We compute Tate pairing over supersingular elliptic curves via the generic BGhES[3] method for p = 5, 7. In those cases, the point multiplication by p is efficiently computed by the Frobenius endomorphism. The function in a cycle can be efficiently computed by the method of continued fraction.

Let k be a field of positive characteristic p. Question: Does every twisted form of μp over k occur as subgroup scheme of an elliptic curve over k? We show that this is true for most finite fields, for local fields and for fields of characteristic p ≤ 11. However, it is false in general for fields of characteristic p ≥ 13, which is related to the fact that the Igusa curves are not rational in t...

The CGL hash function is a provably secure using walks on isogeny graphs of supersingular elliptic curves. A dominant cost its computation comes from iterative computations power roots over quadratic extension fields. In this paper, we reduce the necessary number root by almost half, applying and also extending an existing method efficient sequence Legendre curves (Hashimoto Nuida, CASC 2021). ...

In a 1998 paper [2], Kaneko and Zagier explain unpublished work of Atkin which exhibits an infinite sequence of polynomials with the property that when suitable polynomials are reduced mod p for a prime p, one gets the locus of supersingular elliptic curves. Here we generalize this phenomenon by considering the continued fraction expansions of modular and quasimodular forms.

The maps $$x \mapsto ax^{2^k}+b$$ defined over finite fields of characteristic two can be related to the duplication map binary supersingular elliptic curves. Relying upon structure group rational points such curves we describe possible cycle lengths maps. Then extend our investigation (ax^{2^k}+b)^{-1}$$ . We also notice some relations between these latter and polynomials $$x^{2^k+1} + x +a$$ ...

We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring. Ou...

It has been recently acknowledged [4, 6, 9] that the use of double bases representations of scalars n, that is an expression of the form n = ∑ e,s,t(−1) AB can speed up significantly scalar multiplication on those elliptic curves where multiplication by one base (say B) is fast. This is the case in particular of Koblitz curves and supersingular curves, where scalar multiplication can now be ach...

Explicit congruences (mod p) are proved for the class equations or the products of class equations corresponding to discriminants D = −8p,−3p, −12p in the theory of complex multiplication, where p is an odd prime. These congruences are used to give a new proof of a theorem of Ogg, which states that there are exactly 15 primes p for which all j-invariants of supersingular elliptic curves in char...

We consider digital expansions of scalars for supersingular Koblitz curves in characteristic three. These are positional representations of integers to the base of τ , where τ is a zero of the characteristic polynomial T 2 ± 3T + 3 of a Frobenius endomorphism. They are then applied to the improvement of scalar multiplication on the Koblitz curves. A simple connection between τ -adic expansions ...

We show that for all odd primes p, there exist ordinary elliptic curves over Fp(x) with arbitrarily high rank and constant j-invariant. This shows in particular that there are elliptic curves with arbitrarily high rank over these fields for which the corresponding elliptic surface is not supersingular. The result follows from a theorem which states that for all odd prime numbers p and l, there ...