Fast computation of canonical lifts of elliptic curves and its application to point counting

  • Satoh T
  • Skjernaa B
  • Taguchi Y
  • 4


    Mendeley users who have this article in their library.
  • 21


    Citations of this article.


Let p be a fixed small prime. We give an algorithm with preprocessing to compute the j-invariant of the canonical lift of a given ordinary elliptic curve E/Fq(q = pN, j(E) ∉ Fp2) modulo pN/2+O(1)in O(N2μ+1/μ+1) bit operations (assuming the time complexity of multiplying two n-bit objects is O(nμ) using O(N2) memory, not including preprocessing. This is faster than the algorithm of Vercauteren et al. [14] by a factor of Nμ/μ+1. Let K be the unramified extension field of degree N over Qp. We also develop an algorithm to compute NK/Qp(x) mod pN/2+O(1)with O(N2μ+0.5) bit operations and O(N2) memory when x∈K satisfies certain conditions, which are always satisfied when applied to our point counting algorithm. As a result, we get an O(N2μ+0.5) time, O(N2) memory algorithm for counting the Fq-rational points on E/Fq, which turns out to be very fast in practice for cryptographic size elliptic curves. © 2002 Elsevier Science (USA). All rights reserved.

Author-supplied keywords

  • Canonical lifts
  • Elliptic curves
  • Frobenius substitutions

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Takakazu Satoh

  • Berit Skjernaa

  • Yuichiro Taguchi

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free