├── Makefile
├── .gitmodules
├── LICENSE
├── docs
    ├── poly.pdf.html
    └── index.html
├── README
├── .gitignore
├── unicode.sty
└── refs.bib


/Makefile:
--------------------------------------------------------------------------------
1 | poly.pdf: FORCE
2 | 	latexmk -pdf -halt-on-error -file-line-error poly.tex
3 | 
4 | FORCE:
5 | 


--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "isogenies_bib"]
2 | 	path = isogenies_bib
3 | 	url = git@github.com:defeo/isogenies.bib.git
4 | [submodule "cryptobib"]
5 | 	path = cryptobib
6 | 	url = https://github.com/cryptobib/export
7 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | This work is licensed under the Creative Commons Attribution-NonCommercial 
2 | 4.0 International License. To view a copy of this license, visit 
3 | <https://creativecommons.org/licenses/by-nc/4.0/deed.en_GB>.
4 | 


--------------------------------------------------------------------------------
/docs/poly.pdf.html:
--------------------------------------------------------------------------------
 1 | <!Doctype html>
 2 | <html>
 3 |   <head>
 4 |     <meta charset="utf-8">
 5 |     <title>Mathematics of Isogeny Based Cryptography</title>
 6 |     <meta http-equiv="refresh" content="0; url=https://arxiv.org/pdf/1711.04062">
 7 |   </head>
 8 |   <body>
 9 |     <h3>
10 |       Download here: <a href="https://arxiv.org/pdf/1711.04062">https://arxiv.org/pdf/1711.04062</a>
11 |     </h3>
12 |   </body>
13 | </html>
14 | 


--------------------------------------------------------------------------------
/README:
--------------------------------------------------------------------------------
 1 | # Isogeny Graphs in Cryptography
 2 | 
 3 | These lectures notes were written for the summer school on *Graph
 4 | Theory Meets Cryptography* in Würzburg, Germany, in July 2019.  Their
 5 | goal is to survey the mathematical background of isogeny-based
 6 | cryptography, a blossoming new field with applications to post-quantum
 7 | cryptography and blockchains.  They are by no means a reference text
 8 | on the theory of elliptic curves, nor on cryptography; readers are
 9 | encouraged to complement these notes with the references given in the
10 | bibliography.
11 | 


--------------------------------------------------------------------------------
/docs/index.html:
--------------------------------------------------------------------------------
 1 | <!Doctype html>
 2 | <html>
 3 |   <head>
 4 |     <meta charset="utf-8">
 5 |     <title>EMA 2017 – Isogeny-based cryptography</title>
 6 |     <style>
 7 |       body { text-align: center }
 8 |       a { text-decoration: none }
 9 |       a:hover { text-decoration: underline }
10 |     </style>
11 |   </head>
12 |   <body>
13 |     <h1>Isogeny Based Cryptography</h1>
14 |     <p>
15 |       <a href="http://defeo.lu/">Luca De Feo</a><br>
16 |       Université de Versailles & Inria Saclay
17 |     </p>
18 | 
19 |     <h3>
20 |       <a href="http://ema2017.lacgaa.com/">École mathématique
21 | 	africaine</a><br>
22 |       May 10 – 23, 2017, Thiès, Senegal
23 |     </h3>
24 | 
25 |     <h3><a href="https://arxiv.org/pdf/1711.04062" target="_blank">Télecharger le polycopié</a></h3>
26 | 
27 |     <script src="https://gist.github.com/defeo/cfd23964bca77b2597015be70b311463.js"></script>
28 |     <noscript>
29 |     <h3><a href="https://gist.github.com/defeo/cfd23964bca77b2597015be70b311463">Travaux
30 | 	pratiques</a></h3>
31 |     </noscript>
32 |   </body>
33 | </html>
34 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Core latex/pdflatex auxiliary files:
  2 | *.aux
  3 | *.lof
  4 | *.log
  5 | *.lot
  6 | *.fls
  7 | *.out
  8 | *.toc
  9 | *.fmt
 10 | *.fot
 11 | *.cb
 12 | *.cb2
 13 | 
 14 | ## Intermediate documents:
 15 | *.dvi
 16 | *-converted-to.*
 17 | # these rules might exclude image files for figures etc.
 18 | # *.ps
 19 | # *.eps
 20 | # *.pdf
 21 | 
 22 | ## Generated if empty string is given at "Please type another file name for output:"
 23 | poly.pdf
 24 | 
 25 | ## Bibliography auxiliary files (bibtex/biblatex/biber):
 26 | *.bbl
 27 | *.bcf
 28 | *.blg
 29 | *-blx.aux
 30 | *-blx.bib
 31 | *.run.xml
 32 | 
 33 | ## Build tool auxiliary files:
 34 | *.fdb_latexmk
 35 | *.synctex
 36 | *.synctex(busy)
 37 | *.synctex.gz
 38 | *.synctex.gz(busy)
 39 | *.pdfsync
 40 | 
 41 | ## Auxiliary and intermediate files from other packages:
 42 | # algorithms
 43 | *.alg
 44 | *.loa
 45 | 
 46 | # achemso
 47 | acs-*.bib
 48 | 
 49 | # amsthm
 50 | *.thm
 51 | 
 52 | # beamer
 53 | *.nav
 54 | *.pre
 55 | *.snm
 56 | *.vrb
 57 | 
 58 | # changes
 59 | *.soc
 60 | 
 61 | # cprotect
 62 | *.cpt
 63 | 
 64 | # elsarticle (documentclass of Elsevier journals)
 65 | *.spl
 66 | 
 67 | # endnotes
 68 | *.ent
 69 | 
 70 | # fixme
 71 | *.lox
 72 | 
 73 | # feynmf/feynmp
 74 | *.mf
 75 | *.mp
 76 | *.t[1-9]
 77 | *.t[1-9][0-9]
 78 | *.tfm
 79 | 
 80 | #(r)(e)ledmac/(r)(e)ledpar
 81 | *.end
 82 | *.?end
 83 | *.[1-9]
 84 | *.[1-9][0-9]
 85 | *.[1-9][0-9][0-9]
 86 | *.[1-9]R
 87 | *.[1-9][0-9]R
 88 | *.[1-9][0-9][0-9]R
 89 | *.eledsec[1-9]
 90 | *.eledsec[1-9]R
 91 | *.eledsec[1-9][0-9]
 92 | *.eledsec[1-9][0-9]R
 93 | *.eledsec[1-9][0-9][0-9]
 94 | *.eledsec[1-9][0-9][0-9]R
 95 | 
 96 | # glossaries
 97 | *.acn
 98 | *.acr
 99 | *.glg
100 | *.glo
101 | *.gls
102 | *.glsdefs
103 | 
104 | # gnuplottex
105 | *-gnuplottex-*
106 | 
107 | # gregoriotex
108 | *.gaux
109 | *.gtex
110 | 
111 | # hyperref
112 | *.brf
113 | 
114 | # knitr
115 | *-concordance.tex
116 | # TODO Comment the next line if you want to keep your tikz graphics files
117 | *.tikz
118 | *-tikzDictionary
119 | 
120 | # listings
121 | *.lol
122 | 
123 | # makeidx
124 | *.idx
125 | *.ilg
126 | *.ind
127 | *.ist
128 | 
129 | # minitoc
130 | *.maf
131 | *.mlf
132 | *.mlt
133 | *.mtc[0-9]*
134 | *.slf[0-9]*
135 | *.slt[0-9]*
136 | *.stc[0-9]*
137 | 
138 | # minted
139 | _minted*
140 | *.pyg
141 | 
142 | # morewrites
143 | *.mw
144 | 
145 | # nomencl
146 | *.nlo
147 | 
148 | # pax
149 | *.pax
150 | 
151 | # pdfpcnotes
152 | *.pdfpc
153 | 
154 | # sagetex
155 | *.sagetex.sage
156 | *.sagetex.py
157 | *.sagetex.scmd
158 | 
159 | # scrwfile
160 | *.wrt
161 | 
162 | # sympy
163 | *.sout
164 | *.sympy
165 | sympy-plots-for-*.tex/
166 | 
167 | # pdfcomment
168 | *.upa
169 | *.upb
170 | 
171 | # pythontex
172 | *.pytxcode
173 | pythontex-files-*/
174 | 
175 | # thmtools
176 | *.loe
177 | 
178 | # TikZ & PGF
179 | *.dpth
180 | *.md5
181 | *.auxlock
182 | 
183 | # todonotes
184 | *.tdo
185 | 
186 | # easy-todo
187 | *.lod
188 | 
189 | # xindy
190 | *.xdy
191 | 
192 | # xypic precompiled matrices
193 | *.xyc
194 | 
195 | # endfloat
196 | *.ttt
197 | *.fff
198 | 
199 | # Latexian
200 | TSWLatexianTemp*
201 | 
202 | ## Editors:
203 | # WinEdt
204 | *.bak
205 | *.sav
206 | *~
207 | _region_*
208 | 
209 | # Texpad
210 | .texpadtmp
211 | 
212 | # Kile
213 | *.backup
214 | 
215 | # KBibTeX
216 | *~[0-9]*
217 | 
218 | # auto folder when using emacs and auctex
219 | /auto/*
220 | 
221 | # expex forward references with \gathertags
222 | *-tags.tex
223 | 


--------------------------------------------------------------------------------
/unicode.sty:
--------------------------------------------------------------------------------
   1 | 
   2 | % Preamble for Unicode characters.
   3 | \RequirePackage{amsmath}
   4 | \ifx\directlua\undefined
   5 | \usepackage[T1]{fontenc}
   6 | \usepackage[utf8]{inputenc}
   7 | \else
   8 | \usepackage{fontspec}
   9 | % unicode-math bugue ici
  10 | \def\DeclareUnicodeCharacter#1#2{%
  11 | \def\tmp{#2}\uccode`\~="#1 \catcode"#1 \active
  12 | \uppercase{\global\let~\tmp}%
  13 | \uccode`\~=0}
  14 | \fi
  15 | \newcommand{\@ifdisplay}[2]{\mathchoice{#1}{#2}{#2}{#2}}%
  16 | % Extensible arrows%<<<
  17 | \def\mapstofill@{\arrowfill@{\mapstochar\relbar}\relbar\rightarrow}
  18 | \newcommand{\xmapsto}[2][]{\ext@arrow 0399\mapstofill@{#1}{#2}}
  19 | \def\mapsfromfill@{\arrowfill@\leftarrow\relbar{\relbar\mapsfromchar}}
  20 | \newcommand{\xmapsfrom}[2][]{\ext@arrow 0399\mapsfromfill@{#1}{#2}}
  21 | \def\longhookrightarrow{\DOTSB\lhook\protect\relbar\protect\joinrel\rightarrow}
  22 | \def\hookrightarrowfill@{\arrowfill@{\lhook\mkern 3mu}\relbar\rightarrow}
  23 | \newcommand{\xhookrightarrow}[2][]{\ext@arrow 0399\hookrightarrowfill@{#1}{#2}}
  24 | %>>>
  25 | % Automatic arrows%<<<
  26 | \def\@matharrow#1#2#3{%
  27 |   \let\@matharr@short@#1 \let\@matharr@long@#2 \let\@matharr@x@#3
  28 |   \let\@matharr@up@\relax \let\@matharr@down@\relax
  29 | \@matharr@step}
  30 | \def\@matharr@step{\futurelet\@matharr@what \@matharr@}
  31 | \def\@matharr@{\let\next\@matharr@do
  32 |   \ifx ^\@matharr@what\let\next\@matharr@up \fi
  33 |   \ifx _\@matharr@what\let\next\@matharr@down \fi
  34 | \next}
  35 | \def\@matharr@up^#1{\def\@matharr@up@{#1}\@matharr@step}
  36 | \def\@matharr@down_#1{\def\@matharr@down@{#1}\@matharr@step}
  37 | \def\@matharr@do{%
  38 |   \let\@matharr@do@\@matharr@x
  39 |   \ifx\@matharr@up@\relax \ifx\@matharr@down@\relax
  40 |     % Make an unlabeled arrow. Make it long if in display mode, short
  41 |     % otherwise.
  42 |     \def\@matharr@do@{\@ifdisplay{\@matharr@long@}{\@matharr@short@}}%
  43 |   \fi \fi
  44 | \@matharr@do@}
  45 | % Make a labeled extensible arrow.
  46 | \def\@matharr@x{%
  47 |   \@ifdisplay
  48 |   {\@matharr@x@[\mkern 8mu\@matharr@down@\mkern 8mu]%
  49 |     {\mkern 8mu\@matharr@up@\mkern 8mu}}%
  50 |   {\@matharr@x@[\mkern 12mu\@matharr@down@\mkern 12mu]%
  51 |     {\mkern 12mu\@matharr@up@\mkern 12mu}}%
  52 | }
  53 | 
  54 | \def\autorightarrow{\@matharrow\rightarrow\longrightarrow\xrightarrow}%
  55 | \def\autoleftarrow{\@matharrow\leftarrow\longleftarrow\xleftarrow}%
  56 | \def\automapsto{\@matharrow\mapsto\longmapsto\xmapsto}%
  57 | \def\automapsfrom{\@matharrow\mapsfrom\longmapsfrom\xmapsfrom}%
  58 | \def\autohookrightarrow{\@matharrow\hookrightarrow\longhookrightarrow
  59 |   \xhookrightarrow}
  60 | %>>>
  61 | % Capital Greek letters%<<<
  62 | \def\Alpha{A}
  63 | \def\Beta{B}
  64 | \def\Epsilon{E}
  65 | \def\Zeta{Z}
  66 | \def\Eta{H}
  67 | \def\Iota{I}
  68 | \def\Kappa{K}
  69 | \def\Mu{M}
  70 | \def\Nu{N}
  71 | \def\Omicron{O}
  72 | \def\Rho{P}
  73 | \def\Tau{T}
  74 | \def\Chi{X}
  75 | \def\omicron{o}
  76 | %%>>>
  77 | % This is a generated file, do not edit !
  78 | % 00A0   NO-BREAK SPACE
  79 | \DeclareUnicodeCharacter{00A0}{~}
  80 | % 00A1 ¡ INVERTED EXCLAMATION MARK
  81 | \DeclareUnicodeCharacter{00A1}{\textexclamdown}
  82 | % 00A2 ¢ CENT SIGN
  83 | \DeclareUnicodeCharacter{00A2}{\textcent}
  84 | % 00A3 £ POUND SIGN
  85 | \DeclareUnicodeCharacter{00A3}{\pounds}
  86 | % 00A4 ¤ CURRENCY SIGN
  87 | \DeclareUnicodeCharacter{00A4}{\textcurrency}
  88 | % 00A5 ¥ YEN SIGN
  89 | \DeclareUnicodeCharacter{00A5}{\textyen}
  90 | % 00A6 ¦ BROKEN BAR
  91 | \DeclareUnicodeCharacter{00A6}{\textbrokenbar}
  92 | % 00A7 § SECTION SIGN
  93 | \DeclareUnicodeCharacter{00A7}{{\mathhexbox 278}}
  94 | % 00A8 ¨ DIAERESIS
  95 | \DeclareUnicodeCharacter{00A8}{\"{ }}
  96 | % 00A9 © COPYRIGHT SIGN
  97 | \DeclareUnicodeCharacter{00A9}{\copyright}
  98 | % 00AA ª FEMININE ORDINAL INDICATOR
  99 | \DeclareUnicodeCharacter{00AA}{\textordfeminine}
 100 | % 00AB « LEFT-POINTING DOUBLE ANGLE QUOTATION MARK
 101 | \DeclareUnicodeCharacter{00AB}{\guillemotleft}
 102 | % 00AC ¬ NOT SIGN
 103 | \DeclareUnicodeCharacter{00AC}{\neg}
 104 | % 00AE ® REGISTERED SIGN
 105 | \DeclareUnicodeCharacter{00AE}{\textregistered}
 106 | % 00AF ¯ MACRON
 107 | \DeclareUnicodeCharacter{00AF}{\textasciimacron­}
 108 | % 00B0 ° DEGREE SIGN
 109 | \DeclareUnicodeCharacter{00B0}{\textsuperscript{o}}
 110 | % 00B1 ± PLUS-MINUS SIGN
 111 | \DeclareUnicodeCharacter{00B1}{\pm}
 112 | % 00B2 ² SUPERSCRIPT TWO
 113 | \DeclareUnicodeCharacter{00B2}{\textsuperscript{2}}
 114 | % 00B3 ³ SUPERSCRIPT THREE
 115 | \DeclareUnicodeCharacter{00B3}{\textsuperscript{3}}
 116 | % 00B5 µ MICRO SIGN
 117 | \DeclareUnicodeCharacter{00B5}{\textmu}
 118 | % 00B6 ¶ PILCROW SIGN
 119 | \DeclareUnicodeCharacter{00B6}{{\mathhexbox 27B}}
 120 | % 00B7 · MIDDLE DOT
 121 | \DeclareUnicodeCharacter{00B7}{\cdot}
 122 | % 00B9 ¹ SUPERSCRIPT ONE
 123 | \DeclareUnicodeCharacter{00B9}{\textsuperscript{1}}
 124 | % 00BA º MASCULINE ORDINAL INDICATOR
 125 | \DeclareUnicodeCharacter{00BA}{\textordmasculine}
 126 | % 00BB » RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK
 127 | \DeclareUnicodeCharacter{00BB}{\guillemotright}
 128 | % 00BC ¼ VULGAR FRACTION ONE QUARTER
 129 | \DeclareUnicodeCharacter{00BC}{\ensuremath{\sfrac{1}{4}}}
 130 | % 00BD ½ VULGAR FRACTION ONE HALF
 131 | \DeclareUnicodeCharacter{00BD}{\ensuremath{\sfrac{1}{2}}}
 132 | % 00BE ¾ VULGAR FRACTION THREE QUARTERS
 133 | \DeclareUnicodeCharacter{00BE}{\ensuremath{\sfrac{3}{4}}}
 134 | % 00BF ¿ INVERTED QUESTION MARK
 135 | \DeclareUnicodeCharacter{00BF}{\textquestiondown}
 136 | % 00D7 × MULTIPLICATION SIGN
 137 | \DeclareUnicodeCharacter{00D7}{\times}
 138 | % 00F7 ÷ DIVISION SIGN
 139 | \DeclareUnicodeCharacter{00F7}{\div}
 140 | % 0131 ı LATIN SMALL LETTER DOTLESS I
 141 | \DeclareUnicodeCharacter{0131}{\imath}
 142 | % 0237 ȷ LATIN SMALL LETTER DOTLESS J
 143 | \DeclareUnicodeCharacter{0237}{\jmath}
 144 | % 0391 Α GREEK CAPITAL LETTER ALPHA
 145 | \DeclareUnicodeCharacter{0391}{\Alpha}
 146 | % 0392 Β GREEK CAPITAL LETTER BETA
 147 | \DeclareUnicodeCharacter{0392}{\Beta}
 148 | % 0393 Γ GREEK CAPITAL LETTER GAMMA
 149 | \DeclareUnicodeCharacter{0393}{\Gamma}
 150 | % 0394 Δ GREEK CAPITAL LETTER DELTA
 151 | \DeclareUnicodeCharacter{0394}{\Delta}
 152 | % 0395 Ε GREEK CAPITAL LETTER EPSILON
 153 | \DeclareUnicodeCharacter{0395}{\Epsilon}
 154 | % 0396 Ζ GREEK CAPITAL LETTER ZETA
 155 | \DeclareUnicodeCharacter{0396}{\Zeta}
 156 | % 0397 Η GREEK CAPITAL LETTER ETA
 157 | \DeclareUnicodeCharacter{0397}{\Eta}
 158 | % 0398 Θ GREEK CAPITAL LETTER THETA
 159 | \DeclareUnicodeCharacter{0398}{\Theta}
 160 | % 0399 Ι GREEK CAPITAL LETTER IOTA
 161 | \DeclareUnicodeCharacter{0399}{\Iota}
 162 | % 039A Κ GREEK CAPITAL LETTER KAPPA
 163 | \DeclareUnicodeCharacter{039A}{\Kappa}
 164 | % 039B Λ GREEK CAPITAL LETTER LAMDA
 165 | \DeclareUnicodeCharacter{039B}{\Lambda}
 166 | % 039C Μ GREEK CAPITAL LETTER MU
 167 | \DeclareUnicodeCharacter{039C}{\Mu}
 168 | % 039D Ν GREEK CAPITAL LETTER NU
 169 | \DeclareUnicodeCharacter{039D}{\Nu}
 170 | % 039E Ξ GREEK CAPITAL LETTER XI
 171 | \DeclareUnicodeCharacter{039E}{\Xi}
 172 | % 039F Ο GREEK CAPITAL LETTER OMICRON
 173 | \DeclareUnicodeCharacter{039F}{\Omicron}
 174 | % 03A0 Π GREEK CAPITAL LETTER PI
