Efficient CM-constructions of elliptic curves over finite fields

We present an algorithm that, on input of an integer N ≥ 1 together with its prime factorization, constructs a finite field F and an elliptic curve E over F for which E(F) has order N . Although it is unproved that this can be done for all N , a heuristic analysis shows that the algorithm has an expected run time that is polynomial in 2ω(N) logN , where ω(N) is the number of distinct prime factors of N . In the cryptographically relevant case where N is prime, an expected run time O((logN)4+ε) can be achieved. We illustrate the efficiency of the algorithm by constructing elliptic curves with point groups of order N = 102004 and N = nextprime(102004) = 102004+4863.