Prime Numbers

362 Chapter 7 ELLIPTIC CURVE ARITHMETIC
how to compute a complete list for any prescribed value of h. The effective
determination of such lists is an extremely interesting computational problem.
To apply the Atkin–Morain method, we want to consider discriminants
ordered, say, as above, i.e., lowest h(D) first. We shall seek curve orders based
on specific representations
4p = u 2 + |D|v 2 ,
whence, as we see in the following algorithm exhibition, the resulting possible
curve orders will be simple functions of p, u, v. Note that for D = −3, −4
there are 6, 4 possible orders, respectively, while for other D there are two
possible orders. Such representations of 4p are to be attempted via Algorithm
2.3.13. If p is prime, the “probability” that 4p is so representable, given that
D
p
=1,is1/h(D), as mentioned above. In the following algorithm, either it
is assumed that our discriminant list is finite, or we agree to let the algorithm
run for some prescribed amount of time.
Algorithm 7.5.9 (CM method for generating curves and orders). We assume
a list of fundamental discriminants {Dj < 0:j =1, 2, 3,...} ordered,
say, by increasing class number h(D), and within the same class number by increasing
|D|. We are given a prime p>3. The algorithm reports (optionally)
possible curve orders or (also optionally) curve parameters for CM curves associated
with the various Dj.
1. [Calculate nonresidue]
Find a random quadratic nonresidue g (mod p);
if(p ≡ 1(mod3)and g (p−1)/3 ≡ 1(modp)) goto [Calculate nonresidue];
// In case D = −3 is used, g must also be a noncube modulo p.
j =0;
2. [Discriminant loop]
j = j +1;
D = Dj;
if(
D
p =1) goto [Discriminant loop];
3. [Seek a quadratic form for 4p]
Attempt to represent 4p = u2 + |D|v2 , via Algorithm 2.3.13, but if the
attempt fails, goto [Discriminant loop];
4. [Option: Curve orders]
if(D == −4) report{p +1± u, p +1± 2v}; // 4 possible orders.
if(D == −3) report{p +1± u, p +1± (u ± 3v)/2}; // 6 possible orders.
if(D