Paper 2009/445

Computing Hilbert class polynomials with the Chinese Remainder Theorem

Andrew V. Sutherland

Abstract

We present a space-efficient algorithm to compute the Hilbert class polynomial H_D(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D|^(1/2+o(1))log P) space and has an expected running time of O(|D|^(1+o(1)). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D| as large as 10^13 and h(D) up to 10^6. We apply these results to construct pairing-friendly elliptic curves of prime order, using the CM method.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
elliptic curve cryptographycomplex multiplicationpairing-friendly curves
Contact author(s)
drew @ math mit edu
History
2009-09-14: received
Short URL
https://ia.cr/2009/445
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/445,
      author = {Andrew V.  Sutherland},
      title = {Computing Hilbert class polynomials with the Chinese Remainder Theorem},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/445},
      year = {2009},
      url = {https://eprint.iacr.org/2009/445}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.