Schoof’s point-counting algorithm

From Elliptic Curve Crypto
Revision as of 08:31, 8 February 2025 by Rational Point (talk | contribs) (Rational Point moved page Schoof's point counting algorithm to Schoof’s point counting algorithm: Misspelled title)

René Schoof's point counting algorithm [1] determines the exact number of points on an elliptic curve within the range determined by Hasse’s theorem.

The algorithm runs in polynomial time. It is alarming, or should be, to users of cryptographic schemes that depend on the difficulty of solving the discrete logarithm problem over elliptic curves, that a problem once requiring baby-step giant-step or similar algorithms was suddenly solved in polynomial time.

Schoof–Elkies–Atkin (SEA) is an improved variant which is much more efficient, of Las Vegas type expected termination.

Such an easy method of calculating the order of an elliptic curve over a finite field, that is, the exact number of points on it, might lead to easy solutions for the discrete logarithm problem in general, and we should assume this to be the case, especially in light of redactions of published information from certain European axis-aligned non-U.S. and “ex-pat” sources, unless there are good explanations why this is not so.

Elliptic Curve Crypto:General disclaimer.

  1. René Schoof. Mathematics of Computation, vol. 44. no. 170 April 1985. pp. 483–494. https://www.ams.org/journals/mcom/1985-44-170/S0025-5718-1985-0777280-6/S0025-5718-1985-0777280-6.pdf
Retrieved from "https://www.ellipticcurve.info/index.php?title=Schoof’s_point-counting_algorithm&oldid=448"