 175 | \DeclareUnicodeCharacter{03A0}{\Pi}
 176 | % 03A1 Ρ GREEK CAPITAL LETTER RHO
 177 | \DeclareUnicodeCharacter{03A1}{\Rho}
 178 | % 03A3 Σ GREEK CAPITAL LETTER SIGMA
 179 | \DeclareUnicodeCharacter{03A3}{\Sigma}
 180 | % 03A4 Τ GREEK CAPITAL LETTER TAU
 181 | \DeclareUnicodeCharacter{03A4}{\Tau}
 182 | % 03A5 Υ GREEK CAPITAL LETTER UPSILON
 183 | \DeclareUnicodeCharacter{03A5}{\Upsilon}
 184 | % 03A6 Φ GREEK CAPITAL LETTER PHI
 185 | \DeclareUnicodeCharacter{03A6}{\Phi}
 186 | % 03A7 Χ GREEK CAPITAL LETTER CHI
 187 | \DeclareUnicodeCharacter{03A7}{\Chi}
 188 | % 03A8 Ψ GREEK CAPITAL LETTER PSI
 189 | \DeclareUnicodeCharacter{03A8}{\Psi}
 190 | % 03A9 Ω GREEK CAPITAL LETTER OMEGA
 191 | \DeclareUnicodeCharacter{03A9}{\Omega}
 192 | % 03B1 α GREEK SMALL LETTER ALPHA
 193 | \DeclareUnicodeCharacter{03B1}{\alpha}
 194 | % 03B2 β GREEK SMALL LETTER BETA
 195 | \DeclareUnicodeCharacter{03B2}{\beta}
 196 | % 03B3 γ GREEK SMALL LETTER GAMMA
 197 | \DeclareUnicodeCharacter{03B3}{\gamma}
 198 | % 03B4 δ GREEK SMALL LETTER DELTA
 199 | \DeclareUnicodeCharacter{03B4}{\delta}
 200 | % 03B5 ε GREEK SMALL LETTER EPSILON
 201 | \DeclareUnicodeCharacter{03B5}{\varepsilon}
 202 | % 03B6 ζ GREEK SMALL LETTER ZETA
 203 | \DeclareUnicodeCharacter{03B6}{\zeta}
 204 | % 03B7 η GREEK SMALL LETTER ETA
 205 | \DeclareUnicodeCharacter{03B7}{\eta}
 206 | % 03B8 θ GREEK SMALL LETTER THETA
 207 | \DeclareUnicodeCharacter{03B8}{\theta}
 208 | % 03B9 ι GREEK SMALL LETTER IOTA
 209 | \DeclareUnicodeCharacter{03B9}{\iota}
 210 | % 03BA κ GREEK SMALL LETTER KAPPA
 211 | \DeclareUnicodeCharacter{03BA}{\kappa}
 212 | % 03BB λ GREEK SMALL LETTER LAMDA
 213 | \DeclareUnicodeCharacter{03BB}{\lambda}
 214 | % 03BC μ GREEK SMALL LETTER MU
 215 | \DeclareUnicodeCharacter{03BC}{\mu}
 216 | % 03BD ν GREEK SMALL LETTER NU
 217 | \DeclareUnicodeCharacter{03BD}{\nu}
 218 | % 03BE ξ GREEK SMALL LETTER XI
 219 | \DeclareUnicodeCharacter{03BE}{\xi}
 220 | % 03BF ο GREEK SMALL LETTER OMICRON
 221 | \DeclareUnicodeCharacter{03BF}{\omicron}
 222 | % 03C0 π GREEK SMALL LETTER PI
 223 | \DeclareUnicodeCharacter{03C0}{\pi}
 224 | % 03C1 ρ GREEK SMALL LETTER RHO
 225 | \DeclareUnicodeCharacter{03C1}{\rho}
 226 | % 03C2 ς GREEK SMALL LETTER FINAL SIGMA
 227 | \DeclareUnicodeCharacter{03C2}{\varsigma}
 228 | % 03C3 σ GREEK SMALL LETTER SIGMA
 229 | \DeclareUnicodeCharacter{03C3}{\sigma}
 230 | % 03C4 τ GREEK SMALL LETTER TAU
 231 | \DeclareUnicodeCharacter{03C4}{\tau}
 232 | % 03C5 υ GREEK SMALL LETTER UPSILON
 233 | \DeclareUnicodeCharacter{03C5}{\upsilon}
 234 | % 03C6 φ GREEK SMALL LETTER PHI
 235 | \DeclareUnicodeCharacter{03C6}{\varphi}
 236 | % 03C7 χ GREEK SMALL LETTER CHI
 237 | \DeclareUnicodeCharacter{03C7}{\chi}
 238 | % 03C8 ψ GREEK SMALL LETTER PSI
 239 | \DeclareUnicodeCharacter{03C8}{\psi}
 240 | % 03C9 ω GREEK SMALL LETTER OMEGA
 241 | \DeclareUnicodeCharacter{03C9}{\omega}
 242 | % 03D0 ϐ GREEK BETA SYMBOL
 243 | \DeclareUnicodeCharacter{03D0}{\ensuremath\varbeta}
 244 | % 03D1 ϑ GREEK THETA SYMBOL
 245 | \DeclareUnicodeCharacter{03D1}{\vartheta}
 246 | % 03D5 ϕ GREEK PHI SYMBOL
 247 | \DeclareUnicodeCharacter{03D5}{\phi}
 248 | % 03D6 ϖ GREEK PI SYMBOL
 249 | \DeclareUnicodeCharacter{03D6}{\ensuremath\varpi}
 250 | % 03D8 Ϙ GREEK LETTER ARCHAIC KOPPA
 251 | \DeclareUnicodeCharacter{03D8}{\ensuremath{\Qoppa}}
 252 | % 03D9 ϙ GREEK SMALL LETTER ARCHAIC KOPPA
 253 | \DeclareUnicodeCharacter{03D9}{\ensuremath{\qoppa}}
 254 | % 03DA Ϛ GREEK LETTER STIGMA
 255 | \DeclareUnicodeCharacter{03DA}{\ensuremath{\Stigma}}
 256 | % 03DB ϛ GREEK SMALL LETTER STIGMA
 257 | \DeclareUnicodeCharacter{03DB}{\ensuremath{\stigma}}
 258 | % 03DC Ϝ GREEK LETTER DIGAMMA
 259 | \DeclareUnicodeCharacter{03DC}{\ensuremath{\Digamma}}
 260 | % 03DD ϝ GREEK SMALL LETTER DIGAMMA
 261 | \DeclareUnicodeCharacter{03DD}{\ensuremath{\digamma}}
 262 | % 03DE Ϟ GREEK LETTER KOPPA
 263 | \DeclareUnicodeCharacter{03DE}{\ensuremath{\Koppa}}
 264 | % 03DF ϟ GREEK SMALL LETTER KOPPA
 265 | \DeclareUnicodeCharacter{03DF}{\ensuremath{\koppa}}
 266 | % 03E0 Ϡ GREEK LETTER SAMPI
 267 | \DeclareUnicodeCharacter{03E0}{\ensuremath{\Sampi}}
 268 | % 03E1 ϡ GREEK SMALL LETTER SAMPI
 269 | \DeclareUnicodeCharacter{03E1}{\ensuremath{\sampi}}
 270 | % 03F0 ϰ GREEK KAPPA SYMBOL
 271 | \DeclareUnicodeCharacter{03F0}{\ensuremath{\varkappa}}
 272 | % 03F1 ϱ GREEK RHO SYMBOL
 273 | \DeclareUnicodeCharacter{03F1}{\ensuremath{\varrho}}
 274 | % 03F5 ϵ GREEK LUNATE EPSILON SYMBOL
 275 | \DeclareUnicodeCharacter{03F5}{\epsilon}
 276 | % 03F6 ϶ GREEK REVERSED LUNATE EPSILON SYMBOL
 277 | \DeclareUnicodeCharacter{03F6}{\ensuremath{\backepsilon}}
 278 | % 1D62 ᵢ LATIN SUBSCRIPT SMALL LETTER I
 279 | \DeclareUnicodeCharacter{1D62}{\ensuremath{_i}}
 280 | % 1D63 ᵣ LATIN SUBSCRIPT SMALL LETTER R
 281 | \DeclareUnicodeCharacter{1D63}{\ensuremath{_r}}
 282 | % 1D64 ᵤ LATIN SUBSCRIPT SMALL LETTER U
 283 | \DeclareUnicodeCharacter{1D64}{\ensuremath{_u}}
 284 | % 1D65 ᵥ LATIN SUBSCRIPT SMALL LETTER V
 285 | \DeclareUnicodeCharacter{1D65}{\ensuremath{_v}}
 286 | % 2013 – EN DASH
 287 | \DeclareUnicodeCharacter{2013}{\text{--}}
 288 | % 2014 — EM DASH
 289 | \DeclareUnicodeCharacter{2014}{\text{---}}
 290 | % 2016 ‖ DOUBLE VERTICAL LINE
 291 | \DeclareUnicodeCharacter{2016}{\textbardbl}
 292 | % 2018 ‘ LEFT SINGLE QUOTATION MARK
 293 | \DeclareUnicodeCharacter{2018}{\textquoteleft}
 294 | % 2019 ’ RIGHT SINGLE QUOTATION MARK
 295 | \DeclareUnicodeCharacter{2019}{\textquoteright}
 296 | % 201A ‚ SINGLE LOW-9 QUOTATION MARK
 297 | \DeclareUnicodeCharacter{201A}{\quotesinglbase}
 298 | % 201C “ LEFT DOUBLE QUOTATION MARK
 299 | \DeclareUnicodeCharacter{201C}{\textquotedblleft}
 300 | % 201D ” RIGHT DOUBLE QUOTATION MARK
 301 | \DeclareUnicodeCharacter{201D}{\textquotedblright}
 302 | % 201E „ DOUBLE LOW-9 QUOTATION MARK
 303 | \DeclareUnicodeCharacter{201E}{\quotedblbase}
 304 | % 2020 † DAGGER
 305 | \DeclareUnicodeCharacter{2020}{\dag}
 306 | % 2021 ‡ DOUBLE DAGGER
 307 | \DeclareUnicodeCharacter{2021}{\ddag}
 308 | % 2022 • BULLET
 309 | \DeclareUnicodeCharacter{2022}{\bullet}
 310 | % 2026 … HORIZONTAL ELLIPSIS
 311 | \DeclareUnicodeCharacter{2026}{\dots}
 312 | % 2030 ‰ PER MILLE SIGN
 313 | \DeclareUnicodeCharacter{2030}{\textperthousand}
 314 | % 2031 ‱ PER TEN THOUSAND SIGN
 315 | \DeclareUnicodeCharacter{2031}{\textpertenthousand}
 316 | % 2032 ′ PRIME
 317 | \DeclareUnicodeCharacter{2032}{\prime}
 318 | % 2033 ″ DOUBLE PRIME
 319 | \DeclareUnicodeCharacter{2033}{\second}
 320 | % 2034 ‴ TRIPLE PRIME
 321 | \DeclareUnicodeCharacter{2034}{\third}
 322 | % 2035 ‵ REVERSED PRIME
 323 | \DeclareUnicodeCharacter{2035}{\backprime}
 324 | % 2038 ‸ CARET
 325 | \DeclareUnicodeCharacter{2038}{\ifmmode\widehat{}\else\textasciicircum\fi}
 326 | % 2039 ‹ SINGLE LEFT-POINTING ANGLE QUOTATION MARK
 327 | \DeclareUnicodeCharacter{2039}{\guilsinglleft}
 328 | % 203A › SINGLE RIGHT-POINTING ANGLE QUOTATION MARK
 329 | \DeclareUnicodeCharacter{203A}{\guilsinglright}
 330 | % 203B ※ REFERENCE MARK
 331 | \DeclareUnicodeCharacter{203B}{\textreferencemark}
 332 | % 203C ‼ DOUBLE EXCLAMATION MARK
 333 | \DeclareUnicodeCharacter{203C}{{!\kern -.5ex!}}
 334 | % 203D ‽ INTERROBANG
 335 | \DeclareUnicodeCharacter{203D}{\textinterrobang}
 336 | % 203E ‾ OVERLINE
 337 | \DeclareUnicodeCharacter{203E}{\overline}
 338 | % 2042 ⁂ ASTERISM
 339 | \DeclareUnicodeCharacter{2042}{\asterism}
 340 | % 2045 ⁅ LEFT SQUARE BRACKET WITH QUILL
 341 | \DeclareUnicodeCharacter{2045}{\textlquill}
 342 | % 2046 ⁆ RIGHT SQUARE BRACKET WITH QUILL
 343 | \DeclareUnicodeCharacter{2046}{\textrquill}
 344 | % 2047 ⁇ DOUBLE QUESTION MARK
 345 | \DeclareUnicodeCharacter{2047}{{?\kern -.5ex?}}
 346 | % 2048 ⁈ QUESTION EXCLAMATION MARK
 347 | \DeclareUnicodeCharacter{2048}{{?\kern -.5ex!}}
 348 | % 2049 ⁉ EXCLAMATION QUESTION MARK
 349 | \DeclareUnicodeCharacter{2049}{{!\kern -.5ex?}}
 350 | % 2052 ⁒ COMMERCIAL MINUS SIGN
 351 | \DeclareUnicodeCharacter{2052}{\textdiscount}
 352 | % 2062 ⁢ INVISIBLE TIMES
 353 | \DeclareUnicodeCharacter{2062}{{}}
 354 | % 2070 ⁰ SUPERSCRIPT ZERO
 355 | \DeclareUnicodeCharacter{2070}{^0}
 356 | % 2074 ⁴ SUPERSCRIPT FOUR
 357 | \DeclareUnicodeCharacter{2074}{^4}
 358 | % 2075 ⁵ SUPERSCRIPT FIVE
 359 | \DeclareUnicodeCharacter{2075}{^5}
 360 | % 2076 ⁶ SUPERSCRIPT SIX
 361 | \DeclareUnicodeCharacter{2076}{^6}
 362 | % 2077 ⁷ SUPERSCRIPT SEVEN
 363 | \DeclareUnicodeCharacter{2077}{^7}
 364 | % 2078 ⁸ SUPERSCRIPT EIGHT
 365 | \DeclareUnicodeCharacter{2078}{^8}
 366 | % 2079 ⁹ SUPERSCRIPT NINE
 367 | \DeclareUnicodeCharacter{2079}{^9}
 368 | % 207F ⁿ SUPERSCRIPT LATIN SMALL LETTER N
 369 | \DeclareUnicodeCharacter{207F}{^n}
 370 | % 2080 ₀ SUBSCRIPT ZERO
 371 | \DeclareUnicodeCharacter{2080}{_0}
 372 | % 2081 ₁ SUBSCRIPT ONE
 373 | \DeclareUnicodeCharacter{2081}{_1}
 374 | % 2082 ₂ SUBSCRIPT TWO
 375 | \DeclareUnicodeCharacter{2082}{_2}
 376 | % 2083 ₃ SUBSCRIPT THREE
 377 | \DeclareUnicodeCharacter{2083}{_3}
 378 | % 2084 ₄ SUBSCRIPT FOUR
 379 | \DeclareUnicodeCharacter{2084}{_4}
 380 | % 2085 ₅ SUBSCRIPT FIVE
 381 | \DeclareUnicodeCharacter{2085}{_5}
 382 | % 2086 ₆ SUBSCRIPT SIX
 383 | \DeclareUnicodeCharacter{2086}{_6}
 384 | % 2087 ₇ SUBSCRIPT SEVEN
 385 | \DeclareUnicodeCharacter{2087}{_7}
 386 | % 2088 ₈ SUBSCRIPT EIGHT
 387 | \DeclareUnicodeCharacter{2088}{_8}
 388 | % 2089 ₉ SUBSCRIPT NINE
 389 | \DeclareUnicodeCharacter{2089}{_9}
 390 | % 208A ₊ SUBSCRIPT PLUS SIGN
 391 | \DeclareUnicodeCharacter{208A}{_+}
 392 | % 208B ₋ SUBSCRIPT MINUS
 393 | \DeclareUnicodeCharacter{208B}{_-}
 394 | % 208C ₌ SUBSCRIPT EQUALS SIGN
 395 | \DeclareUnicodeCharacter{208C}{_=}
 396 | % 208D ₍ SUBSCRIPT LEFT PARENTHESIS
 397 | \DeclareUnicodeCharacter{208D}{_(}
 398 | % 208E ₎ SUBSCRIPT RIGHT PARENTHESIS
 399 | \DeclareUnicodeCharacter{208E}{_)}
 400 | % 2090 ₐ LATIN SUBSCRIPT SMALL LETTER A
 401 | \DeclareUnicodeCharacter{2090}{_a}
 402 | % 2091 ₑ LATIN SUBSCRIPT SMALL LETTER E
 403 | \DeclareUnicodeCharacter{2091}{_e}
 404 | % 2092 ₒ LATIN SUBSCRIPT SMALL LETTER O
 405 | \DeclareUnicodeCharacter{2092}{_o}
 406 | % 2093 ₓ LATIN SUBSCRIPT SMALL LETTER X
 407 | \DeclareUnicodeCharacter{2093}{_x}
 408 | % 2095 ₕ LATIN SUBSCRIPT SMALL LETTER H
 409 | \DeclareUnicodeCharacter{2095}{_h}
 410 | % 2096 ₖ LATIN SUBSCRIPT SMALL LETTER K
 411 | \DeclareUnicodeCharacter{2096}{_k}
 412 | % 2097 ₗ LATIN SUBSCRIPT SMALL LETTER L
 413 | \DeclareUnicodeCharacter{2097}{_l}
 414 | % 2098 ₘ LATIN SUBSCRIPT SMALL LETTER M
 415 | \DeclareUnicodeCharacter{2098}{_m}
 416 | % 2099 ₙ LATIN SUBSCRIPT SMALL LETTER N
 417 | \DeclareUnicodeCharacter{2099}{_n}
 418 | % 209A ₚ LATIN SUBSCRIPT SMALL LETTER P
 419 | \DeclareUnicodeCharacter{209A}{_p}
 420 | % 209B ₛ LATIN SUBSCRIPT SMALL LETTER S
 421 | \DeclareUnicodeCharacter{209B}{_s}
 422 | % 209C ₜ LATIN SUBSCRIPT SMALL LETTER T
 423 | \DeclareUnicodeCharacter{209C}{_t}
 424 | % 2102 ℂ DOUBLE-STRUCK CAPITAL C
 425 | \DeclareUnicodeCharacter{2102}{\ensuremath{\mathbb{C}}}
 426 | % 2107 ℇ EULER CONSTANT
 427 | \DeclareUnicodeCharacter{2107}{\ensuremath{\Euler}}
 428 | % 210A ℊ SCRIPT SMALL G
 429 | \DeclareUnicodeCharacter{210A}{\ensuremath{\mathcal g}}
 430 | % 210B ℋ SCRIPT CAPITAL H
 431 | \DeclareUnicodeCharacter{210B}{\ensuremath{\mathrsfs H}}
 432 | % 210C ℌ BLACK-LETTER CAPITAL H
 433 | \DeclareUnicodeCharacter{210C}{\ensuremath{\mathfrak H}}
 434 | % 210D ℍ DOUBLE-STRUCK CAPITAL H
 435 | \DeclareUnicodeCharacter{210D}{\ensuremath{\mathbb{H}}}
 436 | % 210F ℏ PLANCK CONSTANT OVER TWO PI
 437 | \DeclareUnicodeCharacter{210F}{\hbar}
 438 | % 2110 ℐ SCRIPT CAPITAL I
 439 | \DeclareUnicodeCharacter{2110}{\ensuremath{\mathrsfs I}}
 440 | % 2111 ℑ BLACK-LETTER CAPITAL I
 441 | \DeclareUnicodeCharacter{2111}{\Im}
 442 | % 2112 ℒ SCRIPT CAPITAL L
 443 | \DeclareUnicodeCharacter{2112}{\ensuremath{\mathrsfs L}}
 444 | % 2113 ℓ SCRIPT SMALL L
 445 | \DeclareUnicodeCharacter{2113}{\ensuremath{\ell}}
 446 | % 2115 ℕ DOUBLE-STRUCK CAPITAL N
 447 | \DeclareUnicodeCharacter{2115}{\ensuremath{\mathbb{N}}}
 448 | % 2118 ℘ SCRIPT CAPITAL P
 449 | \DeclareUnicodeCharacter{2118}{\ensuremath{\wp}}
 450 | % 2119 ℙ DOUBLE-STRUCK CAPITAL P
 451 | \DeclareUnicodeCharacter{2119}{\ensuremath{\mathbb{P}}}
 452 | % 211A ℚ DOUBLE-STRUCK CAPITAL Q
 453 | \DeclareUnicodeCharacter{211A}{\ensuremath{\mathbb{Q}}}
 454 | % 211D ℝ DOUBLE-STRUCK CAPITAL R
 455 | \DeclareUnicodeCharacter{211D}{\ensuremath{\mathbb{R}}}
 456 | % 2122 ™ TRADE MARK SIGN
 457 | \DeclareUnicodeCharacter{2122}{\texttrademark}
 458 | % 2124 ℤ DOUBLE-STRUCK CAPITAL Z
 459 | \DeclareUnicodeCharacter{2124}{\ensuremath{\mathbb{Z}}}
 460 | % 2126 Ω OHM SIGN
 461 | \DeclareUnicodeCharacter{2126}{\Omega}
 462 | % 2127 ℧ INVERTED OHM SIGN
 463 | \DeclareUnicodeCharacter{2127}{\mho}
 464 | % 2128 ℨ BLACK-LETTER CAPITAL Z
 465 | \DeclareUnicodeCharacter{2128}{\ensuremath{\mathfrak Z}}
 466 | % 212A K KELVIN SIGN
 467 | \DeclareUnicodeCharacter{212A}{\ensuremath{\mathrm K}}
 468 | % 212B Å ANGSTROM SIGN
 469 | \DeclareUnicodeCharacter{212B}{\ensuremath{\mathring{\mathrm A}}}
 470 | % 212C ℬ SCRIPT CAPITAL B
 471 | \DeclareUnicodeCharacter{212C}{\ensuremath{\mathrsfs B}}
 472 | % 212D ℭ BLACK-LETTER CAPITAL C
 473 | \DeclareUnicodeCharacter{212D}{\ensuremath{\mathfrak C}}
 474 | % 212E ℮ ESTIMATED SYMBOL
 475 | \DeclareUnicodeCharacter{212E}{\textestimated}
 476 | % 212F ℯ SCRIPT SMALL E
 477 | \DeclareUnicodeCharacter{212F}{\ensuremath{\mathrsfs e}}
 478 | % 2130 ℰ SCRIPT CAPITAL E
 479 | \DeclareUnicodeCharacter{2130}{\ensuremath{\mathrsfs E}}
 480 | % 2131 ℱ SCRIPT CAPITAL F
 481 | \DeclareUnicodeCharacter{2131}{\ensuremath{\mathrsfs F}}
 482 | % 2132 Ⅎ TURNED CAPITAL F
 483 | \DeclareUnicodeCharacter{2132}{\Finv}
 484 | % 2135 ℵ ALEF SYMBOL
 485 | \DeclareUnicodeCharacter{2135}{\aleph}
 486 | % 2136 ℶ BET SYMBOL
 487 | \DeclareUnicodeCharacter{2136}{\beth}
 488 | % 2137 ℷ GIMEL SYMBOL
 489 | \DeclareUnicodeCharacter{2137}{\gimel}
 490 | % 2138 ℸ DALET SYMBOL
 491 | \DeclareUnicodeCharacter{2138}{\daleth}
 492 | % 213C ℼ DOUBLE-STRUCK SMALL PI
 493 | \DeclareUnicodeCharacter{213C}{\mathbb{\pi}}
 494 | % 213D ℽ DOUBLE-STRUCK SMALL GAMMA
 495 | \DeclareUnicodeCharacter{213D}{\mathbb{\gamma}}
 496 | % 213E ℾ DOUBLE-STRUCK CAPITAL GAMMA
 497 | \DeclareUnicodeCharacter{213E}{\mathbb{\Pi}}
 498 | % 213F ℿ DOUBLE-STRUCK CAPITAL PI
 499 | \DeclareUnicodeCharacter{213F}{\mathbb{\Gamma}}
 500 | % 2140 ⅀ DOUBLE-STRUCK N-ARY SUMMATION
 501 | \DeclareUnicodeCharacter{2140}{\mathbb{\Sigma}}
 502 | % 2141 ⅁ TURNED SANS-SERIF CAPITAL G
 503 | \DeclareUnicodeCharacter{2141}{\Game}
 504 | % 2144 ⅄ TURNED SANS-SERIF CAPITAL Y
 505 | \DeclareUnicodeCharacter{2144}{\Yup}
