The Endomorphism Rings of Supersingular Elliptic Curves over $\mathbb{F}_p$ and the Binary Quadratic Forms

TL;DR

This paper establishes a novel correspondence between supersingular elliptic curves over _p and primitive reduced binary quadratic forms with discriminant _p or _{p} and explores implications for cryptographic security.

Contribution

It introduces a new link between supersingular elliptic curves over _p and quadratic forms, connecting isogeny operations to quadratic form composition.

Findings

Established a one-to-one correspondence between supersingular elliptic curves over _p and quadratic forms.

Demonstrated that _p-isogenies correspond to quadratic form composition.

Reduced the security analysis of CSIDH to explicit computation of this correspondence.

Abstract

It is well known that there is a one-to-one correspondence between supersingular $j$-invariants up to the action of $\text{Gal}(\mathbb{F}_{p^2}/\mathbb{F}_p)$ and type classes of maximal orders in $B_{p,\infty}$ by Deuring's theorem. Interestingly, we establish a one-to-one correspondence between $\mathbb{F}_p$-isomorphism classes of supersingular elliptic curves and primitive reduced binary quadratic forms with discriminant $-p$ or $-16p$. Due to this correspondence and the fact that $\mathbb{F}_p$-isogenies between elliptic curves could be represented by quadratic forms, we show that operations of these isogenies on supersingular elliptic curves over $\mathbb{F}_p$ are compatible with the composition of quadratic forms. Based on these results, we could reduce the security of CSIDH cryptosystem to computing this correspondence explicitly.