The Endomorphism Rings of Supersingular Elliptic Curves over Fp and the Binary Quadratic Forms

Abstract

It is well known that there is a one-to-one correspondence between supersingular j-invariants up to the action of Gal(Fp2/Fp) and type classes of maximal orders in Bp,∞ by Deuring's theorem. Interestingly, we establish a one-to-one correspondence between Fp-isomorphism classes of supersingular elliptic curves and primitive reduced binary quadratic forms with discriminant -p or -16p. Due to this correspondence and the fact that Fp-isogenies between elliptic curves could be represented by quadratic forms, we show that operations of these isogenies on supersingular elliptic curves over Fp are compatible with the composition of quadratic forms. Based on these results, we could reduce the security of CSIDH cryptosystem to computing this correspondence explicitly.