 506 | % 2146 ⅆ DOUBLE-STRUCK ITALIC SMALL D
 507 | \DeclareUnicodeCharacter{2146}{\mathrm{d}}
 508 | % 2148 ⅈ DOUBLE-STRUCK ITALIC SMALL I
 509 | \DeclareUnicodeCharacter{2148}{\imath}
 510 | % 2149 ⅉ DOUBLE-STRUCK ITALIC SMALL J
 511 | \DeclareUnicodeCharacter{2149}{\jmath}
 512 | % 214B ⅋ TURNED AMPERSAND
 513 | \DeclareUnicodeCharacter{214B}{\invamp}
 514 | % 2190 ← LEFTWARDS ARROW
 515 | \DeclareUnicodeCharacter{2190}{\autoleftarrow}
 516 | % 2191 ↑ UPWARDS ARROW
 517 | \DeclareUnicodeCharacter{2191}{\uparrow}
 518 | % 2192 → RIGHTWARDS ARROW
 519 | \DeclareUnicodeCharacter{2192}{\autorightarrow}
 520 | % 2193 ↓ DOWNWARDS ARROW
 521 | \DeclareUnicodeCharacter{2193}{\downarrow}
 522 | % 2194 ↔ LEFT RIGHT ARROW
 523 | \DeclareUnicodeCharacter{2194}{\leftrightarrow}
 524 | % 2195 ↕ UP DOWN ARROW
 525 | \DeclareUnicodeCharacter{2195}{\updownarrow}
 526 | % 2196 ↖ NORTH WEST ARROW
 527 | \DeclareUnicodeCharacter{2196}{\nwarrow}
 528 | % 2197 ↗ NORTH EAST ARROW
 529 | \DeclareUnicodeCharacter{2197}{\nearrow}
 530 | % 2198 ↘ SOUTH EAST ARROW
 531 | \DeclareUnicodeCharacter{2198}{\searrow}
 532 | % 2199 ↙ SOUTH WEST ARROW
 533 | \DeclareUnicodeCharacter{2199}{\swarrow}
 534 | % 219A ↚ LEFTWARDS ARROW WITH STROKE
 535 | \DeclareUnicodeCharacter{219A}{\nleftarrow}
 536 | % 219B ↛ RIGHTWARDS ARROW WITH STROKE
 537 | \DeclareUnicodeCharacter{219B}{\nrightarrow}
 538 | % 219E ↞ LEFTWARDS TWO HEADED ARROW
 539 | \DeclareUnicodeCharacter{219E}{\twoheadleftarrow}
 540 | % 21A0 ↠ RIGHTWARDS TWO HEADED ARROW
 541 | \DeclareUnicodeCharacter{21A0}{\twoheadrightarrow}
 542 | % 21A2 ↢ LEFTWARDS ARROW WITH TAIL
 543 | \DeclareUnicodeCharacter{21A2}{\leftarrowtail}
 544 | % 21A3 ↣ RIGHTWARDS ARROW WITH TAIL
 545 | \DeclareUnicodeCharacter{21A3}{\rightarrowtail}
 546 | % 21A4 ↤ LEFTWARDS ARROW FROM BAR
 547 | \DeclareUnicodeCharacter{21A4}{\automapsfrom}
 548 | % 21A6 ↦ RIGHTWARDS ARROW FROM BAR
 549 | \DeclareUnicodeCharacter{21A6}{\automapsto}
 550 | % 21A9 ↩ LEFTWARDS ARROW WITH HOOK
 551 | \DeclareUnicodeCharacter{21A9}{\hookleftarrow}
 552 | % 21AA ↪ RIGHTWARDS ARROW WITH HOOK
 553 | \DeclareUnicodeCharacter{21AA}{\autohookrightarrow}
 554 | % 21AB ↫ LEFTWARDS ARROW WITH LOOP
 555 | \DeclareUnicodeCharacter{21AB}{\looparrowleft}
 556 | % 21AC ↬ RIGHTWARDS ARROW WITH LOOP
 557 | \DeclareUnicodeCharacter{21AC}{\looparrowright}
 558 | % 21AD ↭ LEFT RIGHT WAVE ARROW
 559 | \DeclareUnicodeCharacter{21AD}{\leftrightsquigarrow}
 560 | % 21AE ↮ LEFT RIGHT ARROW WITH STROKE
 561 | \DeclareUnicodeCharacter{21AE}{\nleftrightarrow}
 562 | % 21AF ↯ DOWNWARDS ZIGZAG ARROW
 563 | \DeclareUnicodeCharacter{21AF}{\lightning}
 564 | % 21B0 ↰ UPWARDS ARROW WITH TIP LEFTWARDS
 565 | \DeclareUnicodeCharacter{21B0}{\Lsh}
 566 | % 21B1 ↱ UPWARDS ARROW WITH TIP RIGHTWARDS
 567 | \DeclareUnicodeCharacter{21B1}{\Rsh}
 568 | % 21B6 ↶ ANTICLOCKWISE TOP SEMICIRCLE ARROW
 569 | \DeclareUnicodeCharacter{21B6}{\curvearrowleft}
 570 | % 21B7 ↷ CLOCKWISE TOP SEMICIRCLE ARROW
 571 | \DeclareUnicodeCharacter{21B7}{\curvearrowright}
 572 | % 21BA ↺ ANTICLOCKWISE OPEN CIRCLE ARROW
 573 | \DeclareUnicodeCharacter{21BA}{\circlearrowleft}
 574 | % 21BB ↻ CLOCKWISE OPEN CIRCLE ARROW
 575 | \DeclareUnicodeCharacter{21BB}{\circlearrowright}
 576 | % 21BC ↼ LEFTWARDS HARPOON WITH BARB UPWARDS
 577 | \DeclareUnicodeCharacter{21BC}{\leftharpoonup}
 578 | % 21BD ↽ LEFTWARDS HARPOON WITH BARB DOWNWARDS
 579 | \DeclareUnicodeCharacter{21BD}{\leftharpoondown}
 580 | % 21BE ↾ UPWARDS HARPOON WITH BARB RIGHTWARDS
 581 | \DeclareUnicodeCharacter{21BE}{\upharpoonright}
 582 | % 21BF ↿ UPWARDS HARPOON WITH BARB LEFTWARDS
 583 | \DeclareUnicodeCharacter{21BF}{\upharpoonleft}
 584 | % 21C0 ⇀ RIGHTWARDS HARPOON WITH BARB UPWARDS
 585 | \DeclareUnicodeCharacter{21C0}{\rightharpoonup}
 586 | % 21C1 ⇁ RIGHTWARDS HARPOON WITH BARB DOWNWARDS
 587 | \DeclareUnicodeCharacter{21C1}{\rightharpoondown}
 588 | % 21C2 ⇂ DOWNWARDS HARPOON WITH BARB RIGHTWARDS
 589 | \DeclareUnicodeCharacter{21C2}{\downharpoonright}
 590 | % 21C3 ⇃ DOWNWARDS HARPOON WITH BARB LEFTWARDS
 591 | \DeclareUnicodeCharacter{21C3}{\downharpoonleft}
 592 | % 21C4 ⇄ RIGHTWARDS ARROW OVER LEFTWARDS ARROW
 593 | \DeclareUnicodeCharacter{21C4}{\rightleftarrows}
 594 | % 21C5 ⇅ UPWARDS ARROW LEFTWARDS OF DOWNWARDS ARROW
 595 | \DeclareUnicodeCharacter{21C5}{\updownarrows}
 596 | % 21C6 ⇆ LEFTWARDS ARROW OVER RIGHTWARDS ARROW
 597 | \DeclareUnicodeCharacter{21C6}{\leftrightarrows}
 598 | % 21C7 ⇇ LEFTWARDS PAIRED ARROWS
 599 | \DeclareUnicodeCharacter{21C7}{\leftleftarrows}
 600 | % 21C8 ⇈ UPWARDS PAIRED ARROWS
 601 | \DeclareUnicodeCharacter{21C8}{\upuparrows}
 602 | % 21C9 ⇉ RIGHTWARDS PAIRED ARROWS
 603 | \DeclareUnicodeCharacter{21C9}{\rightrightarrows}
 604 | % 21CA ⇊ DOWNWARDS PAIRED ARROWS
 605 | \DeclareUnicodeCharacter{21CA}{\downdownarrows}
 606 | % 21CB ⇋ LEFTWARDS HARPOON OVER RIGHTWARDS HARPOON
 607 | \DeclareUnicodeCharacter{21CB}{\leftrightharpoons}
 608 | % 21CC ⇌ RIGHTWARDS HARPOON OVER LEFTWARDS HARPOON
 609 | \DeclareUnicodeCharacter{21CC}{\rightleftharpoons}
 610 | % 21CD ⇍ LEFTWARDS DOUBLE ARROW WITH STROKE
 611 | \DeclareUnicodeCharacter{21CD}{\nLeftarrow}
 612 | % 21CE ⇎ LEFT RIGHT DOUBLE ARROW WITH STROKE
 613 | \DeclareUnicodeCharacter{21CE}{\nLeftrightarrow}
 614 | % 21CF ⇏ RIGHTWARDS DOUBLE ARROW WITH STROKE
 615 | \DeclareUnicodeCharacter{21CF}{\nRightarrow}
 616 | % 21D0 ⇐ LEFTWARDS DOUBLE ARROW
 617 | \DeclareUnicodeCharacter{21D0}{\Leftarrow}
 618 | % 21D1 ⇑ UPWARDS DOUBLE ARROW
 619 | \DeclareUnicodeCharacter{21D1}{\Uparrow}
 620 | % 21D2 ⇒ RIGHTWARDS DOUBLE ARROW
 621 | \DeclareUnicodeCharacter{21D2}{\Rightarrow}
 622 | % 21D3 ⇓ DOWNWARDS DOUBLE ARROW
 623 | \DeclareUnicodeCharacter{21D3}{\Downarrow}
 624 | % 21D4 ⇔ LEFT RIGHT DOUBLE ARROW
 625 | \DeclareUnicodeCharacter{21D4}{\Leftrightarrow}
 626 | % 21D5 ⇕ UP DOWN DOUBLE ARROW
 627 | \DeclareUnicodeCharacter{21D5}{\Updownarrow}
 628 | % 21D6 ⇖ NORTH WEST DOUBLE ARROW
 629 | \DeclareUnicodeCharacter{21D6}{\Nwarrow}
 630 | % 21D7 ⇗ NORTH EAST DOUBLE ARROW
 631 | \DeclareUnicodeCharacter{21D7}{\Nearrow}
 632 | % 21D8 ⇘ SOUTH EAST DOUBLE ARROW
 633 | \DeclareUnicodeCharacter{21D8}{\Searrow}
 634 | % 21D9 ⇙ SOUTH WEST DOUBLE ARROW
 635 | \DeclareUnicodeCharacter{21D9}{\Swarrow}
 636 | % 21DA ⇚ LEFTWARDS TRIPLE ARROW
 637 | \DeclareUnicodeCharacter{21DA}{\Lleftarrow}
 638 | % 21DB ⇛ RIGHTWARDS TRIPLE ARROW
 639 | \DeclareUnicodeCharacter{21DB}{\Rrightarrow}
 640 | % 21DC ⇜ LEFTWARDS SQUIGGLE ARROW
 641 | \DeclareUnicodeCharacter{21DC}{\leftsquigarrow}
 642 | % 21DD ⇝ RIGHTWARDS SQUIGGLE ARROW
 643 | \DeclareUnicodeCharacter{21DD}{\rightsquigarrow}
 644 | % 21E0 ⇠ LEFTWARDS DASHED ARROW
 645 | \DeclareUnicodeCharacter{21E0}{\dashleftarrow}
 646 | % 21E2 ⇢ RIGHTWARDS DASHED ARROW
 647 | \DeclareUnicodeCharacter{21E2}{\dashrightarrow}
 648 | % 21E4 ⇤ LEFTWARDS ARROW TO BAR
 649 | \DeclareUnicodeCharacter{21E4}{\LeftArrowBar}
 650 | % 21E5 ⇥ RIGHTWARDS ARROW TO BAR
 651 | \DeclareUnicodeCharacter{21E5}{\RightArrowBar}
 652 | % 21F0 ⇰ RIGHTWARDS WHITE ARROW FROM WALL
 653 | \DeclareUnicodeCharacter{21F0}{\Mapsto}
 654 | % 21FD ⇽ LEFTWARDS OPEN-HEADED ARROW
 655 | \DeclareUnicodeCharacter{21FD}{\leftarrowtriangle}
 656 | % 21FE ⇾ RIGHTWARDS OPEN-HEADED ARROW
 657 | \DeclareUnicodeCharacter{21FE}{\rightarrowtriangle}
 658 | % 21FF ⇿ LEFT RIGHT OPEN-HEADED ARROW
 659 | \DeclareUnicodeCharacter{21FF}{\leftrightarrowtriangle}
 660 | % 2200 ∀ FOR ALL
 661 | \DeclareUnicodeCharacter{2200}{\forall}
 662 | % 2201 ∁ COMPLEMENT
 663 | \DeclareUnicodeCharacter{2201}{\complement}
 664 | % 2202 ∂ PARTIAL DIFFERENTIAL
 665 | \DeclareUnicodeCharacter{2202}{\partial}
 666 | % 2203 ∃ THERE EXISTS
 667 | \DeclareUnicodeCharacter{2203}{\exists}
 668 | % 2204 ∄ THERE DOES NOT EXIST
 669 | \DeclareUnicodeCharacter{2204}{\nexists}
 670 | % 2205 ∅ EMPTY SET
 671 | \DeclareUnicodeCharacter{2205}{\varnothing}
 672 | % 2207 ∇ NABLA
 673 | \DeclareUnicodeCharacter{2207}{\nabla}
 674 | % 2208 ∈ ELEMENT OF
 675 | \DeclareUnicodeCharacter{2208}{\in}
 676 | % 2209 ∉ NOT AN ELEMENT OF
 677 | \DeclareUnicodeCharacter{2209}{\notin}
 678 | % 220B ∋ CONTAINS AS MEMBER
 679 | \DeclareUnicodeCharacter{220B}{\ni}
 680 | % 220C ∌ DOES NOT CONTAIN AS MEMBER
 681 | \DeclareUnicodeCharacter{220C}{\notni}
 682 | % 220D ∍ SMALL CONTAINS AS MEMBER
 683 | \DeclareUnicodeCharacter{220D}{\sqbullet}
 684 | % 220F ∏ N-ARY PRODUCT
 685 | \DeclareUnicodeCharacter{220F}{\prod}
 686 | % 2210 ∐ N-ARY COPRODUCT
 687 | \DeclareUnicodeCharacter{2210}{\coprod}
 688 | % 2211 ∑ N-ARY SUMMATION
 689 | \DeclareUnicodeCharacter{2211}{\sum}
 690 | % 2213 ∓ MINUS-OR-PLUS SIGN
 691 | \DeclareUnicodeCharacter{2213}{\mp}
 692 | % 2214 ∔ DOT PLUS
 693 | \DeclareUnicodeCharacter{2214}{\dotplus}
 694 | % 2216 ∖ SET MINUS
 695 | \DeclareUnicodeCharacter{2216}{\smallsetminus}
 696 | % 2217 ∗ ASTERISK OPERATOR
 697 | \DeclareUnicodeCharacter{2217}{\ast}
 698 | % 2218 ∘ RING OPERATOR
 699 | \DeclareUnicodeCharacter{2218}{\circ}
 700 | % 2219 ∙ BULLET OPERATOR
 701 | \DeclareUnicodeCharacter{2219}{\bullet}
 702 | % 221A √ SQUARE ROOT
 703 | \DeclareUnicodeCharacter{221A}{\sqrt}
 704 | % 221B ∛ CUBE ROOT
 705 | \DeclareUnicodeCharacter{221B}{\sqrt[3]}
 706 | % 221C ∜ FOURTH ROOT
 707 | \DeclareUnicodeCharacter{221C}{\sqrt[4]}
 708 | % 221D ∝ PROPORTIONAL TO
 709 | \DeclareUnicodeCharacter{221D}{\propto}
 710 | % 221E ∞ INFINITY
 711 | \DeclareUnicodeCharacter{221E}{\infty}
 712 | % 2220 ∠ ANGLE
 713 | \DeclareUnicodeCharacter{2220}{\angle}
 714 | % 2221 ∡ MEASURED ANGLE
 715 | \DeclareUnicodeCharacter{2221}{\measuredangle}
 716 | % 2222 ∢ SPHERICAL ANGLE
 717 | \DeclareUnicodeCharacter{2222}{\sphericalangle}
 718 | % 2223 ∣ DIVIDES
 719 | \DeclareUnicodeCharacter{2223}{\mid}
 720 | % 2224 ∤ DOES NOT DIVIDE
 721 | \DeclareUnicodeCharacter{2224}{\nmid}
 722 | % 2225 ∥ PARALLEL TO
 723 | \DeclareUnicodeCharacter{2225}{\parallel}
 724 | % 2226 ∦ NOT PARALLEL TO
 725 | \DeclareUnicodeCharacter{2226}{\nparallel}
 726 | % 2227 ∧ LOGICAL AND
 727 | \DeclareUnicodeCharacter{2227}{\wedge}
 728 | % 2228 ∨ LOGICAL OR
 729 | \DeclareUnicodeCharacter{2228}{\vee}
 730 | % 2229 ∩ INTERSECTION
 731 | \DeclareUnicodeCharacter{2229}{\cap}
 732 | % 222A ∪ UNION
 733 | \DeclareUnicodeCharacter{222A}{\cup}
 734 | % 222B ∫ INTEGRAL
 735 | \DeclareUnicodeCharacter{222B}{\int}
 736 | % 222C ∬ DOUBLE INTEGRAL
 737 | \DeclareUnicodeCharacter{222C}{\iint}
 738 | % 222D ∭ TRIPLE INTEGRAL
 739 | \DeclareUnicodeCharacter{222D}{\iiint}
 740 | % 222E ∮ CONTOUR INTEGRAL
 741 | \DeclareUnicodeCharacter{222E}{\oint}
 742 | % 222F ∯ SURFACE INTEGRAL
 743 | \DeclareUnicodeCharacter{222F}{\oiint}
 744 | % 2230 ∰ VOLUME INTEGRAL
 745 | \DeclareUnicodeCharacter{2230}{\oiiint}
 746 | % 2232 ∲ CLOCKWISE CONTOUR INTEGRAL
 747 | \DeclareUnicodeCharacter{2232}{\ointclockwise}
 748 | % 2233 ∳ ANTICLOCKWISE CONTOUR INTEGRAL
 749 | \DeclareUnicodeCharacter{2233}{\oiintctrclockwise}
 750 | % 2234 ∴ THEREFORE
 751 | \DeclareUnicodeCharacter{2234}{\therefore}
 752 | % 2235 ∵ BECAUSE
 753 | \DeclareUnicodeCharacter{2235}{\because}
 754 | % 2236 ∶ RATIO
 755 | \DeclareUnicodeCharacter{2236}{:}
 756 | % 2237 ∷ PROPORTION
 757 | \DeclareUnicodeCharacter{2237}{\Proportion}
 758 | % 2238 ∸ DOT MINUS
 759 | \DeclareUnicodeCharacter{2238}{\dotminus}
 760 | % 2239 ∹ EXCESS
 761 | \DeclareUnicodeCharacter{2239}{\eqcolon}
 762 | % 223C ∼ TILDE OPERATOR
 763 | \DeclareUnicodeCharacter{223C}{\sim}
 764 | % 223D ∽ REVERSED TILDE
 765 | \DeclareUnicodeCharacter{223D}{\backsim}
 766 | % 223F ∿ SINE WAVE
 767 | \DeclareUnicodeCharacter{223F}{\AC}
 768 | % 2240 ≀ WREATH PRODUCT
 769 | \DeclareUnicodeCharacter{2240}{\wr}
 770 | % 2241 ≁ NOT TILDE
 771 | \DeclareUnicodeCharacter{2241}{\nsim}
 772 | % 2243 ≃ ASYMPTOTICALLY EQUAL TO
 773 | \DeclareUnicodeCharacter{2243}{\simeq}
 774 | % 2244 ≄ NOT ASYMPTOTICALLY EQUAL TO
 775 | \DeclareUnicodeCharacter{2244}{\nsimeq}
 776 | % 2245 ≅ APPROXIMATELY EQUAL TO
 777 | \DeclareUnicodeCharacter{2245}{\cong}
 778 | % 2247 ≇ NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO
 779 | \DeclareUnicodeCharacter{2247}{\ncong}
 780 | % 2248 ≈ ALMOST EQUAL TO
 781 | \DeclareUnicodeCharacter{2248}{\approx}
 782 | % 2249 ≉ NOT ALMOST EQUAL TO
 783 | \DeclareUnicodeCharacter{2249}{\napprox}
 784 | % 224A ≊ ALMOST EQUAL OR EQUAL TO
 785 | \DeclareUnicodeCharacter{224A}{\approxeq}
 786 | % 224D ≍ EQUIVALENT TO
 787 | \DeclareUnicodeCharacter{224D}{\asymp}
 788 | % 224E ≎ GEOMETRICALLY EQUIVALENT TO
 789 | \DeclareUnicodeCharacter{224E}{\Bumpeq}
 790 | % 224F ≏ DIFFERENCE BETWEEN
 791 | \DeclareUnicodeCharacter{224F}{\bumpeq}
 792 | % 2250 ≐ APPROACHES THE LIMIT
 793 | \DeclareUnicodeCharacter{2250}{\doteq}
 794 | % 2251 ≑ GEOMETRICALLY EQUAL TO
 795 | \DeclareUnicodeCharacter{2251}{\doteqdot}
 796 | % 2252 ≒ APPROXIMATELY EQUAL TO OR THE IMAGE OF
 797 | \DeclareUnicodeCharacter{2252}{\fallingdotseq}
 798 | % 2253 ≓ IMAGE OF OR APPROXIMATELY EQUAL TO
 799 | \DeclareUnicodeCharacter{2253}{\risingdotseq}
 800 | % 2254 ≔ COLON EQUALS
 801 | \DeclareUnicodeCharacter{2254}{\coloneqq}
 802 | % 2255 ≕ EQUALS COLON
 803 | \DeclareUnicodeCharacter{2255}{\eqqcolon}
 804 | % 2256 ≖ RING IN EQUAL TO
 805 | \DeclareUnicodeCharacter{2256}{\eqcirc}
 806 | % 2257 ≗ RING EQUAL TO
 807 | \DeclareUnicodeCharacter{2257}{\circeq}
 808 | % 2258 ≘ CORRESPONDS TO
 809 | \DeclareUnicodeCharacter{2258}{\stackrel{\frown}{=}}
 810 | % 2259 ≙ ESTIMATES
 811 | \DeclareUnicodeCharacter{2259}{\stackrel{\wedge}{=}}
 812 | % 225A ≚ EQUIANGULAR TO
 813 | \DeclareUnicodeCharacter{225A}{\stackrel{\vee}{=}}
 814 | % 225B ≛ STAR EQUALS
 815 | \DeclareUnicodeCharacter{225B}{\stackrel{\star}{=}}
 816 | % 225C ≜ DELTA EQUAL TO
 817 | \DeclareUnicodeCharacter{225C}{\triangleq}
 818 | % 225D ≝ EQUAL TO BY DEFINITION
 819 | \DeclareUnicodeCharacter{225D}{\stackrel{\text{\tiny def}}{=}}
 820 | % 225F ≟ QUESTIONED EQUAL TO
 821 | \DeclareUnicodeCharacter{225F}{\stackrel{\text{\tiny ?}}{=}}
 822 | % 2260 ≠ NOT EQUAL TO
 823 | \DeclareUnicodeCharacter{2260}{\neq}
 824 | % 2261 ≡ IDENTICAL TO
 825 | \DeclareUnicodeCharacter{2261}{\equiv}
 826 | % 2262 ≢ NOT IDENTICAL TO
 827 | \DeclareUnicodeCharacter{2262}{\not\equiv}
 828 | % 2263 ≣ STRICTLY EQUIVALENT TO
 829 | \DeclareUnicodeCharacter{2263}{\stackrel{=}{=}}
 830 | % 2264 ≤ LESS-THAN OR EQUAL TO
 831 | \DeclareUnicodeCharacter{2264}{\leq}
 832 | % 2265 ≥ GREATER-THAN OR EQUAL TO
 833 | \DeclareUnicodeCharacter{2265}{\geq}
 834 | % 2266 ≦ LESS-THAN OVER EQUAL TO
 835 | \DeclareUnicodeCharacter{2266}{\leqq}
 836 | % 2267 ≧ GREATER-THAN OVER EQUAL TO
 837 | \DeclareUnicodeCharacter{2267}{\geqq}
