Factorization of Hilbert class polynomials over prime fields

Abstract

Let D be a negative integer congruent to 0 or 14 and O=OD be the corresponding order of K=Q(D). The Hilbert class polynomial HD(x) is the minimal polynomial of the j-invariant jD=j(C/O) of O over K. Let nD=(OQ( jD):Z[ jD]) denote the index of Z[ jD] in the ring of integers of Q(jD). Suppose p is any prime. We completely determine the factorization of HD(x) in Fp[x] if either p nD or p D is inert in K and the p-adic valuation vp(nD)≤ 3. As an application, we analyze the key space of Oriented Supersingular Isogeny Diffie-Hellman (OSIDH) protocol proposed by Col\`o and Kohel in 2019 which is the roots set of the Hilbert class polynomial in Fp2.