On the Product of Small Elkies Primes

Abstract

Given an elliptic curve E over a finite field q of q elements, we say that an odd prime q is an Elkies prime for E if tE2 - 4q is a quadratic residue modulo , where tE = q+1 - #E(q) and #E(q) is the number of q-rational points on E. These primes are used in the presently most efficient algorithm to compute #E(q). In particular, the bound Lq(E) such that the product of all Elkies primes for E up to Lq(E) exceeds 4q1/2 is a crucial parameter of this algorithm. We show that there are infinitely many pairs (p, E) of primes p and curves E over p with Lp(E) c p p for some absolute constant c>0, while a naive heuristic estimate suggests that Lp(E) p. This complements recent results of Galbraith and Satoh (2002), conditional under the Generalised Riemann Hypothesis, and of Shparlinski and Sutherland (2012), unconditional for almost all pairs (p,E).