 838 | % 2268 ≨ LESS-THAN BUT NOT EQUAL TO
 839 | \DeclareUnicodeCharacter{2268}{\lneqq}
 840 | % 2269 ≩ GREATER-THAN BUT NOT EQUAL TO
 841 | \DeclareUnicodeCharacter{2269}{\gneqq}
 842 | % 226A ≪ MUCH LESS-THAN
 843 | \DeclareUnicodeCharacter{226A}{\ll}
 844 | % 226B ≫ MUCH GREATER-THAN
 845 | \DeclareUnicodeCharacter{226B}{\gg}
 846 | % 226C ≬ BETWEEN
 847 | \DeclareUnicodeCharacter{226C}{\between}
 848 | % 226D ≭ NOT EQUIVALENT TO
 849 | \DeclareUnicodeCharacter{226D}{\nasymp}
 850 | % 226E ≮ NOT LESS-THAN
 851 | \DeclareUnicodeCharacter{226E}{\nless}
 852 | % 226F ≯ NOT GREATER-THAN
 853 | \DeclareUnicodeCharacter{226F}{\ngtr}
 854 | % 2270 ≰ NEITHER LESS-THAN NOR EQUAL TO
 855 | \DeclareUnicodeCharacter{2270}{\nleq}
 856 | % 2271 ≱ NEITHER GREATER-THAN NOR EQUAL TO
 857 | \DeclareUnicodeCharacter{2271}{\ngeq}
 858 | % 2272 ≲ LESS-THAN OR EQUIVALENT TO
 859 | \DeclareUnicodeCharacter{2272}{\lesssim}
 860 | % 2273 ≳ GREATER-THAN OR EQUIVALENT TO
 861 | \DeclareUnicodeCharacter{2273}{\gtrsim}
 862 | % 2274 ≴ NEITHER LESS-THAN NOR EQUIVALENT TO
 863 | \DeclareUnicodeCharacter{2274}{\nlesssim}
 864 | % 2275 ≵ NEITHER GREATER-THAN NOR EQUIVALENT TO
 865 | \DeclareUnicodeCharacter{2275}{\ngtrsim}
 866 | % 2276 ≶ LESS-THAN OR GREATER-THAN
 867 | \DeclareUnicodeCharacter{2276}{\lessgtr}
 868 | % 2277 ≷ GREATER-THAN OR LESS-THAN
 869 | \DeclareUnicodeCharacter{2277}{\gtrless}
 870 | % 2278 ≸ NEITHER LESS-THAN NOR GREATER-THAN
 871 | \DeclareUnicodeCharacter{2278}{\nlessgtr}
 872 | % 2279 ≹ NEITHER GREATER-THAN NOR LESS-THAN
 873 | \DeclareUnicodeCharacter{2279}{\ngtrless}
 874 | % 227A ≺ PRECEDES
 875 | \DeclareUnicodeCharacter{227A}{\prec}
 876 | % 227B ≻ SUCCEEDS
 877 | \DeclareUnicodeCharacter{227B}{\succ}
 878 | % 227C ≼ PRECEDES OR EQUAL TO
 879 | \DeclareUnicodeCharacter{227C}{\preccurlyeq}
 880 | % 227D ≽ SUCCEEDS OR EQUAL TO
 881 | \DeclareUnicodeCharacter{227D}{\succccurlyeq}
 882 | % 227E ≾ PRECEDES OR EQUIVALENT TO
 883 | \DeclareUnicodeCharacter{227E}{\precsim}
 884 | % 227F ≿ SUCCEEDS OR EQUIVALENT TO
 885 | \DeclareUnicodeCharacter{227F}{\succsim}
 886 | % 2280 ⊀ DOES NOT PRECEDE
 887 | \DeclareUnicodeCharacter{2280}{\nprec}
 888 | % 2281 ⊁ DOES NOT SUCCEED
 889 | \DeclareUnicodeCharacter{2281}{\nsucc}
 890 | % 2282 ⊂ SUBSET OF
 891 | \DeclareUnicodeCharacter{2282}{\subset}
 892 | % 2283 ⊃ SUPERSET OF
 893 | \DeclareUnicodeCharacter{2283}{\supset}
 894 | % 2284 ⊄ NOT A SUBSET OF
 895 | \DeclareUnicodeCharacter{2284}{\nsubset}
 896 | % 2285 ⊅ NOT A SUPERSET OF
 897 | \DeclareUnicodeCharacter{2285}{\nsupset}
 898 | % 2286 ⊆ SUBSET OF OR EQUAL TO
 899 | \DeclareUnicodeCharacter{2286}{\subseteq}
 900 | % 2287 ⊇ SUPERSET OF OR EQUAL TO
 901 | \DeclareUnicodeCharacter{2287}{\supseteq}
 902 | % 2288 ⊈ NEITHER A SUBSET OF NOR EQUAL TO
 903 | \DeclareUnicodeCharacter{2288}{\nsubseteq}
 904 | % 2289 ⊉ NEITHER A SUPERSET OF NOR EQUAL TO
 905 | \DeclareUnicodeCharacter{2289}{\nsupseteq}
 906 | % 228A ⊊ SUBSET OF WITH NOT EQUAL TO
 907 | \DeclareUnicodeCharacter{228A}{\subsetneq}
 908 | % 228B ⊋ SUPERSET OF WITH NOT EQUAL TO
 909 | \DeclareUnicodeCharacter{228B}{\supsetneq}
 910 | % 228E ⊎ MULTISET UNION
 911 | \DeclareUnicodeCharacter{228E}{\uplus}
 912 | % 228F ⊏ SQUARE IMAGE OF
 913 | \DeclareUnicodeCharacter{228F}{\sqsubset}
 914 | % 2290 ⊐ SQUARE ORIGINAL OF
 915 | \DeclareUnicodeCharacter{2290}{\sqsupset}
 916 | % 2291 ⊑ SQUARE IMAGE OF OR EQUAL TO
 917 | \DeclareUnicodeCharacter{2291}{\sqsubseteq}
 918 | % 2292 ⊒ SQUARE ORIGINAL OF OR EQUAL TO
 919 | \DeclareUnicodeCharacter{2292}{\sqsupseteq}
 920 | % 2293 ⊓ SQUARE CAP
 921 | \DeclareUnicodeCharacter{2293}{\sqcap}
 922 | % 2294 ⊔ SQUARE CUP
 923 | \DeclareUnicodeCharacter{2294}{\sqcup}
 924 | % 2295 ⊕ CIRCLED PLUS
 925 | \DeclareUnicodeCharacter{2295}{\oplus}
 926 | % 2296 ⊖ CIRCLED MINUS
 927 | \DeclareUnicodeCharacter{2296}{\ominus}
 928 | % 2297 ⊗ CIRCLED TIMES
 929 | \DeclareUnicodeCharacter{2297}{\otimes}
 930 | % 2298 ⊘ CIRCLED DIVISION SLASH
 931 | \DeclareUnicodeCharacter{2298}{\oslash}
 932 | % 2299 ⊙ CIRCLED DOT OPERATOR
 933 | \DeclareUnicodeCharacter{2299}{\odot}
 934 | % 229A ⊚ CIRCLED RING OPERATOR
 935 | \DeclareUnicodeCharacter{229A}{\circledcirc}
 936 | % 229B ⊛ CIRCLED ASTERISK OPERATOR
 937 | \DeclareUnicodeCharacter{229B}{\circledast}
 938 | % 229D ⊝ CIRCLED DASH
 939 | \DeclareUnicodeCharacter{229D}{\circleddash}
 940 | % 229E ⊞ SQUARED PLUS
 941 | \DeclareUnicodeCharacter{229E}{\boxplus}
 942 | % 229F ⊟ SQUARED MINUS
 943 | \DeclareUnicodeCharacter{229F}{\boxminus}
 944 | % 22A0 ⊠ SQUARED TIMES
 945 | \DeclareUnicodeCharacter{22A0}{\boxtimes}
 946 | % 22A1 ⊡ SQUARED DOT OPERATOR
 947 | \DeclareUnicodeCharacter{22A1}{\boxdot}
 948 | % 22A2 ⊢ RIGHT TACK
 949 | \DeclareUnicodeCharacter{22A2}{\vdash}
 950 | % 22A3 ⊣ LEFT TACK
 951 | \DeclareUnicodeCharacter{22A3}{\dashv}
 952 | % 22A4 ⊤ DOWN TACK
 953 | \DeclareUnicodeCharacter{22A4}{\top}
 954 | % 22A5 ⊥ UP TACK
 955 | \DeclareUnicodeCharacter{22A5}{\bot}
 956 | % 22A6 ⊦ ASSERTION
 957 | \DeclareUnicodeCharacter{22A6}{\vdash}
 958 | % 22A7 ⊧ MODELS
 959 | \DeclareUnicodeCharacter{22A7}{\models}
 960 | % 22A9 ⊩ FORCES
 961 | \DeclareUnicodeCharacter{22A9}{\Vdash}
 962 | % 22AA ⊪ TRIPLE VERTICAL BAR RIGHT TURNSTILE
 963 | \DeclareUnicodeCharacter{22AA}{\Vvdash}
 964 | % 22AB ⊫ DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE
 965 | \DeclareUnicodeCharacter{22AB}{\VDash}
 966 | % 22AC ⊬ DOES NOT PROVE
 967 | \DeclareUnicodeCharacter{22AC}{\nvdash}
 968 | % 22AD ⊭ NOT TRUE
 969 | \DeclareUnicodeCharacter{22AD}{\nvDash}
 970 | % 22AE ⊮ DOES NOT FORCE
 971 | \DeclareUnicodeCharacter{22AE}{\nVdash}
 972 | % 22AF ⊯ NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE
 973 | \DeclareUnicodeCharacter{22AF}{\nVDash}
 974 | % 22B2 ⊲ NORMAL SUBGROUP OF
 975 | \DeclareUnicodeCharacter{22B2}{\triangleleft}
 976 | % 22B3 ⊳ CONTAINS AS NORMAL SUBGROUP
 977 | \DeclareUnicodeCharacter{22B3}{\triangleright}
 978 | % 22B4 ⊴ NORMAL SUBGROUP OF OR EQUAL TO
 979 | \DeclareUnicodeCharacter{22B4}{\unlhd}
 980 | % 22B8 ⊸ MULTIMAP
 981 | \DeclareUnicodeCharacter{22B8}{\multimap}
 982 | % 22BA ⊺ INTERCALATE
 983 | \DeclareUnicodeCharacter{22BA}{\intercal}
 984 | % 22BB ⊻ XOR
 985 | \DeclareUnicodeCharacter{22BB}{\veebar}
 986 | % 22BC ⊼ NAND
 987 | \DeclareUnicodeCharacter{22BC}{\barwedge}
 988 | % 22B5 ⊵ CONTAINS AS NORMAL SUBGROUP OR EQUAL TO
 989 | \DeclareUnicodeCharacter{22B5}{\unrhd}
 990 | % 22C0 ⋀ N-ARY LOGICAL AND
 991 | \DeclareUnicodeCharacter{22C0}{\bigwedge}
 992 | % 22C1 ⋁ N-ARY LOGICAL OR
 993 | \DeclareUnicodeCharacter{22C1}{\bigvee}
 994 | % 22C2 ⋂ N-ARY INTERSECTION
 995 | \DeclareUnicodeCharacter{22C2}{\bigcap}
 996 | % 22C3 ⋃ N-ARY UNION
 997 | \DeclareUnicodeCharacter{22C3}{\bigcup}
 998 | % 22C4 ⋄ DIAMOND OPERATOR
 999 | \DeclareUnicodeCharacter{22C4}{\diamond}
1000 | % 22C5 ⋅ DOT OPERATOR
1001 | \DeclareUnicodeCharacter{22C5}{\cdot}
1002 | % 22C6 ⋆ STAR OPERATOR
1003 | \DeclareUnicodeCharacter{22C6}{\star}
1004 | % 22C7 ⋇ DIVISION TIMES
1005 | \DeclareUnicodeCharacter{22C7}{\divideontimes}
1006 | % 22C8 ⋈ BOWTIE
1007 | \DeclareUnicodeCharacter{22C8}{\bowtie}
1008 | % 22C9 ⋉ LEFT NORMAL FACTOR SEMIDIRECT PRODUCT
1009 | \DeclareUnicodeCharacter{22C9}{\ltimes}
1010 | % 22CA ⋊ RIGHT NORMAL FACTOR SEMIDIRECT PRODUCT
1011 | \DeclareUnicodeCharacter{22CA}{\rtimes}
1012 | % 22CB ⋋ LEFT SEMIDIRECT PRODUCT
1013 | \DeclareUnicodeCharacter{22CB}{\leftthreetimes}
1014 | % 22CC ⋌ RIGHT SEMIDIRECT PRODUCT
1015 | \DeclareUnicodeCharacter{22CC}{\rightthreetimes}
1016 | % 22CD ⋍ REVERSED TILDE EQUALS
1017 | \DeclareUnicodeCharacter{22CD}{\backsimeq}
1018 | % 22CE ⋎ CURLY LOGICAL OR
1019 | \DeclareUnicodeCharacter{22CE}{\curlyvee}
1020 | % 22CF ⋏ CURLY LOGICAL AND
1021 | \DeclareUnicodeCharacter{22CF}{\curlywedge}
1022 | % 22D0 ⋐ DOUBLE SUBSET
1023 | \DeclareUnicodeCharacter{22D0}{\Subset}
1024 | % 22D1 ⋑ DOUBLE SUPERSET
1025 | \DeclareUnicodeCharacter{22D1}{\Supset}
1026 | % 22D2 ⋒ DOUBLE INTERSECTION
1027 | \DeclareUnicodeCharacter{22D2}{\Cap}
1028 | % 22D3 ⋓ DOUBLE UNION
1029 | \DeclareUnicodeCharacter{22D3}{\Cup}
1030 | % 22D4 ⋔ PITCHFORK
1031 | \DeclareUnicodeCharacter{22D4}{\pitchfork}
1032 | % 22D6 ⋖ LESS-THAN WITH DOT
1033 | \DeclareUnicodeCharacter{22D6}{\lessdot}
1034 | % 22D7 ⋗ GREATER-THAN WITH DOT
1035 | \DeclareUnicodeCharacter{22D7}{\gtrdot}
1036 | % 22D8 ⋘ VERY MUCH LESS-THAN
1037 | \DeclareUnicodeCharacter{22D8}{\lll}
1038 | % 22D9 ⋙ VERY MUCH GREATER-THAN
1039 | \DeclareUnicodeCharacter{22D9}{\ggg}
1040 | % 22DA ⋚ LESS-THAN EQUAL TO OR GREATER-THAN
1041 | \DeclareUnicodeCharacter{22DA}{\lesseqgtr}
1042 | % 22DB ⋛ GREATER-THAN EQUAL TO OR LESS-THAN
1043 | \DeclareUnicodeCharacter{22DB}{\gtreqless}
1044 | % 22DE ⋞ EQUAL TO OR PRECEDES
1045 | \DeclareUnicodeCharacter{22DE}{\curlyeqprec}
1046 | % 22DF ⋟ EQUAL TO OR SUCCEEDS
1047 | \DeclareUnicodeCharacter{22DF}{\curlyeqsucc}
1048 | % 22E0 ⋠ DOES NOT PRECEDE OR EQUAL
1049 | \DeclareUnicodeCharacter{22E0}{\npreceq}
1050 | % 22E1 ⋡ DOES NOT SUCCEED OR EQUAL
1051 | \DeclareUnicodeCharacter{22E1}{\nsucceq}
1052 | % 22E2 ⋢ NOT SQUARE IMAGE OF OR EQUAL TO
1053 | \DeclareUnicodeCharacter{22E2}{\nsqsubseteq}
1054 | % 22E3 ⋣ NOT SQUARE ORIGINAL OF OR EQUAL TO
1055 | \DeclareUnicodeCharacter{22E3}{\nsqsupseteq}
1056 | % 22E4 ⋤ SQUARE IMAGE OF OR NOT EQUAL TO
1057 | \DeclareUnicodeCharacter{22E4}{\sqsubsetneq}
1058 | % 22E5 ⋥ SQUARE ORIGINAL OF OR NOT EQUAL TO
1059 | \DeclareUnicodeCharacter{22E5}{\sqsupsetneq}
1060 | % 22E6 ⋦ LESS-THAN BUT NOT EQUIVALENT TO
1061 | \DeclareUnicodeCharacter{22E6}{\lnsim}
1062 | % 22E7 ⋧ GREATER-THAN BUT NOT EQUIVALENT TO
1063 | \DeclareUnicodeCharacter{22E7}{\gnsim}
1064 | % 22E8 ⋨ PRECEDES BUT NOT EQUIVALENT TO
1065 | \DeclareUnicodeCharacter{22E8}{\precnsim}
1066 | % 22E9 ⋩ SUCCEEDS BUT NOT EQUIVALENT TO
1067 | \DeclareUnicodeCharacter{22E9}{\succnsim}
1068 | % 22EA ⋪ NOT NORMAL SUBGROUP OF
1069 | \DeclareUnicodeCharacter{22EA}{\ntriangleleft}
1070 | % 22EB ⋫ DOES NOT CONTAIN AS NORMAL SUBGROUP
1071 | \DeclareUnicodeCharacter{22EB}{\ntriangleright}
1072 | % 22EC ⋬ NOT NORMAL SUBGROUP OF OR EQUAL TO
1073 | \DeclareUnicodeCharacter{22EC}{\ntrianglelefteq}
1074 | % 22ED ⋭ DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL
1075 | \DeclareUnicodeCharacter{22ED}{\ntrianglerighteq}
1076 | % 22EE ⋮ VERTICAL ELLIPSIS
1077 | \DeclareUnicodeCharacter{22EE}{\vdots}
1078 | % 22EF ⋯ MIDLINE HORIZONTAL ELLIPSIS
1079 | \DeclareUnicodeCharacter{22EF}{\cdots}
1080 | % 22F0 ⋰ UP RIGHT DIAGONAL ELLIPSIS
1081 | \DeclareUnicodeCharacter{22F0}{\iddots}
1082 | % 22F1 ⋱ DOWN RIGHT DIAGONAL ELLIPSIS
1083 | \DeclareUnicodeCharacter{22F1}{\ddots}
1084 | % 2300 ⌀ DIAMETER SIGN
1085 | \DeclareUnicodeCharacter{2300}{\diameter}
1086 | % 2308 ⌈ LEFT CEILING
1087 | \DeclareUnicodeCharacter{2308}{\lceil}
1088 | % 2309 ⌉ RIGHT CEILING
1089 | \DeclareUnicodeCharacter{2309}{\rceil}
1090 | % 230A ⌊ LEFT FLOOR
1091 | \DeclareUnicodeCharacter{230A}{\lfloor}
1092 | % 230B ⌋ RIGHT FLOOR
1093 | \DeclareUnicodeCharacter{230B}{\rfloor}
1094 | % 2322 ⌢ FROWN
1095 | \DeclareUnicodeCharacter{2322}{\frown}
1096 | % 2323 ⌣ SMILE
1097 | \DeclareUnicodeCharacter{2323}{\smile}
1098 | % 2329 〈 LEFT ANGLE BRAKET
1099 | \DeclareUnicodeCharacter{2329}{\langle}
1100 | % 232a 〉 RIGHT ANGLE BRAKET
1101 | \DeclareUnicodeCharacter{232A}{\rangle}
1102 | % 25A1 □ WHITE SQUARE
1103 | \DeclareUnicodeCharacter{25A1}{\square}
1104 | % 25B3 △ WHITE UP-POINTING TRIANGLE
1105 | \DeclareUnicodeCharacter{25B3}{\triangle}
1106 | % 2615 ☕ HOT BEVERAGE
1107 | \DeclareUnicodeCharacter{2615}{NONE " hot beverage}
1108 | % 2621 ☡ CAUTION SIGN
1109 | \DeclareUnicodeCharacter{2621}{\dbend}
1110 | % 2627 ☧ CHI RHO
1111 | \DeclareUnicodeCharacter{2627}{NONE " labarum}
1112 | % 2639 ☹ WHITE FROWNING FACE
1113 | \DeclareUnicodeCharacter{2639}{\frownie " wasysym}
1114 | % 263A ☺ WHITE SMILING FACE
1115 | \DeclareUnicodeCharacter{263A}{\smiley " wasysym}
1116 | % 2660 ♠ BLACK SPADE SUIT
1117 | \DeclareUnicodeCharacter{2660}{\spadesuit}
1118 | % 2661 ♡ WHITE HEART SUIT
1119 | \DeclareUnicodeCharacter{2661}{\heartsuit}
1120 | % 2662 ♢ WHITE DIAMOND SUIT
1121 | \DeclareUnicodeCharacter{2662}{\diamondsuit}
1122 | % 2663 ♣ BLACK CLUB SUIT
1123 | \DeclareUnicodeCharacter{2663}{\clubsuit}
1124 | % 266D ♭ MUSIC FLAT SIGN
1125 | \DeclareUnicodeCharacter{266D}{\flat}
1126 | % 266E ♮ MUSIC NATURAL SIGN
1127 | \DeclareUnicodeCharacter{266E}{\natural}
1128 | % 266F ♯ MUSIC SHARP SIGN
1129 | \DeclareUnicodeCharacter{266F}{\sharp}
1130 | % 26A0 ⚠ WARNING SIGN
1131 | \DeclareUnicodeCharacter{26A0}{\ensuremath{\lower .25ex\hbox{\Large $\triangle$\hskip -1.25ex}!\;\,}}
1132 | % 27C2 ⟂ PERPENDICULAR
1133 | \DeclareUnicodeCharacter{27C2}{\perp}
1134 | % 2A00 ⨀ N-ARY CIRCLED DOT OPERATOR
1135 | \DeclareUnicodeCharacter{2A00}{\bigodot}
1136 | % 2A01 ⨁ N-ARY CIRCLED PLUS OPERATOR
1137 | \DeclareUnicodeCharacter{2A01}{\bigoplus}
1138 | % 2A02 ⨂ N-ARY CIRCLED TIMES OPERATOR
1139 | \DeclareUnicodeCharacter{2A02}{\bigotimes}
1140 | % 2A05 ⨅ N-ARY SQUARE INTERSECTION OPERATOR
1141 | \DeclareUnicodeCharacter{2A05}{\bigsqcap}
1142 | % 2A06 ⨆ N-ARY SQUARE UNION OPERATOR
1143 | \DeclareUnicodeCharacter{2A06}{\bigsqcup}
1144 | % 2A1D ⨝ JOIN
1145 | \DeclareUnicodeCharacter{2A1D}{\join}
1146 | % 2A3F ⨿ AMALGAMATION OR COPRODUCT
1147 | \DeclareUnicodeCharacter{2A3F}{\amalg}
1148 | % 2A7D ⩽ LESS-THAN OR SLANTED EQUAL TO
1149 | \DeclareUnicodeCharacter{2A7D}{\leqslant}
1150 | % 2A7E ⩾ GREATER-THAN OR SLANTED EQUAL TO
1151 | \DeclareUnicodeCharacter{2A7E}{\geqslant}
1152 | % 2E18 ⸘ INVERTED INTERROBANG
1153 | \DeclareUnicodeCharacter{2E18}{\textinterrobangdown}
1154 | 


--------------------------------------------------------------------------------
/refs.bib:
--------------------------------------------------------------------------------
   1 | % Encoding: UTF-8
   2 | 
   3 | @book{Lam,
   4 |     AUTHOR = {Lam, T. Y.},
   5 |      TITLE = {Introduction to quadratic forms over fields},
   6 |     SERIES = {Graduate Studies in Mathematics},
   7 |     VOLUME = {67},
   8 |  PUBLISHER = {American Mathematical Society, Providence, RI},
   9 |       YEAR = {2005},
  10 |      PAGES = {xxii+550},
  11 |       ISBN = {0-8218-1095-2},
  12 |    MRCLASS = {11Exx},
  13 |   MRNUMBER = {2104929},
  14 | MRREVIEWER = {K. Szymiczek},
  15 | }
  16 | 
  17 | @Book{silverman:advanced,
  18 |   title                = {Advanced Topics in the Arithmetic of Elliptic Curves},
  19 |   publisher            = {Springer},
  20 |   year                 = {1994},
  21 |   author               = {Silverman, Joseph H.},
  22 |   volume               = {151},
  23 |   series               = {Graduate Texts in Mathematics},
