Paper 2021/090

A New Twofold Cornacchia-Type Algorithm and Its Applications

Bei Wang, Yi Ouyang, Honggang Hu, and Songsong Li

Abstract

We focus on exploring more potential of Longa and Sica's algorithm (ASIACRYPT 2012), which is an elaborate iterated Cornacchia algorithm that can compute short bases for 4-GLV decompositions. The algorithm consists of two sub-algorithms, the first one in the ring of integers $\mathbb{Z}$ and the second one in the Gaussian integer ring $\mathbb{Z}[i]$. We observe that $\mathbb{Z}[i]$ in the second sub-algorithm can be replaced by another Euclidean domain $\mathbb{Z}[\omega ]$ $(\omega =\frac{-1+\sqrt{-3}}{2})$. As a consequence, we design a new twofold Cornacchia-type algorithm with a theoretic upper bound of output $C\cdot n^{1/4}$, where $C=\frac{3+\sqrt{3}}{2}\sqrt{1+|r|+|s|}$ with small values $r,s$ given by the curves. The new twofold algorithm can be used to compute $$-GLV decompositions on two classes of curves. First it gives a new and unified method to compute all $$-GLV decompositions on $$-invariant $$ elliptic curves over $$. Second it can be used to compute the $$-GLV decomposition on the Jacobian of the hyperelliptic curve defined as $$, which has an endomorphism $$ with the characteristic equation $$ (hence $$). As far as we know, none of the previous algorithms can be used to compute the $$-GLV decomposition on the latter class of curves.