Computing endomorphism rings of supersingular elliptic curves


Séminaire AMAC: CASC

7/04/2023 - 09:30 Annamaria Iezzi (Università degli Studi di Napoli Federico II) Remotely at, and IMAG 106

Computing the endomorphism ring of a supersingular elliptic curve E defined over a finite field F_{p^2} is a relevant problem to cryptography, since the security of several isogeny-based cryptosystems reduces to it.
In this talk, after reviewing the mathematical and cryptographic context, we present a new algorithm for computing End(E) which only relies on GRH and computes End(E) in expected O(p^(1/2+e)) time. Finally we discuss a new heuristic argument about the expected number of endomorphisms of E that we need to compute in order to guarantee that they generate the endomorphism ring End(E) as a Z-order.