1+o(1)). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D| as large as 10^13 and h(D) up to 10^6. We apply these results to construct pairing-friendly elliptic curves of prime order, using the CM method.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Residue Arithmetic · Algebraic Geometry and Number Theory · Polynomial and algebraic computation