When an elliptic curve E1/Fq is of prime order
r, there always exists another elliptic curve E2/Fr of order q, i.e. a 2-cycle between E1
and E2. This result comes from the CM method. Let t be the trace of E1/Fq so that q + 1 − t = r. Writing r + 1 − (2 − t) = q, we obtain using the CM method another curve defined over Fr of trace 2 − t. As long as D is small enough, we can compute the curve coefficients using the Hilbert class polynomial. In practice, this polynomial can be computed directly modulo q using [Sut11], and the largest computation was done for a discriminant with a dozen of digits.
ytrezq
commented
5 days ago