Given two elliptic curves over a finite field having the same cardinality and endomorphism ring, it is known that the curves admit an isogeny between them, but finding such an isogeny is believed to be computationally difficult. The fastest known classical algorithm takes exponential time, and prior to our work no faster quantum algorithm was known. Recently, public-key cryptosystems based on t...

A formula is given for the dimension of the Selmer group of the rational three-isogeny of elliptic curves of the form y2 = x3+a(x−b)2. The formula is in terms of the three-ranks of the quadratic number fields Q( √ a) and Q( √ −3a) and various aspects of the arithmetic of these number fields. In addition a duality theorem is used to relate the dimension of the Selmer group of the three-isogeny w...

We count the number of isogeny classes of Edwards curves over finite fields, answering a question recently posed by Rezaeian and Shparlinski. We also show that each isogeny class contains a complete Edwards curve, and that an Edwards curve is isogenous to an original Edwards curve over IFq if and only if its group order is divisible by 8 if q ≡ −1 (mod 4), and 16 if q ≡ 1 (mod 4). Furthermore, ...

0.1. Endomorphisms of elliptic curves. Recall that a homomorphism of complex elliptic curves is just a holomorphic map E1 → E2 which preserves the origin. (It turns out that this condition is enough to force it to be a homomorphism of groups in the usual sense; why?) An isogeny of elliptic curves is a homomorphism whose kernel is a finite subgroup of E1. In fact the kernel of a homomorphism of ...

We give a brief survey of elliptic curve isogenies and the computational problems relevant for supersingular isogeny crypto. Supersingular isogeny cryptography is attracting attention due to the fact that there are no quantum attacks known against it that are significantly faster than classical attacks. However, the underlying computational problems have not been sufficiently studied by quantum...

Deligne has shown that there is an equivalence from the category of ordinary abelian varieties over a finite field A: to a category of Z-modules with additional structure. We translate several geometric notions, including that of a polarization, into Deligne's category of Z-modules. We use Deligne's equivalence to characterize the finite group schemes over k that occur as kernels of polarizatio...

Using properties of the Frobenius eigenvalues, we show that, in a precise sense, “most” isomorphism classes of (principally polarized) simple abelian varieties over a finite field are characterized, up to isogeny, by the sequence of their division fields, and a similar result for “most” isogeny classes. Some global cases are also treated.

Let E1 and E2 be ordinary elliptic curves over a finite field Fp such that #E1(Fp) = #E2(Fp). Tate’s isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp. The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny. The algorithm proposed in this paper has exponential complexity in the worst case. Nevertheless, it is efficie...

The isogeny for elliptic curve cryptosystems was initially used for the efficient improvement of order counting methods. Recently, Smart proposed the countermeasure using isogeny for resisting the refined differential power analysis by Goubin (Goubin’s attack). In this paper, we examine the countermeasure using isogeny against zero-value point (ZVP) attack that is generalization of Goubin’s att...