  24 |   month                = jan,
  25 |   isbn                 = {0387943285},
  26 |   abstract             = {{This book continues the treatment of the arithmetic theory of elliptic curves begun in the first volume. The book begins with the theory of elliptic and modular functions for the full modular group r(1), including a discussion of Hekcke operators and the L-series associated to cusp forms. This is followed by a detailed study of elliptic curves with complex multiplication, their associated Gr\"{o}ssencharacters and L-series, and applications to the construction of abelian extensions of quadratic imaginary fields. Next comes a treatment of elliptic curves over function fields and elliptic surfaces, including specialization theorems for heights and sections. This material serves as a prelude to the theory of minimal models and N\'{e}ron models of elliptic curves, with a discussion of special fibers, conductors, and Ogg's formula. Next comes a brief description of q-models for elliptic curves over C and R, followed by Tate's theory of q-models for elliptic curves with non-integral j-invariant over p-adic fields. The book concludes with the construction of canonical local height functions on elliptic curves, including explicit formulas for both archimedean and non-archimedean fields.}},
  27 |   citeulike-article-id = {789887},
  28 |   citeulike-linkout-0  = {http://www.amazon.ca/exec/obidos/redirect?tag=citeulike09-20&amp;path=ASIN/0387943285},
  29 |   citeulike-linkout-1  = {http://www.amazon.de/exec/obidos/redirect?tag=citeulike01-21&amp;path=ASIN/0387943285},
  30 |   citeulike-linkout-2  = {http://www.amazon.fr/exec/obidos/redirect?tag=citeulike06-21&amp;path=ASIN/0387943285},
  31 |   citeulike-linkout-3  = {http://www.amazon.co.uk/exec/obidos/ASIN/0387943285/citeulike00-21},
  32 |   citeulike-linkout-4  = {http://www.amazon.com/exec/obidos/redirect?tag=citeulike07-20&path=ASIN/0387943285},
  33 |   citeulike-linkout-5  = {http://www.worldcat.org/isbn/0387943285},
  34 |   citeulike-linkout-6  = {http://books.google.com/books?vid=ISBN0387943285},
  35 |   citeulike-linkout-7  = {http://www.amazon.com/gp/search?keywords=0387943285&index=books&linkCode=qs},
  36 |   citeulike-linkout-8  = {http://www.librarything.com/isbn/0387943285},
  37 |   day                  = {01},
  38 |   groups               = {Isogenies},
  39 |   howpublished         = {Paperback},
  40 |   keywords             = {elliptic\_curve},
  41 |   posted-at            = {2010-06-20 19:57:19},
  42 |   url                  = {http://www.amazon.com/exec/obidos/redirect?tag=citeulike07-20&path=ASIN/0387943285},
  43 | }
  44 | 
  45 | @Book{silverman:elliptic,
  46 |   title                = {The arithmetic of elliptic curves},
  47 |   publisher            = {Springer-Verlag},
  48 |   year                 = {1992},
  49 |   author               = {Silverman, Joseph H.},
  50 |   volume               = {106},
  51 |   series               = {Graduate Texts in Mathematics},
  52 |   address              = {New York},
  53 |   citeulike-article-id = {10862495},
  54 |   comment              = {Corrected reprint of the 1986 original},
  55 |   groups               = {Isogenies},
  56 |   mrnumber             = {MR1329092 (95m:11054)},
  57 |   posted-at            = {2012-07-06 21:19:47},
  58 | }
  59 | 
  60 | @Book{langANT,
  61 |   title     = {Algebraic number theory},
  62 |   publisher = {Springer-Verlag},
  63 |   year      = {1994},
  64 |   author    = {Lang, Serge},
  65 |   volume    = {110},
  66 |   series    = {Graduate Texts in Mathematics},
  67 |   isbn      = {978-0-387-94225-4},
  68 |   doi       = {10.1007/978-1-4612-0853-2},
  69 |   location  = {New York},
  70 |   pagetotal = {XIII, 357},
  71 | }
  72 | 
  73 | @Book{lang1987elliptic,
  74 |   title     = {Elliptic Functions},
  75 |   publisher = {Springer},
  76 |   year      = {1987},
  77 |   author    = {Lang, Serge},
  78 |   volume    = {112},
  79 |   series    = {Graduate texts in mathematics},
  80 |   isbn      = {9780387965086},
  81 |   groups    = {Isogenies},
  82 |   lccn      = {87004514},
  83 | }
  84 | 
  85 | @Book{neukirch2013algebraic,
  86 |   title     = {Algebraic number theory},
  87 |   publisher = {Springer Verlag},
  88 |   year      = {1999},
  89 |   author    = {Neukirch, J{\"u}rgen},
  90 |   volume    = {322},
  91 |   isbn      = {978-3-642-08473-7},
  92 |   doi       = {10.1007/978-3-662-03983-0},
  93 |   location  = {Berlin Heidelberg},
  94 | }
  95 | 
  96 | @InProceedings{10.1007/3-540-44448-3_18,
  97 |   author    = {Hamdy, Safuat and M{\"o}ller, Bodo},
  98 |   title     = {Security of Cryptosystems Based on Class Groups of Imaginary Quadratic Orders},
  99 |   booktitle = {Advances in Cryptology --- ASIACRYPT 2000},
 100 |   year      = {2000},
 101 |   editor    = {Okamoto, Tatsuaki},
 102 |   pages     = {234--247},
 103 |   address   = {Berlin, Heidelberg},
 104 |   publisher = {Springer Berlin Heidelberg},
 105 |   abstract  = {In this work we investigate the dificulty of the
 106 |                    discrete logarithm problem in class groups of
 107 |                    imaginary quadratic orders.In particular, we discuss
 108 |                    several strategies to compute discrete logarithms in
 109 |                    those class groups.Based on heuristic reasoning, we
 110 |                    give advice for selecting the cryptographic
 111 |                    parameter, i.e. the discriminant, such that
 112 |                    cryptosystems based on class groups of imaginary
 113 |                    quadratic orders would offer a similar security as
 114 |                    commonly used cryptosystems.},
 115 |   isbn      = {978-3-540-44448-0},
 116 | }
 117 | 
 118 | @InProceedings{10.1007/3-540-44598-6_10,
 119 |   author    = {Ko, Ki Hyoung and Lee, Sang Jin and Cheon, Jung Hee and Han, Jae Woo and Kang, Ju-sung and Park, Choonsik},
 120 |   title     = {New Public-Key Cryptosystem Using Braid Groups},
 121 |   booktitle = {Advances in Cryptology --- CRYPTO 2000},
 122 |   year      = {2000},
 123 |   editor    = {Bellare, Mihir},
 124 |   pages     = {166--183},
 125 |   address   = {Berlin, Heidelberg},
 126 |   publisher = {Springer Berlin Heidelberg},
 127 |   abstract  = {The braid groups are infinite non-commutative groups
 128 |                    naturally arising from geometric braids. The aim of
 129 |                    this article is twofold. One is to show that the
 130 |                    braid groups can serve as a good source to enrich
 131 |                    cryptography. The feature that makes the braid groups
 132 |                    useful to cryptography includes the followings: (i)
 133 |                    The word problem is solved via a fast algorithm which
 134 |                    computes the canonical form which can be efficiently
 135 |                    manipulated by computers. (ii) The group operations
 136 |                    can be performed efficiently. (iii) The braid groups
 137 |                    have many mathematically hard problems that can be
 138 |                    utilized to design cryptographic primitives. The
 139 |                    other is to propose and implement a new key agreement
 140 |                    scheme and public key cryptosystem based on these
 141 |                    primitives in the braid groups. The efficiency of our
 142 |                    systems is demonstrated by their speed and
 143 |                    information rate. The security of our systems is
 144 |                    based on topological, combinatorial and
 145 |                    group-theoretical problems that are intractible
 146 |                    according to our current mathematical knowledge. The
 147 |                    foundation of our systems is quite different from
 148 |                    widely used cryptosystems based on number theory, but
 149 |                    there are some similarities in design.},
 150 |   isbn      = {978-3-540-44598-2},
 151 | }
 152 | 
 153 | @InProceedings{10.1007/3-540-44598-6_8,
 154 |   author    = {Biehl, Ingrid and Meyer, Bernd and M{\"u}ller, Volker},
 155 |   title     = {Differential Fault Attacks on Elliptic Curve Cryptosystems},
 156 |   booktitle = {Advances in Cryptology --- CRYPTO 2000},
 157 |   year      = {2000},
 158 |   editor    = {Bellare, Mihir},
 159 |   pages     = {131--146},
 160 |   address   = {Berlin, Heidelberg},
 161 |   publisher = {Springer Berlin Heidelberg},
 162 |   isbn      = {978-3-540-44598-2},
 163 | }
 164 | 
 165 | @InProceedings{10.1007/3-540-45353-9_12,
 166 |   author    = {Abdalla, Michel and Bellare, Mihir and Rogaway, Phillip},
 167 |   title     = {The Oracle {D}iffie--{H}ellman Assumptions and an Analysis of {DHIES}},
 168 |   booktitle = {Topics in Cryptology --- CT-RSA 2001},
 169 |   year      = {2001},
 170 |   editor    = {Naccache, David},
 171 |   pages     = {143--158},
 172 |   address   = {Berlin, Heidelberg},
 173 |   publisher = {Springer Berlin Heidelberg},
 174 |   abstract  = {This paper provides security analysis for the
 175 |                    public-key encryption scheme DHIES (formerly named
 176 |                    DHES and DHAES), which was proposed in [7] and is now
 177 |                    in several draft standards. DHIES is a Diffie-Hellman
 178 |                    based scheme that combines a symmetric encryption
 179 |                    method, a message authentication code, and a hash
 180 |                    function, in addition to number-theoretic operations,
 181 |                    in a way which is intended to provide security
 182 |                    against chosen-ciphertext attacks. In this paper we
 183 |                    find natural assumptions under which DHIES achieves
 184 |                    security under chosen-ciphertext attack. The
 185 |                    assumptions we make about the Diffie-Hellman problem
 186 |                    are interesting variants of the customary ones, and
 187 |                    we investigate relationships among them, and provide
 188 |                    security lower bounds. Our proofs are in the standard
 189 |                    model; no random-oracle assumption is required.},
 190 |   isbn      = {978-3-540-45353-6},
 191 | }
 192 | 
 193 | @InProceedings{10.1007/3-540-48405-1_34,
 194 |   author    = {Fujisaki, Eiichiro and Okamoto, Tatsuaki},
 195 |   title     = {Secure Integration of Asymmetric and Symmetric Encryption Schemes},
 196 |   booktitle = {Advances in Cryptology --- CRYPTO' 99},
 197 |   year      = {1999},
 198 |   editor    = {Wiener, Michael},
 199 |   pages     = {537--554},
 200 |   address   = {Berlin, Heidelberg},
 201 |   publisher = {Springer Berlin Heidelberg},
 202 |   abstract  = {This paper shows a generic and simple conversion from
 203 |                    weak asymmetric and symmetric encryption schemes into
 204 |                    an asymmetric encryption scheme which is secure in a
 205 |                    very strong sense --- indistinguishability against
 206 |                    adaptive chosen-ciphertext attacks in the random
 207 |                    oracle model. In particular, this conversion can be
 208 |                    applied efficiently to an asymmetric encryption
 209 |                    scheme that provides a large enough coin space and,
 210 |                    for every message, many enough variants of the
 211 |                    encryption, like the ElGamal encryption scheme.},
 212 |   isbn      = {978-3-540-48405-9},
 213 | }
 214 | 
 215 | @InProceedings{10.1007/978-3-319-70500-2_12,
 216 |   author    = {Hofheinz, Dennis and H{\"o}velmanns, Kathrin and Kiltz, Eike},
 217 |   title     = {A Modular Analysis of the {Fujisaki-Okamoto} Transformation},
 218 |   booktitle = {Theory of Cryptography},
 219 |   year      = {2017},
 220 |   editor    = {Kalai, Yael and Reyzin, Leonid},
 221 |   pages     = {341--371},
 222 |   publisher = {Springer International Publishing},
 223 |   isbn      = {978-3-319-70500-2},
 224 | }
 225 | 
 226 | @InProceedings{10.1007/978-3-642-14081-5_15,
 227 |   author    = {Biasse, Jean-Fran{\c{c}}ois and Jacobson, Michael J. and Silvester, Alan K.},
 228 |   title     = {Security Estimates for Quadratic Field Based Cryptosystems},
 229 |   booktitle = {Information Security and Privacy},
 230 |   year      = {2010},
 231 |   editor    = {Steinfeld, Ron and Hawkes, Philip},
 232 |   pages     = {233--247},
 233 |   address   = {Berlin, Heidelberg},
 234 |   publisher = {Springer Berlin Heidelberg},
 235 |   abstract  = {We describe implementations for solving the discrete
 236 |                    logarithm problem in the class group of an imaginary
 237 |                    quadratic field and in the infrastructure of a real
 238 |                    quadratic field. The algorithms used incorporate
 239 |                    improvements over previously-used algorithms, and
 240 |                    extensive numerical results are presented
 241 |                    demonstrating their efficiency. This data is used as
 242 |                    the basis for extrapolations, used to provide
 243 |                    recommendations for parameter sizes providing
 244 |                    approximately the same level of security as block
 245 |                    ciphers with 80, 112, 128, 192, and 256-bit symmetric
 246 |                    keys.},
 247 |   isbn      = {978-3-642-14081-5},
 248 | }
 249 | 
 250 | @InProceedings{10.1007/978-3-642-60539-0_27,
 251 |   author    = {Gao, Shuhong and Panario, Daniel},
 252 |   title     = {Tests and Constructions of Irreducible Polynomials over Finite Fields},
 253 |   booktitle = {Foundations of Computational Mathematics},
 254 |   year      = {1997},
 255 |   editor    = {Cucker, Felipe and Shub, Michael},
 256 |   pages     = {346--361},
 257 |   address   = {Berlin, Heidelberg},
 258 |   publisher = {Springer Berlin Heidelberg},
 259 |   abstract  = {In this paper we focus on tests and constructions of
 260 |                    irreducible polynomials over finite fields. We
 261 |                    revisit Rabin's (1980) algorithm providing a variant
 262 |                    of it that improves Rabin's cost estimate by a log n
 263 |                    factor. We give a precise analysis of the probability
 264 |                    that a random polynomial of degree n contains no
 265 |                    irreducible factors of degree less than O(log n).
