# Computing Hilbert class polynomials with the Chinese remainder theorem

@article{Sutherland2009ComputingHC, title={Computing Hilbert class polynomials with the Chinese remainder theorem}, author={Andrew V. Sutherland}, journal={Math. Comput.}, year={2009}, volume={80}, pages={501-538} }

We present a space-efficient algorithm to compute the Hilbert class polynomial H_D(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D|^(1/2+o(1))log P) space and has an expected running time of O(|D|^(1+o(1)). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D| as large as 10^13 and h(D) up to 10^6. We apply these results to…

## 105 Citations

### Supersingular $j$-invariants and the Class Number of $\mathbb{Q}(\sqrt{-p})$

- Mathematics, Computer Science
- 2021

A deterministic algorithm is got for computing the class number of Q( √−p) if D is not a quadratic residue in Fp and the time complexity of Algorithm 3 is Õ(p1/2) if the authors use probabilistic factorization algorithms and assume the Generalized Riemann Hypothesis.

### 22.1 the Hilbert Class Polynomial

- Mathematics
- 2013

The appellation “Hilbert” is sometimes reserved for cases where D is a fundamental discriminant (in which case HD(X) is more generally called a ring class polynomial), but we shall use the term…

### Constructing supersingular elliptic curves with a given endomorphism ring

- Mathematics, Computer Science
- 2014

The paper presents an algorithm that solves the computational problem of constructing a supersingular elliptic curve E over F_p such that End(E) = O by taking gcds of the reductions modulo p of Hilbert class polynomials by simultaneously match all maximal order types with their associated j-invariants.

### Some remarks on the construction of class polynomials

- Mathematics, Computer ScienceAdv. Math. Commun.
- 2011

It is shown that Weber polynomials constructed with discriminants $-D \equiv 1$ (mod $8$) have the smallest height and require the least precision for their construction, and that this fact does not necessarily lead to the most efficient computations.

### Modular polynomials via isogeny volcanoes

- Mathematics, Computer ScienceMath. Comput.
- 2012

This approach uses the graph of l-isogenies to eciently compute l mod p for many primes p of a suitable form, and then applies the Chinese Remainder Theorem (CRT).

### On the evaluation of modular polynomials

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2013

We present two algorithms that, given a prime ell and an elliptic curve E/Fq, directly compute the polynomial Phi_ell(j(E),Y) in Fq[Y] whose roots are the j-invariants of the elliptic curves that are…

### Generalized class polynomials

- Mathematics, Computer Science
- 2022

This work introduces a generalization of class polynomials, with reduction factors that are not limited by the Br¨oker-Stevenhagen bound, and provides examples match-ing Weber’s reduction factor.

### Improved CRT Algorithm for Class Polynomials in Genus 2

- Mathematics, Computer Science
- 2019

This work presents a probabilistic algorithm for “going up” to a maximal curve (a curve with maximal endomorphism ring), once the authors find any curve in the right isogeny class.

### Algorithm 1 Overview of the full algorithm

- Mathematics
- 2021

Let E be an ordinary elliptic curve over a finite field and g be a positive integer. Under some technical assumptions, we give an algorithm to span the isomorphism classes of principally polarized…

## References

SHOWING 1-10 OF 83 REFERENCES

### A $p$-adic algorithm to compute the Hilbert class polynomial

- Computer Science, Mathematics
- 2008

Classically, the Hilbert class polynomial PΔ ∈ Z[X] of an imaginary quadratic discriminant A is computed using complex analytic techniques. In 2002, Couveignes and Henocq suggested a p-adic algorithm…

### A p-adic algorithm to compute the Hilbert class polynomial

- Computer Science, MathematicsMath. Comput.
- 2008

A detailed description of the p-adic algorithm to compute the Hilbert class polynomial P∆ of an imaginary quadratic discriminant ∆ is given, and a careful study of the complexity shows that, if the Generalized Riemann Hypothesis holds true, the expected runtime is O(|∆|(log | ∆|)8+ε) instead of O( |∆ |1+ε).

### Computing Hilbert Class Polynomials

- Computer Science, MathematicsANTS
- 2008

A p-adic lifting algorithm forinert primes p in the order of discriminant D < 0.1 and an improved Chinese remainder algorithm which uses the class group action onCM-curves over finite fields are presented.

### Numerical Results on Class Groups of Imaginary Quadratic Fields

- Computer Science, MathematicsANTS
- 2006

Using techniques described in [3], the class number and class group structure of all imaginary quadratic fields with discriminant Δ for 0 < |Δ| < 1011 is computed.

### Factoring integers with elliptic curves

- Mathematics
- 1986

This paper is devoted to the description and analysis of a new algorithm to factor positive integers that depends on the use of elliptic curves and it is conjectured that the algorithm determines a non-trivial divisor of a composite number n in expected time at most K( p)(log n)2.

### The complexity of class polynomial computation via floating point approximations

- Computer Science, MathematicsMath. Comput.
- 2009

The complexity of computing class polynomials, that are an important ingredient for CM constructions of elliptic curves, via complex floating point approximations of their roots, is analysed, using a technique devised by Dupont to evaluate modular functions by Newton iterations on an expression involving the arithmetic-geometric mean.

### CONSTRUCTING ELLIPTIC CURVES WITH A KNOWN NUMBER OF POINTS OVER A PRIME FIELD

- Mathematics, Computer Science
- 2003

A modified version of the Chinese remainder theorem (CRT) is presented to compute HD(X) modulo n directly from the knowledge of HD( X)modulo enough small primes, suggesting that asymptotically the algorithm is an improvement over previously known methods.

### Computing modular polynomials in quasi-linear time

- Computer ScienceMath. Comput.
- 2009

It is shown that an algorithm relying on floating point evaluation of modular functions and on interpolation, which has received little attention in the literature, has a complexity that is essentially linear in the size of the computed polynomials.

### A rigorous subexponential algorithm for computation of class groups

- Mathematics
- 1989

Let C(-d) denote the Gauss Class Group of quadratic forms of a negative discriminant -d (or equivalently, the class group of the imaginary quadratic field Q(A/=') ). We give a rigorous proof that…

### Explicit bounds for primality testing and related problems

- Mathematics
- 1990

Many number-theoretic algorithms rely on a result of Ankeny, which states that if the Extended Riemann Hypothesis (ERH) is true, any nontrivial multiplicative subgroup of the integers modulo m omits…