Endomorphism rings of elliptic curves over finite fields by David Kohel

39Chapter 4The ordinary caseThroughout this section E will denote an ordinary elliptic curve over a finite field kof q elements and characteristic p. Let π be the Frobenius endomorphism relative tok. Recall that E is ordinary if it satisfies any of the following equivalent conditions.1. E[p r ] ∼ = Z/p r Z for all positive integers r.2. End(E) is an order in a complex imaginary extension of Q.3. The dual of the Frobenius endomorphism is separable.4. The trace of the Frobenius endomorphism is relatively prime to q.For an ordinary elliptic curve E over a field k, the full endomorphism ring End(E),which we denote by O, is equal to End k (E). For a rational integer l we denoteZ[π] ⊗ Z l by Z[π] l and O ⊗ Z l by O l .The objective of this chapter is to describe methods by which to determine the isomorphismtype of the endomorphism ring O, which we refer to as the endomorphism typeof E. We refer to the subset of curves in the isogeny class of E with endomorphismtype O as the endomorphism class of E. The algorithm of Schoof [27] is a polynomialtime algorithm for determining the trace t of Frobenius relative to k on E, so wemay assume that we know the subring Z[π] of O = End(E). The methods describedhere will comprise elements of an algorithm for computing the endomorphism typeof a given ordinary elliptic curve E. We synthesize the various components into analgorithm in the last section. We may let O K be the maximal order in the formalfield of fractions K = Z[π] ⊗ Q of discriminant D K , and let m be the conductor ofZ[π]. Then there exists an integer a such that[ ] π − aO K = Z .mThe integer a has the property that that (X − a) 2 = X 2 − tX + q mod m, andis determined by the conditions that 2a ≡ t mod m and q − ta + a 2 ≡ 0 mod m 2 .