 266 |                    This probability is naturally related to Ben-Or's
 267 |                    (1981) algorithm for testing irreducibility of
 268 |                    polynomials over finite fields. We also compute the
 269 |                    probability of a polynomial being irreducible when it
 270 |                    has no irreducible factors of low degree. This
 271 |                    probability is useful in the analysis of various
 272 |                    algorithms for factoring polynomials over finite
 273 |                    fields. We present an experimental comparison of
 274 |                    these irreducibility methods when testing random
 275 |                    polynomials.},
 276 |   isbn      = {978-3-642-60539-0},
 277 | }
 278 | 
 279 | @InProceedings{10.1007/BFb0052240,
 280 |   author    = {Lim, Chae Hoon and Lee, Pil Joong},
 281 |   title     = {A key recovery attack on discrete log-based schemes using a prime order subgroup},
 282 |   booktitle = {Advances in Cryptology --- CRYPTO '97},
 283 |   year      = {1997},
 284 |   editor    = {Kaliski, Burton S.},
 285 |   pages     = {249--263},
 286 |   address   = {Berlin, Heidelberg},
 287 |   publisher = {Springer Berlin Heidelberg},
 288 |   abstract  = {Consider the well-known oracle attack: somehow one
 289 |                    gets a certain computation result as a function of a
 290 |                    secret key from the secret key owner and tries to
 291 |                    extract some information on the secret key. This
 292 |                    attacking scenario is well understood in the
 293 |                    cryptographic community. However, there are many
 294 |                    protocols based on the discrete logarithm problem
 295 |                    that turn out to leak many of the secret key bits
 296 |                    from this oracle attack, unless suitable checkings
 297 |                    are carried out. In this paper we present a key
 298 |                    recovery attack on various discrete log-based schemes
 299 |                    working in a prime order subgroup. Our attack may
 300 |                    reveal part of, or the whole secret key in most
 301 |                    Diffie-Hellman-type key exchange protocols and some
 302 |                    applications of ElGamal encryption and signature
 303 |                    schemes.},
 304 |   isbn      = {978-3-540-69528-8},
 305 | }
 306 | 
 307 | @InProceedings{10.1007/BFb0099440,
 308 |   author    = {Cohen, Henri and Lenstra, Hendrik W.},
 309 |   title     = {Heuristics on class groups of number fields},
 310 |   booktitle = {Number Theory Noordwijkerhout 1983},
 311 |   year      = {1984},
 312 |   editor    = {Jager, Hendrik},
 313 |   pages     = {33--62},
 314 |   address   = {Berlin, Heidelberg},
 315 |   publisher = {Springer Berlin Heidelberg},
 316 |   isbn      = {978-3-540-38906-4},
 317 | }
 318 | 
 319 | @Article{10.2307/24522768,
 320 |   author    = {David Harvey},
 321 |   title     = {Counting points on hyperelliptic curves in average polynomial time},
 322 |   journal   = {Annals of Mathematics},
 323 |   year      = {2014},
 324 |   volume    = {179},
 325 |   number    = {2},
 326 |   pages     = {783--803},
 327 |   issn      = {0003486X},
 328 |   abstract  = {Let g ≥ 1, and let Q ∈ Z[x] be a monic,
 329 |                    squarefree polynomial of degree 2g + 1. For an odd
 330 |                    prime p not dividing the discriminant of Q, let Zp(T)
 331 |                    denote the zeta function of the hyperelliptic curve
 332 |                    of genus g over the finite field Fp obtained by
 333 |                    reducing the coefficients of the equation y2 = Q(x)
 334 |                    modulo p. We present an explicit deterministic
 335 |                    algorithm that given as input Q and a positive
 336 |                    integer N, computes Zp(T) simultaneously for all such
 337 |                    primes p < N, whose average complexity per prime is
 338 |                    polynomial in g, log N, and the number of bits
 339 |                    required to represent Q.},
 340 |   publisher = {Annals of Mathematics},
 341 |   url       = {http://www.jstor.org/stable/24522768},
 342 | }
 343 | 
 344 | @InProceedings{Adleman-Lenstra,
 345 |   author    = {Adleman, Leonard M. and Lenstra, Hendrik W.},
 346 |   title     = {Finding Irreducible Polynomials over Finite Fields},
 347 |   booktitle = {Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing},
 348 |   year      = {1986},
 349 |   series    = {STOC '86},
 350 |   pages     = {350--355},
 351 |   address   = {New York, NY, USA},
 352 |   publisher = {ACM},
 353 |   doi       = {10.1145/12130.12166},
 354 |   isbn      = {0-89791-193-8},
 355 | }
 356 | 
 357 | @Article{Allombert02,
 358 |   author  = {Bill Allombert},
 359 |   title   = {Explicit Computation of Isomorphisms between Finite Fields},
 360 |   journal = {Finite Fields and Their Applications},
 361 |   year    = {2002},
 362 |   volume  = {8},
 363 |   number  = {3},
 364 |   pages   = {332--342},
 365 |   doi     = {10.1006/ffta.2001.0344},
 366 | }
 367 | 
 368 | @Electronic{Allombert02-rev,
 369 |   author = {Bill Allombert},
 370 |   year   = {2002},
 371 |   title  = {Explicit Computation of Isomorphisms between Finite Fields},
 372 |   note   = {Revised version},
 373 |   url    = {https://www.math.u-bordeaux.fr/~ballombe/fpisom.ps},
 374 |   number = {3},
 375 |   pages  = {332--342},
 376 |   volume = {8},
 377 | }
 378 | 
 379 | @InProceedings{antipa+brown+gallant+lambert+struik+vanstone06,
 380 |   author    = {Antipa, Adrian and Brown, Daniel and Gallant, Robert and Lambert, Rob and Struik, Ren\'{e} and Vanstone, Scott},
 381 |   title     = {Accelerated Verification of {ECDSA} Signatures},
 382 |   booktitle = {Selected Areas in Cryptography 2005},
 383 |   year      = {2006},
 384 |   volume    = {3897},
 385 |   series    = {Lecture Notes in Computer Science},
 386 |   pages     = {307--318},
 387 |   address   = {Berlin, Heidelberg},
 388 |   publisher = {Springer Berlin / Heidelberg},
 389 |   abstract  = {{Verification of ECDSA signatures is considerably
 390 |                    slower than generation of ECDSA signatures. This
 391 |                    paper describes a method that can be used to
 392 |                    accelerate verification of ECDSA signatures by more
 393 |                    than 40\% with virtually no added implementation
 394 |                    complexity. The method can also be used to accelerate
 395 |                    verification for other ElGamal-like signature
 396 |                    algorithms, including DSA.}},
 397 |   chapter   = {21},
 398 |   doi       = {10.1007/11693383_21},
 399 |   isbn      = {978-3-540-33108-7},
 400 | }
 401 | 
 402 | @Electronic{atkin91,
 403 |   author       = {Atkin, Arthur O. L.},
 404 |   year         = {1991},
 405 |   title        = {The number of points on an elliptic curve modulo a prime},
 406 |   howpublished = {Manuscript, Chicago IL},
 407 |   url          = {http://www.lix.polytechnique.fr/Labo/Francois.Morain/AtkinEmails/19910614.txt},
 408 | }
 409 | 
 410 | @Electronic{atkin92,
 411 |   author       = {Atkin, Arthur O. L.},
 412 |   year         = {1992},
 413 |   title        = {The number of points on an elliptic curve modulo a prime (II)},
 414 |   howpublished = {\url{http://www.lix.polytechnique.fr/Labo/Francois.Morain/AtkinEmails/19910614.txt}},
 415 |   url          = {http://www.lix.polytechnique.fr/Labo/Francois.Morain/AtkinEmails/19920319.txt},
 416 | }
 417 | 
 418 | @Article{AtkinMorain93,
 419 |   author  = {Atkin, Arthur O. L. and Morain, François},
 420 |   title   = {Elliptic curves and primality proving},
 421 |   journal = {Mathematics of Computation},
 422 |   year    = {1993},
 423 |   volume  = {61},
 424 |   number  = {203},
 425 |   pages   = {29--68},
 426 |   issn    = {0025-5718},
 427 |   doi     = {10.2307/2152935},
 428 | }
 429 | 
 430 | @Article{Aubry:1999:TTS:2947511.2947551,
 431 |   author    = {Aubry, Philippe and Lazard, Daniel and Moreno Maza, Marc},
 432 |   title     = {On the Theories of Triangular Sets},
 433 |   journal   = {Journal of Symbolic Computation},
 434 |   year      = {1999},
 435 |   volume    = {28},
 436 |   number    = {1},
 437 |   pages     = {105--124},
 438 |   month     = jul,
 439 |   issn      = {0747-7171},
 440 |   address   = {Duluth, MN, USA},
 441 |   doi       = {10.1006/jsco.1999.0269},
 442 |   publisher = {Academic Press, Inc.},
 443 | }
 444 | 
 445 | @PhdThesis{belding08-thesis,
 446 |   author   = {Belding, Juliana V.},
 447 |   title    = {Number Theoretic Algorithms for Elliptic Curves},
 448 |   school   = {University of Maryland},
 449 |   year     = {2008},
 450 |   abstract = {We present new algorithms related to both theoretical
 451 |                    and practical questions in the area of elliptic
 452 |                    curves and class field theory. The dissertation has
 453 |                    two main parts, as described below. Let O be an
 454 |                    imaginary quadratic order of discriminant D < 0, and
 455 |                    let K = √ Q( D). The class polynomial HD of O is
 456 |                    the polynomial whose roots are precisely the
 457 |                    j-invariants of elliptic curves with complex
 458 |                    multiplication by O. Computing this polynomial is
 459 |                    useful in constructing elliptic curves suitable for
 460 |                    cryptography, as well as in the context of explicit
 461 |                    class field theory. In the first part of the
 462 |                    dissertation, we present an algorithm to compute HD
 463 |                    p-adically where p is a prime inert in K and not
 464 |                    dividing D. ̃ This involves computing the canonical
 465 |                    lift E of a pair (E, f ) where E is a supersingular
 466 |                    elliptic curve and f is an embedding of O into the
 467 |                    endomorphism ring of E. We also present an algorithm
 468 |                    to compute HD modulo p for p inert which is used in
 469 |                    the Chinese remainder theorem algorithm to compute HD
 470 |                    . For an elliptic curve E over any field K, the Weil
 471 |                    pairing en is a bilinear map on the points of order n
 472 |                    of E. The Weil pairing is a useful tool in both the
 473 |                    theory of elliptic curves and the application of
 474 |                    elliptic curves to cryptography. However, for K of
 475 |                    characteristic p, the classical Weil pairing on the
 476 |                    points of order p is trivial. In the second part of
 477 |                    the dissertation, we consider E over the dual numbers
 478 |                    K[ ] and define a non-degenerate ” Weil pairing on
 479 |                    p-torsion.” We show that this pairing satisfies
 480 |                    many of the same properties of the classical pairing.
 481 |                    Moreover, we show that it directly relates to recent
 482 |                    attacks on the discrete logarithm problem on the
 483 |                    p-torsion subgroup of an elliptic curve over the
 484 |                    finite field Fq . We also present a new attack on the
 485 |                    discrete logarithm problem on anomalous curves using
 486 |                    a lift of E over Fp [ ].},
 487 | }
 488 | 
 489 | @InProceedings{Ben-Or1981,
 490 |   author    = {Ben-Or, Michael},
 491 |   title     = {Probabilistic algorithms in finite fields},
 492 |   booktitle = {22nd Annual Symposium on Foundations of Computer Science ({SFCS} 1981)},
 493 |   year      = {1981},
 494 |   pages     = {394--398},
 495 |   month     = oct,
 496 |   doi       = {10.1109/SFCS.1981.37},
 497 |   issn      = {0272-5428},
 498 | }
 499 | 
 500 | @Article{berlekamp1970factoring,
 501 |   author  = {Berlekamp, Elwyn R.},
 502 |   title   = {Factoring polynomials over large finite fields},
 503 |   journal = {Mathematics of computation},
 504 |   year    = {1970},
 505 |   volume  = {24},
 506 |   number  = {111},
 507 |   pages   = {713--735},
 508 |   doi     = {10.1090/S0025-5718-1970-0276200-X},
 509 | }
 510 | 
 511 | @Article{Berlekamp82,
 512 |   author  = {Berlekamp, Elwyn R.},
 513 |   title   = {Bit-serial {R}eed--{S}olomon encoders},
 514 |   journal = {IEEE Transactions on Information Theory},
 515 |   year    = {1982},
 516 |   volume  = {28},
 517 |   number  = {6},
 518 |   pages   = {869--874},
 519 | }
 520 | 
 521 | @InProceedings{BGPS05,
 522 |   author    = {Bostan, Alin and Gonz{\'a}lez-Vega, Laureano and Perdry, Hervé and Schost, {\'E}ric},
 523 |   title     = {From {N}ewton sums to coefficients: complexity issues in characteristic $p$},
 524 |   booktitle = {MEGA'05},
 525 |   year      = {2005},
 526 | }
 527 | 
 528 | @Article{bisson+sutherland11,
 529 |   author   = {Bisson, Gaetan and Sutherland, Andrew V.},
 530 |   title    = {Computing the endomorphism ring of an ordinary elliptic curve over a finite field},
 531 |   journal  = {Journal of Number Theory},
 532 |   year     = {2011},
 533 |   volume   = {131},
 534 |   number   = {5},
 535 |   pages    = {815--831},
 536 |   month    = may,
 537 |   issn     = {0022314X},
 538 |   abstract = {We present two algorithms to compute the endomorphism
 539 |                    ring of an ordinary elliptic curve E defined over a
 540 |                    finite field . Under suitable heuristic assumptions,
 541 |                    both have subexponential complexity. We bound the
 542 |                    complexity of the first algorithm in terms of , while
 543 |                    our bound for the second algorithm depends primarily
 544 |                    on {log|DE}|, where {DE} is the discriminant of the
 545 |                    order isomorphic to {End(E}). As a byproduct, our
 546 |                    method yields a short certificate that may be used to
 547 |                    verify that the endomorphism ring is as claimed.},
 548 |   doi      = {10.1016/j.jnt.2009.11.003},
 549 | }
 550 | 
 551 | @Book{blake+seroussi+smart,
 552 |   title     = {Elliptic curves in cryptography},
 553 |   publisher = {Cambridge University Press},
 554 |   year      = {1999},
 555 |   author    = {Blake, Ian F. and Seroussi, Gadiel and Smart, Nigel P.},
 556 |   address   = {New York, NY, USA},
 557 |   isbn      = {0-521-65374-6},
 558 | }
 559 | 
 560 | @Article{BoFlSaSc06,
 561 |   author   = {Alin Bostan and Philippe Flajolet and Bruno Salvy and Éric Schost},
 562 |   title    = {Fast computation of special resultants},
 563 |   journal  = {Journal of Symbolic Computation},
 564 |   year     = {2006},
 565 |   volume   = {41},
 566 |   number   = {1},
 567 |   pages    = {1--29},
 568 |   issn     = {0747-7171},
 569 |   abstract = {We propose fast algorithms for computing composed
 570 |                    products and composed sums, as well as diamond
 571 |                    products of univariate polynomials. These operations
 572 |                    correspond to special multivariate resultants, that
 573 |                    we compute using power sums of roots of polynomials,
 574 |                    by means of their generating series.},
 575 |   doi      = {10.1016/j.jsc.2005.07.001},
 576 | }
 577 | 
 578 | @Article{bosma+cannon+steel97,
 579 |   author    = {Bosma, Wieb and Cannon, John and Steel, Allan},
 580 |   title     = {Lattices of compatibly embedded finite fields},
 581 |   journal   = {Journal of Symbolic Computation},
 582 |   year      = {1997},
 583 |   volume    = {24},
 584 |   number    = {3-4},
 585 |   pages     = {351--369},
 586 |   issn      = {0747-7171},
 587 |   address   = {Duluth, MN, USA},
 588 |   doi       = {10.1006/jsco.1997.0138},
 589 |   publisher = {Academic Press, Inc.},
 590 | }
 591 | 
 592 | @InProceedings{bostan+lecerf+schost:tellegen,
 593 |   author    = {Bostan, Alin and Lecerf, Gr{\'e}goire and Schost, \'{E}ric},
 594 |   title     = {{T}ellegen's principle into practice},
 595 |   booktitle = {ISSAC'03},
 596 |   year      = {2003},
 597 |   pages     = {37--44},
 598 |   publisher = {ACM},
 599 |   abstract  = {The transposition principle, also called Tellegen's
 600 |                    principle, is a set of transformation rules for
 601 |                    linear programs. Yet, though well known, it is not
 602 |                    used systematically, and few practical
 603 |                    implementations rely on it. In this article, we
 604 |                    propose explicit transposed versions of polynomial
 605 |                    multiplication and division but also new faster
 606 |                    algorithms for multipoint evaluation, interpolation
 607 |                    and their transposes. We report on their
 608 |                    implementation in Shoup's {NTL} C++ library.},
 609 |   doi       = {10.1145/860854.860870},
 610 |   isbn      = {1-58113-641-2},
 611 | }
 612 | 
 613 | @Article{bostan+morain+salvy+schost08,
 614 |   author   = {Bostan, Alin and Morain, Fran\c{c}ois and Salvy, Bruno and Schost, {\'{E}}ric},
 615 |   title    = {Fast algorithms for computing isogenies between elliptic curves},
 616 |   journal  = {Mathematics of Computation},
 617 |   year     = {2008},
 618 |   volume   = {77},
 619 |   number   = {263},
 620 |   pages    = {1755--1778},
 621 |   month    = sep,
 622 |   issn     = {0025-5718},
 623 |   abstract = {We survey algorithms for computing isogenies between
 624 |                    elliptic curvesdefined over a field of characteristic
 625 |                    either 0 or a large prime. Weintroduce a new
 626 |                    algorithm that computes an isogeny of degree ell (
 627 |                    elldifferent from the characteristic) in time
 628 |                    quasi-linear with respect to ell E This is based in
 629 |                    particular on fast algorithms for power
 630 |                    seriesexpansion of the Weierstrass wp -function and
 631 |                    related functions.},
 632 |   doi      = {10.1090/S0025-5718-08-02066-8},
 633 | }
 634 | 
 635 | @Article{bostan+salvy+schost03,
 636 |   author   = {Bostan, Alin and Salvy, Bruno and Schost, \'{E}ric},
 637 |   title    = {Fast Algorithms for Zero-Dimensional Polynomial Systems using Duality},
 638 |   journal  = {Applicable Algebra in Engineering, Communication and Computing},
 639 |   year     = {2003},
 640 |   volume   = {14},
 641 |   number   = {4},
 642 |   pages    = {239--272},
 643 |   month    = nov,
 644 |   issn     = {0938-1279},
 645 |   abstract = {Many questions concerning a zero-dimensional
 646 |                    polynomial system can be reduced to linear algebra
 647 |                    operations in the quotient algebra A= k[ X 1,…, X
 648 |                    n]/I, where I is the ideal generated by the input
 649 |                    system. Assuming that the multiplicative structure of
 650 |                    the algebra A is (partly) known, we address the
 651 |                    question of speeding up the linear algebra phase for
 652 |                    the computation of minimal polynomials and rational
 653 |                    parametrizations in A. We present new formul{\ae} for
 654 |                    the rational parametrizations, extending those of
 655 |                    Rouillier, and algorithms extending ideas introduced
 656 |                    by Shoup in the univariate case. Our approach is
 657 |                    based on the A-module structure of the dual space
 658 |                    \$\widehat{A}\$ . An important feature of our
 659 |                    algorithms is that we do not require \$\widehat{A}\$
 660 |                    to be free and of rank 1. The complexity of our
 661 |                    algorithms for computing the minimal polynomial and
 662 |                    the rational parametrizations are O(2 nD 5/2) and O(
 663 |                    n2 nD 5/2) respectively, where D is the dimension of
 664 |                    A. For fixed n, this is better than algorithms based
 665 |                    on linear algebra except when the complexity of the
 666 |                    available matrix product has exponent less than 5/2.},
 667 |   doi      = {10.1007/s00200-003-0133-5},
 668 | }
 669 | 
 670 | @Book{Bostan10,
 671 |   title  = {Algorithmes rapides pour les polyn\^omes, s\'eries formelles et matrices},
 672 |   year   = {2010},
 673 |   author = {Alin Bostan},
 674 |   volume = {1},
 675 |   number = {2},
 676 |   series = {Les cours du CIRM},
 677 |   url    = {https://hal.inria.fr/hal-00780433/},
 678 | }
 679 | 
 680 | @Book{BourbakiAlgCom9,
 681 |   title     = {\'{E}l\'ements de math\'ematique},
 682 |   publisher = {Springer},
 683 |   year      = {2007},
 684 |   author    = {Bourbaki, Nicolas},
 685 |   note      = {Alg{\`e}bre. Chapitre 9},
 686 | }
 687 | 
 688 | @Article{BrCa87,
 689 |   author   = {Joel V. Brawley and Leonard Carlitz},
 690 |   title    = {Irreducibles and the composed product for polynomials over a finite field},
 691 |   journal  = {Discrete Mathematics},
 692 |   year     = {1987},
 693 |   volume   = {65},
 694 |   number   = {2},
 695 |   pages    = {115--139},
 696 |   issn     = {0012-365X},
 697 |   abstract = {Let GF(q) denote the finite field of q elements and
 698 |                    let GF[q,x] denote the integral domain of polynomials
 699 |                    in an indeterminate x over GF(q). Further, let Γ =
 700 |                    Γ(q) denote the algebraic closure of GF(q) so that
 701 |                    every polynomial in GF[q,x] on which there is defined
 702 |                    a binary considers certain sets of monic polynomials
 703 |                    from GF[q,x] on which there is defined a binary
 704 |                    operation called the composed product. Here, if f and
 705 |                    g are monics in GF[q,x] with deg f = m and deg g=n,
 706 |                    then the composed product, denoted by f♦g and
 707 |                    defined in terms of the roots of f and g, is also in
 708 |                    GF[q,x] and has degree mn. In the present paper, the
 709 |                    two most important composed products, denoted by the
 710 |                    special symbols Ō and ∗, are those induced by the
