Computing Hilbert class polynomials with the Chinese remainder theorem

  title={Computing Hilbert class polynomials with the Chinese remainder theorem},
  author={Andrew V. Sutherland},
  journal={Math. Comput.},
We present a space-efficient algorithm to compute the Hilbert class polynomial H_D(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D|^(1/2+o(1))log P) space and has an expected running time of O(|D|^(1+o(1)). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D| as large as 10^13 and h(D) up to 10^6. We apply these results to… 

Figures and Tables from this paper

Supersingular $j$-invariants and the Class Number of $\mathbb{Q}(\sqrt{-p})$

A deterministic algorithm is got for computing the class number of Q( √−p) if D is not a quadratic residue in Fp and the time complexity of Algorithm 3 is Õ(p1/2) if the authors use probabilistic factorization algorithms and assume the Generalized Riemann Hypothesis.

22.1 the Hilbert Class Polynomial

The appellation “Hilbert” is sometimes reserved for cases where D is a fundamental discriminant (in which case HD(X) is more generally called a ring class polynomial), but we shall use the term

Constructing supersingular elliptic curves with a given endomorphism ring

The paper presents an algorithm that solves the computational problem of constructing a supersingular elliptic curve E over F_p such that End(E) = O by taking gcds of the reductions modulo p of Hilbert class polynomials by simultaneously match all maximal order types with their associated j-invariants.

Some remarks on the construction of class polynomials

It is shown that Weber polynomials constructed with discriminants $-D \equiv 1$ (mod $8$) have the smallest height and require the least precision for their construction, and that this fact does not necessarily lead to the most efficient computations.

Modular polynomials via isogeny volcanoes

This approach uses the graph of l-isogenies to eciently compute l mod p for many primes p of a suitable form, and then applies the Chinese Remainder Theorem (CRT).

On the evaluation of modular polynomials

We present two algorithms that, given a prime ell and an elliptic curve E/Fq, directly compute the polynomial Phi_ell(j(E),Y) in Fq[Y] whose roots are the j-invariants of the elliptic curves that are

Generalized class polynomials

This work introduces a generalization of class polynomials, with reduction factors that are not limited by the Br¨oker-Stevenhagen bound, and provides examples match-ing Weber’s reduction factor.

Improved CRT Algorithm for Class Polynomials in Genus 2

This work presents a probabilistic algorithm for “going up” to a maximal curve (a curve with maximal endomorphism ring), once the authors find any curve in the right isogeny class.

Algorithm 1 Overview of the full algorithm

Let E be an ordinary elliptic curve over a finite field and g be a positive integer. Under some technical assumptions, we give an algorithm to span the isomorphism classes of principally polarized



A $p$-adic algorithm to compute the Hilbert class polynomial

Classically, the Hilbert class polynomial PΔ ∈ Z[X] of an imaginary quadratic discriminant A is computed using complex analytic techniques. In 2002, Couveignes and Henocq suggested a p-adic algorithm

A p-adic algorithm to compute the Hilbert class polynomial

A detailed description of the p-adic algorithm to compute the Hilbert class polynomial P∆ of an imaginary quadratic discriminant ∆ is given, and a careful study of the complexity shows that, if the Generalized Riemann Hypothesis holds true, the expected runtime is O(|∆|(log | ∆|)8+ε) instead of O( |∆ |1+ε).

Computing Hilbert Class Polynomials

A p-adic lifting algorithm forinert primes p in the order of discriminant D < 0.1 and an improved Chinese remainder algorithm which uses the class group action onCM-curves over finite fields are presented.

Numerical Results on Class Groups of Imaginary Quadratic Fields

Using techniques described in [3], the class number and class group structure of all imaginary quadratic fields with discriminant Δ for 0 < |Δ| < 1011 is computed.

Factoring integers with elliptic curves

This paper is devoted to the description and analysis of a new algorithm to factor positive integers that depends on the use of elliptic curves and it is conjectured that the algorithm determines a non-trivial divisor of a composite number n in expected time at most K( p)(log n)2.

The complexity of class polynomial computation via floating point approximations

  • A. Enge
  • Computer Science, Mathematics
    Math. Comput.
  • 2009
The complexity of computing class polynomials, that are an important ingredient for CM constructions of elliptic curves, via complex floating point approximations of their roots, is analysed, using a technique devised by Dupont to evaluate modular functions by Newton iterations on an expression involving the arithmetic-geometric mean.


A modified version of the Chinese remainder theorem (CRT) is presented to compute HD(X) modulo n directly from the knowledge of HD( X)modulo enough small primes, suggesting that asymptotically the algorithm is an improvement over previously known methods.

Computing modular polynomials in quasi-linear time

  • A. Enge
  • Computer Science
    Math. Comput.
  • 2009
It is shown that an algorithm relying on floating point evaluation of modular functions and on interpolation, which has received little attention in the literature, has a complexity that is essentially linear in the size of the computed polynomials.

A rigorous subexponential algorithm for computation of class groups

Let C(-d) denote the Gauss Class Group of quadratic forms of a negative discriminant -d (or equivalently, the class group of the imaginary quadratic field Q(A/=') ). We give a rigorous proof that

Explicit bounds for primality testing and related problems

Many number-theoretic algorithms rely on a result of Ankeny, which states that if the Extended Riemann Hypothesis (ERH) is true, any nontrivial multiplicative subgroup of the integers modulo m omits