Accelerating the CM method

TL;DR

This paper introduces two new algorithms for the CM method that efficiently construct elliptic curves over finite fields by avoiding coefficient computation, demonstrating superior performance on large discriminants and prime fields.

Contribution

The authors develop two algorithms based on ring class field decomposition and CRT, reducing time and space complexity compared to the standard CM method, especially for large discriminants.

Findings

Algorithms work efficiently for |D| > 10^16 and q ~ 2^256.

Achieve lower space complexity under GRH assumptions.

Handle discriminants and primes larger than previous methods.

Abstract

Given a prime q and a negative discriminant D, the CM method constructs an elliptic curve E/\Fq by obtaining a root of the Hilbert class polynomial H_D(X) modulo q. We consider an approach based on a decomposition of the ring class field defined by H_D, which we adapt to a CRT setting. This yields two algorithms, each of which obtains a root of H_D mod q without necessarily computing any of its coefficients. Heuristically, our approach uses asymptotically less time and space than the standard CM method for almost all D. Under the GRH, and reasonable assumptions about the size of log q relative to |D|, we achieve a space complexity of O((m+n)log q) bits, where mn=h(D), which may be as small as O(|D|^(1/4)log q). The practical efficiency of the algorithms is demonstrated using |D| > 10^16 and q ~ 2^256, and also |D| > 10^15 and q ~ 2^33220. These examples are both an order of magnitude larger than the best previous results obtained with the CM method.