 711 |                    field multiplication and the field addition on Γ and
 712 |                    defined by: f∘g = Π Παβ (x − αβ), f∗g =
 713 |                    Π Παβ (x − (α+β)), where the products
 714 |                    indicated by П are the usual products in Γ[x] and
 715 |                    are taken over all the roots α of f and β of g,
 716 |                    (including multiplicities). These two composed
 717 |                    products are called composed multiplication and
 718 |                    composed addition, respectively. After introducing
 719 |                    and developing some theory concerning a more general
 720 |                    notion of composed product, this paper moves to the
 721 |                    special composed products above and asks whether the
 722 |                    irreducibles over GF(q) can be factored uniquely into
 723 |                    indecomposables with respect to each of these
 724 |                    products. Here, the term “irreducible” is used in
 725 |                    the usual sense of the word while the term
 726 |                    “indecomposable” is used in reference to composed
 727 |                    products. This question is shown to have an
 728 |                    affirmative answer in both situations, and thus yield
 729 |                    unique factorization theorems (multiplicative and
 730 |                    additive) for Γ. These theorems are then used to
 731 |                    prove corresponding unique factorization theorems for
 732 |                    all subfields of Γ. Next, it is shown that there are
 733 |                    no irreducibles f in GF[q,x] which can be decomposed
 734 |                    as f=f1Ōg1=f2∗g2 (except for trivial
 735 |                    decompositions). A special inversion formula is then
 736 |                    derived and using this inversion formula, the authors
 737 |                    determine the numbers of irreducibles of degree n
 738 |                    which are indecomposable with respect to (i) composed
 739 |                    multiplication Ō, (ii) composed addition ∗, and
 740 |                    (iii) both the composed products Ō and ∗
 741 |                    simultaneously. These numbers are given in terms of
 742 |                    the well-known number of irreducibles of degree n
 743 |                    over GF(q). A final section contains some discussion
 744 |                    and several observations about the more general
 745 |                    composed product.},
 746 |   doi      = {10.1016/0012-365X(87)90135-X},
 747 | }
 748 | 
 749 | @Article{brent+kung,
 750 |   author    = {Brent, Richard P. and Kung, Hsiang Te},
 751 |   title     = {Fast Algorithms for Manipulating Formal Power Series},
 752 |   journal   = {Journal of the ACM},
 753 |   year      = {1978},
 754 |   volume    = {25},
 755 |   number    = {4},
 756 |   pages     = {581--595},
 757 |   issn      = {0004-5411},
 758 |   abstract  = {Note: {OCR} errors may be found in this Reference
 759 |                    List extracted from the full text article. {ACM} has
 760 |                    opted to expose the complete List rather than only
 761 |                    correct and linked references.},
 762 |   address   = {New York, NY, USA},
 763 |   doi       = {10.1145/322092.322099},
 764 |   publisher = {ACM},
 765 | }
 766 | 
 767 | @Article{brieulle2018computing,
 768 |   author  = {Brieulle, Ludovic and De Feo, Luca and Doliskani, Javad and Flori, Jean-Pierre and Schost, {\'E}ric},
 769 |   title   = {Computing isomorphisms and embeddings of finite fields},
 770 |   journal = {Mathematics of Computation},
 771 |   year    = {2019},
 772 |   number  = {88},
 773 |   pages   = {1391--1426},
 774 |   doi     = {10.1090/mcom/3363},
 775 | }
 776 | 
 777 | @Article{Broeker2009,
 778 |   author    = {Bröker, Reinier and Lauter, Kristin},
 779 |   title     = {Modular Polynomials for Genus 2},
 780 |   journal   = {LMS Journal of Computation and Mathematics},
 781 |   year      = {2009},
 782 |   volume    = {12},
 783 |   pages     = {326--339},
 784 |   doi       = {10.1112/S1461157000001546},
 785 |   publisher = {Cambridge University Press},
 786 | }
 787 | 
 788 | @Article{broker-ss,
 789 |   author  = {Br{\"o}ker, Reinier},
 790 |   title   = {Constructing supersingular elliptic curves},
 791 |   journal = {Journal of Combinatorics and Number Theory},
 792 |   year    = {2009},
 793 |   volume  = {1},
 794 |   number  = {3},
 795 |   pages   = {269--273},
 796 |   issn    = {1942-5600},
 797 | }
 798 | 
 799 | @Article{Brooks2017,
 800 |   author   = {Brooks, Ernest Hunter and Jetchev, Dimitar and Wesolowski, Benjamin},
 801 |   title    = {Isogeny graphs of ordinary abelian varieties},
 802 |   journal  = {Research in Number Theory},
 803 |   year     = {2017},
 804 |   volume   = {3},
 805 |   number   = {1},
 806 |   pages    = {28},
 807 |   month    = nov,
 808 |   issn     = {2363-9555},
 809 |   abstract = {Fix a prime number {\$}{\$}{\backslash}ell {\$}{\$}
 810 |                    ℓ . Graphs of isogenies of degree a power of
 811 |                    {\$}{\$}{\backslash}ell {\$}{\$} ℓ are
 812 |                    well-understood for elliptic curves, but not for
 813 |                    higher-dimensional abelian varieties. We study the
 814 |                    case of absolutely simple ordinary abelian varieties
 815 |                    over a finite field. We analyse graphs of so-called
 816 |                    {\$}{\$}{\backslash}mathfrak l{\$}{\$} l -isogenies,
 817 |                    resolving that, in arbitrary dimension, their
 818 |                    structure is similar, but not identical, to the
 819 |                    ``volcanoes'' occurring as graphs of isogenies of
 820 |                    elliptic curves. Specializing to the case of
 821 |                    principally polarizable abelian surfaces, we then
 822 |                    exploit this structure to describe graphs of a
 823 |                    particular class of isogenies known as
 824 |                    {\$}{\$}({\backslash}ell , {\backslash}ell ){\$}{\$}
 825 |                    ( ℓ , ℓ ) -isogenies: those whose kernels are
 826 |                    maximal isotropic subgroups of the
 827 |                    {\$}{\$}{\backslash}ell {\$}{\$} ℓ -torsion for the
 828 |                    Weil pairing. We use these two results to write an
 829 |                    algorithm giving a path of computable isogenies from
 830 |                    an arbitrary absolutely simple ordinary abelian
 831 |                    surface towards one with maximal endomorphism ring,
 832 |                    which has immediate consequences for the CM-method in
 833 |                    genus 2, for computing explicit isogenies, and for
 834 |                    the random self-reducibility of the discrete
 835 |                    logarithm problem in genus 2 cryptography.},
 836 |   doi      = {10.1007/s40993-017-0087-5},
 837 | }
 838 | 
 839 | @Article{BruinierOS16,
 840 |   author  = {Jan Hendrik Bruinier and Ken Ono and Andrew V. Sutherland},
 841 |   title   = {Class polynomials for nonholomorphic modular functions},
 842 |   journal = {Journal of Number Theory},
 843 |   year    = {2016},
 844 |   volume  = {161},
 845 |   pages   = {204--229},
 846 |   issn    = {0022-314X},
 847 |   doi     = {10.1016/j.jnt.2015.07.002},
 848 | }
 849 | 
 850 | @Article{Buchmann1988,
 851 |   author   = {Buchmann, Johannes and Williams, Hugh C.},
 852 |   title    = {A key-exchange system based on imaginary quadratic fields},
 853 |   journal  = {Journal of Cryptology},
 854 |   year     = {1988},
 855 |   volume   = {1},
 856 |   number   = {2},
 857 |   pages    = {107--118},
 858 |   month    = jun,
 859 |   issn     = {1432-1378},
 860 |   abstract = {We describe another key-exchange system which, while
 861 |                    based on the general idea of the well-known scheme of
 862 |                    Diffie and Hellman, seems to be more secure than that
 863 |                    technique. The new system is based on the arithmetic
 864 |                    of an imaginary quadratic field, and makes use,
 865 |                    specifically, of the properties of the class group of
 866 |                    such a field.},
 867 |   doi      = {10.1007/BF02351719},
 868 | }
 869 | 
 870 | @Book{burgisser+clausen-shokrollahi,
 871 |   title        = {Algebraic Complexity Theory},
 872 |   publisher    = {Springer},
 873 |   year         = {1997},
 874 |   author       = {B\"{u}rgisser, Peter and Clausen, Michael and Shokrollahi, M. Amin},
 875 |   month        = feb,
 876 |   isbn         = {3540605827},
 877 |   abstract     = {This is the first book to present an up-to-date and
 878 |                    self-contained account of Algebraic Complexity Theory
 879 |                    that is both comprehensive and unified. Requiring of
 880 |                    the reader only some basic algebra and offering over
 881 |                    350 exercises, it is well-suited as a textbook for
 882 |                    beginners at graduate level. With its extensive
 883 |                    bibliography covering about 500 research papers, this
 884 |                    text is also an ideal reference book for the
 885 |                    professional researcher. The subdivision of the
 886 |                    contents into 21 more or less independent chapters
 887 |                    enables readers to familiarize themselves quickly
 888 |                    with a specific topic, and facilitates the use of
 889 |                    this book as a basis for complementary courses in
 890 |                    other areas such as computer algebra.},
 891 |   howpublished = {Hardcover},
 892 | }
 893 | 
 894 | @InProceedings{canetti,
 895 |   author    = {Canetti, Ran and Krawczyk, Hugo},
 896 |   title     = {Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels},
 897 |   booktitle = {EUROCRYPT},
 898 |   year      = {2001},
 899 |   editor    = {Birgit Pfitzmann},
 900 |   volume    = {2045},
 901 |   series    = {Lecture Notes in Computer Science},
 902 |   pages     = {453--474},
 903 |   publisher = {Springer},
 904 |   isbn      = {3-540-42070-3},
 905 | }
 906 | 
 907 | @InProceedings{canny+kaltofen+yagati89,
 908 |   author    = {Canny, John F. and Kaltofen, Eric and Yagati, Lakshman N.},
 909 |   title     = {Solving systems of nonlinear polynomial equations faster},
 910 |   booktitle = {ISSAC '89: Proceedings of the ACM-SIGSAM 1989 international symposium on Symbolic and algebraic computation},
 911 |   year      = {1989},
 912 |   pages     = {121--128},
 913 |   address   = {New York, NY, USA},
 914 |   publisher = {ACM},
 915 |   abstract  = {Note: {OCR} errors may be found in this Reference
 916 |                    List extracted from the full text article. {ACM} has
 917 |                    opted to expose the complete List rather than only
 918 |                    correct and linked references.},
 919 |   doi       = {10.1145/74540.74556},
 920 |   isbn      = {0-89791-325-6},
 921 | }
 922 | 
 923 | @Article{cantor+kaltofen91,
 924 |   author    = {Cantor, David G. and Kaltofen, Erich},
 925 |   title     = {On fast multiplication of polynomials over arbitrary algebras},
 926 |   journal   = {Acta Informatica},
 927 |   year      = {1991},
 928 |   volume    = {28},
 929 |   number    = {7},
 930 |   pages     = {693--701},
 931 |   month     = jul,
 932 |   issn      = {0001-5903},
 933 |   doi       = {10.1007/BF01178683},
 934 |   publisher = {Springer},
 935 | }
 936 | 
 937 | @Article{cantor1981,
 938 |   author    = {Cantor, David G and Zassenhaus, Hans},
 939 |   title     = {A {N}ew {A}lgorithm for {F}actoring {P}olynomials over {F}inite {F}ields},
 940 |   journal   = {Mathematics of Computation},
 941 |   year      = {1981},
 942 |   pages     = {587--592},
 943 |   publisher = {JSTOR},
 944 | }
 945 | 
 946 | @Article{cantor89,
 947 |   author    = {Cantor, David G.},
 948 |   title     = {On arithmetical algorithms over finite fields},
 949 |   journal   = {Journal of Combinatiorial Theory},
 950 |   year      = {1989},
 951 |   volume    = {50},
 952 |   number    = {2},
 953 |   pages     = {285--300},
 954 |   issn      = {0097-3165},
 955 |   address   = {Orlando, FL, USA},
 956 |   doi       = {10.1016/0097-3165(89)90020-4},
 957 |   publisher = {Academic Press, Inc.},
 958 |   series    = {Series A},
 959 | }
 960 | 
 961 | @Article{castryck+hubrechts13,
 962 |   author    = {Castryck, Wouter and Hubrechts, Hendrik},
 963 |   title     = {The distribution of the number of points modulo an integer on elliptic curves over finite fields},
 964 |   journal   = {The Ramanujan Journal},
 965 |   year      = {2013},
 966 |   volume    = {30},
 967 |   number    = {2},
 968 |   pages     = {223--242},
 969 |   publisher = {Springer},
 970 | }
 971 | 
 972 | @Misc{cervino04,
 973 |   author   = {Cervi\~{n}o, Juan M.},
 974 |   title    = {On the Correspondence between Supersingular Elliptic Curves and maximal quaternionic Orders},
 975 |   month    = apr,
 976 |   year     = {2004},
 977 |   abstract = {We present a deterministic and explicit algorithm to
 978 |                    compute the endomorphism rings of supersingular
 979 |                    elliptic curves. As an example we compute the
 980 |                    endomorphism rings of all supersingular elliptic
 981 |                    curves defined over characteristic p=29,...,97.},
 982 |   url      = {http://arxiv.org/abs/math/0404538},
 983 | }
 984 | 
 985 | @Misc{charlap1991enumeration,
 986 |   author    = {Charlap, Leonard S and Coley, Raymond and Robbins, David P},
 987 |   title     = {Enumeration of rational points on elliptic curves over finite fields},
 988 |   year      = {1991},
 989 |   note      = {Preprint},
 990 |   publisher = {Draft},
 991 | }
 992 | 
 993 | @Article{chung1989diameters,
 994 |   author  = {Chung, Fan R.K.},
 995 |   title   = {Diameters and eigenvalues},
 996 |   journal = {Journal of the American Mathematical Society},
 997 |   year    = {1989},
 998 |   volume  = {2},
 999 |   number  = {2},
1000 |   pages   = {187--196},
1001 | }
1002 | 
1003 | @Article{Ciet2005,
1004 |   author  = {Ciet, Mathieu and Joye, Marc},
1005 |   title   = {Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults},
1006 |   journal = {Designs, Codes and Cryptography},
1007 |   year    = {2005},
1008 |   volume  = {36},
1009 |   number  = {1},
1010 |   pages   = {33--43},
1011 |   month   = jul,
1012 |   issn    = {1573-7586},
1013 |   doi     = {10.1007/s10623-003-1160-8},
1014 | }
1015 | 
1016 | @Article{CL08,
1017 |   author  = {Couveignes, Jean-Marc and Lercier, Reynald},
1018 |   title   = {Galois invariant smoothness basis},
1019 |   journal = {Series on Number Theory and Its Applications},
1020 |   year    = {2008},
1021 |   volume  = {5},
1022 |   pages   = {142--167},
1023 |   month   = may,
1024 |   note    = {World Scientific},
1025 | }
1026 | 
1027 | @Book{Cohen1993,
1028 |   title     = {A Course in Computational Algebraic Number Theory},
1029 |   publisher = {Springer-Verlag New York, Inc.},
1030 |   year      = {1993},
1031 |   author    = {Cohen, Henri},
1032 |   address   = {New York, NY, USA},
1033 |   isbn      = {0-387-55640-0},
1034 | }
1035 | 
1036 | @Book{Conway:ONAG2000,
1037 |   title        = {On Numbers and Games},
1038 |   publisher    = {AK Peters, Ltd.},
1039 |   year         = {2000},
1040 |   author       = {Conway, John H.},
1041 |   edition      = {2nd edition},
1042 |   month        = dec,
1043 |   isbn         = {1568811276},
1044 |   abstract     = {{ONAG, as the book is known, is one of those rare
1045 |                    publications that sprang to life in a moment of
1046 |                    creative energy and has remained influential for over
1047 |                    a quarter of a century. Still in high demand, it is
1048 |                    being republished with some adjustments and
1049 |                    corrections. The original motivation for writing the
1050 |                    book was an attempt to understand the relation
1051 |                    between the theories of transfinite numbers and
1052 |                    mathematical games. By defining numbers as the
1053 |                    strengths of positions in certain games, the author
1054 |                    arrives at a new class, the surreal numbers (so named
1055 |                    by Donald Knuth) that includes at the same time the
1056 |                    real numbers and the ordinal numbers. <P>This new
1057 |                    edition ends with an epilogue that sets the stage for
1058 |                    further research on surreal numbers. The book is a
1059 |                    must-have for all readers with a serious interest in
1060 |                    the mathematical foundations of game strategies.}},
1061 |   howpublished = {Hardcover},
1062 | }
1063 | 
1064 | @Article{coppersmith+winograd,
1065 |   author    = {Coppersmith, Don and Winograd, Shmuel},
1066 |   title     = {Matrix multiplication via arithmetic progressions},
1067 |   journal   = {Journal of Symbolic Computation},
1068 |   year      = {1990},
1069 |   volume    = {9},
1070 |   number    = {3},
1071 |   pages     = {251--280},
1072 |   issn      = {07477171},
1073 |   abstract  = {We present a new method for accelerating matrix
1074 |                    multiplication asymptotically. Thiswork builds on
1075 |                    recent ideas of Volker Strassen, by using a basic
1076 |                    trilinear form which is not a matrix product. We make
1077 |                    novel use of the {Salem-Spencer} Theorem, which gives
1078 |                    a fairly dense set of integers with no three-term
1079 |                    arithmetic progression. Our resulting matrix exponent
1080 |                    is 2.376.},
1081 |   address   = {Duluth, MN, USA},
1082 |   doi       = {10.1016/S0747-7171(08)80013-2},
1083 |   publisher = {Academic Press, Inc.},
1084 | }
1085 | 
1086 | @Article{cosset2015computing,
1087 |   author  = {Cosset, Romain and Robert, Damien},
1088 |   title   = {Computing $(\ell, \ell)$-isogenies in polynomial time on Jacobians of genus 2 curves},
1089 |   journal = {Mathematics of Computation},
1090 |   year    = {2015},
1091 |   volume  = {84},
1092 |   number  = {294},
1093 |   pages   = {1953--1975},
1094 | }
1095 | 
1096 | @Article{CostelloSmith2017,
1097 |   author    = {Costello, Craig and Smith, Benjamin},
1098 |   title     = {Montgomery curves and their arithmetic},
1099 |   journal   = {Journal of Cryptographic Engineering},
1100 |   year      = {2017},
1101 |   doi       = {10.1007/s13389-017-0157-6},
1102 |   publisher = {Springer},
1103 |   series    = {Special issue on Montgomery arithmetic},
1104 |   url       = {https://hal.inria.fr/hal-01483768},
1105 | }
1106 | 
1107 | @Article{couveignes+lercier11,
1108 |   author    = {Couveignes, Jean-Marc and Lercier, Reynald},
1109 |   title     = {Fast construction of irreducible polynomials over finite fields},
1110 |   journal   = {Israel Journal of Mathematics},
1111 |   year      = {2013},
1112 |   volume    = {194},
1113 |   number    = {1},
1114 |   pages     = {77--105},
1115 |   publisher = {Springer},
1116 | }
1117 | 
1118 | @InProceedings{couveignes+morain94,
1119 |   author    = {Couveignes, Jean-Marc and Morain, François},
1120 |   title     = {Schoof's algorithm and isogeny cycles},
1121 |   booktitle = {ANTS-I: Proceedings of the First International Symposium on Algorithmic Number Theory},
1122 |   year      = {1994},
1123 |   volume    = {877},
1124 |   series    = {Lecture Notes in Computer Science},
1125 |   pages     = {43--58},
1126 |   address   = {London, UK},
1127 |   publisher = {Springer},
1128 |   isbn      = {3-540-58691-1},
1129 | }
1130 | 
1131 | @Article{couveignes00,
1132 |   author    = {Couveignes, Jean-Marc},
1133 |   title     = {Isomorphisms between {A}rtin-{S}chreier towers},
1134 |   journal   = {Mathematics of Computation},
1135 |   year      = {2000},
1136 |   volume    = {69},
1137 |   number    = {232},
1138 |   pages     = {1625--1631},
1139 |   issn      = {0025-5718},
1140 |   address   = {Boston, MA, USA},
1141 |   doi       = {10.1090/S0025-5718-00-01193-5},
1142 |   publisher = {American Mathematical Society},
1143 | }
1144 | 
1145 | @PhdThesis{couveignes94,
1146 |   author = {Couveignes, Jean-Marc},
1147 |   title  = {{Quelques calculs en th{\'{e}}orie des nombres}},
1148 |   school = {Universit\'{e} de Bordeaux},
1149 |   year   = {1994},
1150 | }
1151 | 
1152 | @InProceedings{couveignes96,
1153 |   author    = {Couveignes, Jean-Marc},
1154 |   title     = {Computing $\ell$-isogenies using the $p$-Torsion},
1155 |   booktitle = {ANTS-II: Proceedings of the Second International Symposium on Algorithmic Number Theory},
1156 |   year      = {1996},
1157 |   pages     = {59--65},
1158 |   address   = {London, UK},
1159 |   publisher = {Springer-Verlag},
1160 |   isbn      = {3-540-61581-4},
1161 | }
1162 | 
1163 | @Book{Cox-Little-OShea:UAG2005,
1164 |   title        = {Using Algebraic Geometry},
1165 |   publisher    = {Springer-Verlag},
1166 |   year         = {2005},
1167 |   author       = {Cox, David A. and Little, John and O'Shea, Donal},
1168 |   isbn         = {0387207066},
1169 |   abstract     = {In recent years, the discovery of new algorithms for
1170 |                    dealing with polynomial equations, coupled with their
1171 |                    implementation on fast inexpensive computers, has
1172 |                    sparked a minor revolution in the study and practice
1173 |                    of algebraic geometry. These algorithmic methods have
1174 |                    also given rise to some exciting new applications of
1175 |                    algebraic geometry. This book illustrates the many
1176 |                    uses of algebraic geometry, highlighting some of the
1177 |                    more recent applications of Gr\"{o}bner bases and
1178 |                    resultants. In order to do this, the authors provide
1179 |                    an introduction to some algebraic objects and
1180 |                    techniques which are more advanced than one typically
1181 |                    encounters in a first course, but nonetheless of
1182 |                    great utility. The book is written for nonspecialists
1183 |                    and for readers with a diverse range of backgrounds.
