Hilbert class polynomial roots mod q

pari on Mon, 04 Jul 2022 00:28:41 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Hilbert class polynomial roots mod q

To: pari-users@pari.math.u-bordeaux.fr
Subject: Hilbert class polynomial roots mod q
From: pari@jvdsn.com
Date: Mon, 4 Jul 2022 00:28:35 +0200
Delivery-date: Mon, 04 Jul 2022 00:28:41 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=jvdsn.com; s=mail; t=1656887316; bh=halc361WKUJCinQgWc6W7lgy8xLLErhsR7u8zk4NO74=; h=Date:To:From:Subject; b=wwggpgh+C1+Y1tVQEj5+LsAg1Z0mOlf6r6x6bF/PZyZ8miXb2O+l6b8gZvm84H9f6 9hJOKA8w9oviYTupnhMALhLBO8Ujt1vMy9cRmGFxWJ6vc2gHWqS4ZAaD+YUsMDRV02 205KBuYTPegwU1BVcXDYqM5jCFWahvXKqdsBYYmIaRMupnP2Z/W/k/byiztacLB2dl 5tulHk7toKbEZJIgIW5mkZf/xQ4iM38vVhYEbjcRN0k76+kTF9MUDUh1xwKwUgkF+M bNuT3XHl/3am65xOHCaGrRQ9R41kpvygog78y/jxmNVFcfWjIv/oSeOY0bvMg7StgY nGYtgNCZIVoKQ==

Hi all,

In elliptic curve cryptography, the Complex Multiplication method isused to generate elliptic curves with some predefined properties. A keystep in this process is computing the roots of a Hilbert classpolynomial with discriminant D modulo q (where q is a prime, or perhapseven a prime power). I would like to use PARI/GP for this purpose.

PARI currently offers a function polclass, which computes the Hilbertclass polynomial for a given discriminant D (H_D(X)). Looking at theimplementation, this code seems to be based off Andrew Sutherland's"Computing Hilbert class polynomials with the Chinese Remainder Theorem"[0]. That paper presents an algorithm to compute H_D(X) module someinteger P (= q). However, the polclass does not provide a parameter forthe modulus. Therefore, the current approach would be:


1. Compute H_D(X) using polclass
2. Reduce H_D(X) mod q
3. Find the roots of H_D(X) mod q

The issue arises in step 1, which computes H_D(X) over the integers. Forlarge Ds, this polynomial will be too big and take too long to generate.This is why computing H_D(X) mod P directly would be a big performanceimprovement. I'm wondering if it would be technically feasible to addthe parameter P to this method? I'm not very familiar with the PARIinternals, so right now the code is quite hard to read for me.

Actually, it would be even better if the roots of H_D(X) could becomputed modulo P without even constructing (the coefficients of) thepolynomial itself. Andrew Sutherland has a follow-up paper,"Accelerating the CM method" [1], which deals with this issue. I don'tthink this paper is currently implemented in PARI, but feel free tocorrect me if I'm wrong. Still, when I looked at the polclass code, Ifound a function called polclass_roots_modp. This function sounds verypromising, but I don't know if it fully solves the problem (e.g. it hasa lot more arguments than I would expect). So, my second question is:would it be technically feasible to make this function externallyaccessible, with a much simplified API that simply accepts theparameters D and P to directly compute the roots of H_D(X) mod P?

I would be open to making these changes myself, but as mentionedpreviously I have no experience with PARI code/internals. Perhapssomeone else is more familiar with the polclass code and actually knowswhat is implemented where. Thanks in advance for any help.


Kind regards,
Joachim Vandersmissen

[0]: https://doi.org/10.48550/arXiv.0903.2785
[1]: https://doi.org/10.1112/S1461157012001015

Follow-Ups:
- Re: Hilbert class polynomial roots mod q
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>

Prev by Date: Re: all divisors of a cyclotomic integer
Next by Date: Re: Hilbert class polynomial roots mod q
Previous by thread: Re: all divisors of a cyclotomic integer
Next by thread: Re: Hilbert class polynomial roots mod q
Index(es):
- Date
- Thread