The Probability That the Number of Points on an Elliptic Curve over a Finite Field Is Prime

The paper gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has a prime number of points. Two heuristic arguments in support of the formula are given as well as experimental evidence. The paper also gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has kq points where k is a small number and where q is a prime. 1. Introduction Cryptographic and computational applications have recently motivated the study of several questions in the theory of elliptic curves over nite elds. For instance, the analysis of the elliptic curve factoring method leads to estimates ((7], 8]) for the probability that the number of points on an elliptic curve is smooth. In this paper, motivated by the use of elliptic curves in public key cryptosystems, we consider the \opposite" problem. More speciically, we ask the question: What is the probability that a randomly chosen elliptic curve over F p has kq points, where k is small and q is prime? Initially we take p to be prime. The minor modiications needed to deal with arbitrary nite elds are considered later. Koblitz 5] has considered the analogous problem when the elliptic curve E is xed and where it is the prime p which varies. The paper 5] gives a conjectural