1184 |                    It assumes knowledge of the material covered in a
1185 |                    standard undergraduate course in abstract algebra,
1186 |                    and it would help to have some previous exposure to
1187 |                    Gr\"{o}bner bases. The book does not assume the
1188 |                    reader is familiar with more advanced concepts such
1189 |                    as modules. For this new edition the authors added
1190 |                    two new sections and a new chapter, updated the
1191 |                    references and made numerous minor improvements
1192 |                    throughout the text.},
1193 |   howpublished = {Hardcover},
1194 | }
1195 | 
1196 | @Misc{cryptoeprint:1999:007,
1197 |   author       = {Abdalla, Michel and Bellare, Mihir and Rogaway, Phillip},
1198 |   title        = {{DHAES}: An Encryption Scheme Based on the {D}iffie--{H}ellman Problem},
1199 |   howpublished = {Cryptology ePrint Archive, Report 1999/007},
1200 |   year         = {1999},
1201 |   url          = {https://eprint.iacr.org/1999/007},
1202 | }
1203 | 
1204 | @Proceedings{DBLP:conf/ants/2006,
1205 |   title     = {Algorithmic Number Theory, 7th International Symposium, ANTS-VII, Berlin, Germany, July 23-28, 2006, Proceedings},
1206 |   year      = {2006},
1207 |   editor    = {Florian Hess and Sebastian Pauli and Michael E. Pohst},
1208 |   volume    = {4076},
1209 |   series    = {Lecture Notes in Computer Science},
1210 |   publisher = {Springer},
1211 |   isbn      = {3-540-36075-1},
1212 |   biburl    = {http://dblp.uni-trier.de/rec/bib/conf/ants/2006},
1213 | }
1214 | 
1215 | @Proceedings{DBLP:conf/eurocrypt/2001,
1216 |   title     = {Advances in Cryptology - EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, May 6-10, 2001, Proceeding},
1217 |   year      = {2001},
1218 |   editor    = {Birgit Pfitzmann},
1219 |   volume    = {2045},
1220 |   series    = {Lecture Notes in Computer Science},
1221 |   publisher = {Springer},
1222 |   isbn      = {3-540-42070-3},
1223 |   booktitle = {EUROCRYPT},
1224 | }
1225 | 
1226 | @Proceedings{DBLP:conf/pkc/2000,
1227 |   title     = {Public Key Cryptography, Third International Workshop on Practice and Theory in Public Key Cryptography, {PKC} 2000, Melbourne, Victoria, Australia, January 18-20, 2000, Proceedings},
1228 |   year      = {2000},
1229 |   editor    = {Hideki Imai and Yuliang Zheng},
1230 |   volume    = {1751},
1231 |   series    = {Lecture Notes in Computer Science},
1232 |   publisher = {Springer},
1233 |   isbn      = {3-540-66967-1},
1234 |   biburl    = {http://dblp.uni-trier.de/rec/bib/conf/pkc/2000},
1235 | }
1236 | 
1237 | @Proceedings{DBLP:conf/pqcrypto/2011,
1238 |   title     = {Post-Quantum Cryptography - 4th International Workshop, PQCrypto 2011, Taipei, Taiwan, November 29 - December 2, 2011. Proceedings},
1239 |   year      = {2011},
1240 |   editor    = {Bo-Yin Yang},
1241 |   volume    = {7071},
1242 |   series    = {Lecture Notes in Computer Science},
1243 |   publisher = {Springer},
1244 |   isbn      = {978-3-642-25404-8},
1245 |   booktitle = {PQCrypto},
1246 | }
1247 | 
1248 | @InProceedings{DeDoSc13,
1249 |   author    = {De Feo, Luca and Doliskani, Javad and Schost, \'{E}ric},
1250 |   title     = {Fast Algorithms for $\ell$-adic Towers over Finite Fields},
1251 |   booktitle = {Proceedings of the 38th International Symposium on Symbolic and Algebraic Computation},
1252 |   year      = {2013},
1253 |   series    = {ISSAC '13},
1254 |   pages     = {165--172},
1255 |   address   = {New York, NY, USA},
1256 |   publisher = {ACM},
1257 |   doi       = {10.1145/2465506.2465956},
1258 |   isbn      = {978-1-4503-2059-7},
1259 | }
1260 | 
1261 | @InProceedings{DeDoSc2014,
1262 |   author    = {De Feo, Luca and Doliskani, Javad and Schost, \'{E}ric},
1263 |   title     = {Fast Arithmetic for the Algebraic Closure of Finite Fields},
1264 |   booktitle = {Proceedings of the 39th International Symposium on Symbolic and Algebraic Computation},
1265 |   year      = {2014},
1266 |   series    = {ISSAC '14},
1267 |   pages     = {122--129},
1268 |   address   = {New York, NY, USA},
1269 |   publisher = {ACM},
1270 |   doi       = {10.1145/2608628.2608672},
1271 |   isbn      = {978-1-4503-2501-1},
1272 | }
1273 | 
1274 | @Article{defeo2016explicit,
1275 |   author    = {De Feo, Luca and Hugounenq, Cyril and Pl{\^u}t, J{\'e}r{\^o}me and Schost, {\'E}ric},
1276 |   title     = {Explicit isogenies in quadratic time in any characteristic},
1277 |   journal   = {LMS Journal of Computation and Mathematics},
1278 |   year      = {2016},
1279 |   volume    = {19},
1280 |   number    = {A},
1281 |   pages     = {267--282},
1282 |   doi       = {10.1112/S146115701600036X},
1283 |   publisher = {London Mathematical Society},
1284 | }
1285 | 
1286 | @Article{deuring41,
1287 |   author    = {Deuring, Max},
1288 |   title     = {Die {T}ypen der {M}ultiplikatorenringe elliptischer {F}unktionenk\"{o}rper},
1289 |   journal   = {Abhandlungen aus dem Mathematischen Seminar der Universit\"{a}t Hamburg},
1290 |   year      = {1941},
1291 |   volume    = {14},
1292 |   number    = {1},
1293 |   pages     = {197--272},
1294 |   month     = dec,
1295 |   issn      = {0025-5858},
1296 |   doi       = {10.1007/BF02940746},
1297 |   publisher = {Springer Berlin / Heidelberg},
1298 | }
1299 | 
1300 | @InProceedings{df+schost09,
1301 |   author    = {De Feo, Luca and Schost, \'{E}ric},
1302 |   title     = {Fast arithmetics in {A}rtin-{S}chreier towers over finite fields},
1303 |   booktitle = {ISSAC '09: Proceedings of the 2009 international symposium on Symbolic and algebraic computation},
1304 |   year      = {2009},
1305 |   pages     = {127--134},
1306 |   address   = {New York, NY, USA},
1307 |   publisher = {ACM},
1308 |   abstract  = {An {Artin-Schreier} tower over the finite field F p
1309 |                    is a tower of field extensions generated by
1310 |                    polynomials of the form X p - X -α. Following Cantor
1311 |                    and Couveignes, we give algorithms with quasi-linear
1312 |                    time complexity for arithmetic operations in such
1313 |                    towers. As an application, we present an
1314 |                    implementation of Couveignes' algorithm for computing
1315 |                    isogenies between elliptic curves using the p
1316 |                    -torsion.},
1317 |   doi       = {10.1145/1576702.1576722},
1318 |   isbn      = {978-1-60558-609-0},
1319 | }
1320 | 
1321 | @Article{df+schost12,
1322 |   author   = {De Feo, Luca and Schost, {\'E}ric},
1323 |   title    = {Fast arithmetics in {A}rtin-{S}chreier towers over finite fields},
1324 |   journal  = {Journal of Symbolic Computation},
1325 |   year     = {2012},
1326 |   volume   = {47},
1327 |   number   = {7},
1328 |   pages    = {771--792},
1329 |   issn     = {07477171},
1330 |   abstract = {An {Artin-Schreier} tower over the finite field Fp is
1331 |                    a tower of field extensions generated by polynomials
1332 |                    of the form {Xp−X}−α. Following Cantor and
1333 |                    Couveignes, we give algorithms with quasi-linear time
1334 |                    complexity for arithmetic operations in such towers.
1335 |                    As an application, we present an implementation of
1336 |                    Couveignes' algorithm for computing isogenies between
1337 |                    elliptic curves using the p-torsion.},
1338 |   doi      = {10.1016/j.jsc.2011.12.008},
1339 | }
1340 | 
1341 | @PhdThesis{df+thesis,
1342 |   author   = {De Feo, Luca},
1343 |   title    = {{A}lgorithmes {R}apides pour les {T}ours de {C}orps {F}inis et les {I}sog{\'{e}}nies},
1344 |   school   = {Ecole Polytechnique X},
1345 |   year     = {2010},
1346 |   month    = dec,
1347 |   abstract = {{D}ans cette th{\`{e}}se nous appliquons des
1348 |                    techniques provenant du calcul formel et de la
1349 |                    th{\'{e}}orie des langages afin d'am{\'{e}}liorer
1350 |                    les op{\'{e}}rations {\'{e}}l{\'{e}}mentaires dans
1351 |                    certaines tours de corps finis. {N}ous appliquons
1352 |                    notre construction au probl{\`{e}}me du calcul
1353 |                    d'isog{\'{e}}nies entre courbes elliptiques et
1354 |                    obtenons une variante plus rapide ({\`{a}} la fois en
1355 |                    th{\'{e}}orie et en pratique) de l'algorithme de
1356 |                    {C}ouveignes. {L}e document est divis{\'{e}} en
1357 |                    quatre parties. {D}ans la partie {I} nous faisons des
1358 |                    rappels d'alg{\`{e}}bre et de th{\'{e}}orie de la
1359 |                    complexit{\'{e}}. {L}a partie {II} traite du principe
1360 |                    de transposition : nous g{\'{e}}n{\'{e}}ralisons des
1361 |                    id{\'{e}}es de {B}ostan, {S}chost et {L}ecerf et nous
1362 |                    montrons qu'il est possible de transposer
1363 |                    automatiquement des programmes sans pertes en
1364 |                    complexit{\'{e}}-temps et avec une petite perte en
1365 |                    complexit{\'{e}}-espace. {L}a partie {III} combine
1366 |                    les r{\'{e}}sultats sur le principe de transposition
1367 |                    avec des techniques classiques en th{\'{e}}orie de
1368 |                    l'{\'{e}}limination ; nous appliquons ces id{\'{e}}es
1369 |                    pour obtenir des algorithmes asymptotiquement
1370 |                    optimaux pour l'arithm{\'{e}}tique des tours
1371 |                    d'{A}rtin-{S}chreier de corps finis. {N}ous
1372 |                    d{\'{e}}crivons aussi une implantation de ces
1373 |                    algorithmes. {E}nfin, dans la partie {IV} nous
1374 |                    utilisons les r{\'{e}}sultats pr{\'{e}}c{\'{e}}dents
1375 |                    afin d'acc{\'{e}}l{\'{e}}rer l'algorithme de
1376 |                    {C}ouveignes et de comparer le r{\'{e}}sultat avec
1377 |                    les autres algorithmes pour le calcul
1378 |                    d'isog{\'{e}}nies qui font l'{\'{e}}tat de l'art.
1379 |                    {N}ous pr{\'{e}}sentons aussi une nouvelle
1380 |                    g{\'{e}}n{\'{e}}ralisation de l'algorithme de
1381 |                    {C}ouveignes qui calcule des isog{\'{e}}nies de
1382 |                    degr{\'{e}} inconnu.},
1383 |   url      = {http://tel.archives-ouvertes.fr/tel-00547034/en/},
1384 | }
1385 | 
1386 | @Article{df10,
1387 |   author   = {De Feo, Luca},
1388 |   title    = {Fast algorithms for computing isogenies between ordinary elliptic curves in small characteristic},
1389 |   journal  = {Journal of Number Theory},
1390 |   year     = {2011},
1391 |   volume   = {131},
1392 |   number   = {5},
1393 |   pages    = {873--893},
1394 |   month    = may,
1395 |   issn     = {0022-314X},
1396 |   abstract = {The problem of computing an explicit isogeny between
1397 |                    two given elliptic curves over , originally motivated
1398 |                    by point counting, has recently awaken new interest
1399 |                    in the cryptology community thanks to the works of
1400 |                    Teske and Rostovtsev \& Stolbunov. While the large
1401 |                    characteristic case is well understood, only
1402 |                    suboptimal algorithms are known in small
1403 |                    characteristic; they are due to Couveignes, Lercier,
1404 |                    Lercier \& Joux and Lercier \& Sirvent. In this paper
1405 |                    we discuss the differences between them and run some
1406 |                    comparative experiments. We also present the first
1407 |                    complete implementation of Couveignes' second
1408 |                    algorithm and present improvements that make it the
1409 |                    algorithm having the best asymptotic complexity in
1410 |                    the degree of the isogeny.},
1411 |   doi      = {10.1016/j.jnt.2010.07.003},
1412 | }
1413 | 
1414 | @Article{doi:10.1137/S0097539702403773,
1415 |   author  = {Ronald Cramer and Victor Shoup},
1416 |   title   = {Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack},
1417 |   journal = {SIAM Journal on Computing},
1418 |   year    = {2003},
1419 |   volume  = {33},
1420 |   number  = {1},
1421 |   pages   = {167--226},
1422 |   doi     = {10.1137/S0097539702403773},
1423 | }
1424 | 
1425 | @Article{doliskanischost2011,
1426 |   author  = {Doliskani, Javad and Schost, {\'E}ric},
1427 |   title   = {Taking roots over high extensions of finite fields},
1428 |   journal = {Mathematics of Computation},
1429 |   year    = {2014},
1430 |   volume  = {83},
1431 |   number  = {285},
1432 |   pages   = {435--446},
1433 | }
1434 | 
1435 | @Article{DoSc12,
1436 |   author  = {Doliskani, Javad and Schost, \'Eric},
1437 |   title   = {Computing in degree $2^k$-extensions of finite fields of odd characteristic},
1438 |   journal = {Designs, Codes and Cryptography},
1439 |   year    = {2015},
1440 |   volume  = {74},
1441 |   number  = {3},
1442 |   pages   = {559--569},
1443 | }
1444 | 
1445 | @Book{DSV,
1446 |   title     = {Elementary number theory, group theory, and {R}amanujan graphs},
1447 |   publisher = {Cambridge University Press},
1448 |   year      = {2003},
1449 |   author    = {Davidoff, Giuliana and Sarnak, Peter and Valette, Alain},
1450 |   volume    = {55},
1451 |   series    = {London Mathematical Society Student Texts},
1452 |   address   = {Cambridge},
1453 |   doi       = {10.1017/CBO9780511615825},
1454 | }
1455 | 
1456 | @PhdThesis{dupont2006moyenne,
1457 |   author      = {Dupont, R{\'e}gis},
1458 |   title       = {Moyenne arithm{\'e}tico-g{\'e}om{\'e}trique, suites de {B}orchardt et applications},
1459 |   year        = {2006},
1460 |   institution = {École Polytechnique},
1461 |   journal     = {{\'E}cole polytechnique, Palaiseau},
1462 | }
1463 | 
1464 | @Electronic{Echidna,
1465 |   author = {David R. Kohel},
1466 |   year   = {2018},
1467 |   title  = {Echidna databases},
1468 |   url    = {http://iml.univ-mrs.fr/~kohel/dbs/},
1469 | }
1470 | 
1471 | @InProceedings{ECM20,
1472 |   author    = {Paul Zimmermann and Bruce Dodson},
1473 |   title     = {20 Years of {ECM}},
1474 |   booktitle = {Algorithmic Number Theory, 7th International Symposium, ANTS-VII, Berlin, Germany, July 23-28, 2006, Proceedings},
1475 |   year      = {2006},
1476 |   editor    = {Florian Hess and Sebastian Pauli and Michael E. Pohst},
1477 |   volume    = {4076},
1478 |   series    = {Lecture Notes in Computer Science},
1479 |   pages     = {525--542},
1480 |   publisher = {Springer},
1481 |   biburl    = {http://dblp.uni-trier.de/rec/bib/conf/ants/ZimmermannD06},
1482 |   doi       = {10.1007/11792086\_37},
1483 |   isbn      = {3-540-36075-1},
1484 | }
1485 | 
1486 | @Misc{efd,
1487 |   author = {Bernstein, Daniel J. and Lange, Tanja},
1488 |   title  = {{Explicit-Formulas Database}},
1489 |   year   = {2007},
1490 |   url    = {http://www.hyperelliptic.org/EFD/index.html},
1491 | }
1492 | 
1493 | @Article{elgamal,
1494 |   author    = {ElGamal, Taher},
1495 |   title     = {A public key cryptosystem and a signature scheme based on discrete logarithms},
1496 |   journal   = {IEEE transactions on information theory},
1497 |   year      = {1985},
1498 |   volume    = {31},
1499 |   number    = {4},
1500 |   pages     = {469--472},
1501 |   publisher = {Institute of Electrical and Electronics Engineers},
1502 | }
1503 | 
1504 | @Unpublished{elkies92,
1505 |   author       = {Elkies, Noam D.},
1506 |   title        = {Explicit isogenies},
1507 |   year         = {1992},
1508 |   howpublished = {Manuscript, Boston MA},
1509 | }
1510 | 
1511 | @InProceedings{elkies98,
1512 |   author    = {Elkies, Noam D.},
1513 |   title     = {Elliptic and modular curves over finite fields and related computational issues},
1514 |   booktitle = {Computational perspectives on number theory (Chicago, IL, 1995)},
1515 |   year      = {1998},
1516 |   volume    = {7},
1517 |   series    = {Studies in Advanced Mathematics},
1518 |   pages     = {21--76},
1519 |   address   = {Providence, RI},
1520 |   publisher = {AMS International Press},
1521 |   url       = {http://www.ams.org/mathscinet-getitem?mr=1486831},
1522 | }
1523 | 
1524 | @InProceedings{enge+morain03,
1525 |   author    = {Enge, Andreas and Morain, Fran\c{c}ois},
1526 |   title     = {Fast decomposition of polynomials with known Galois group},
1527 |   booktitle = {AAECC'03: Proceedings of the 15th international conference on Applied algebra, algebraic algorithms and error-correcting codes},
1528 |   year      = {2003},
1529 |   pages     = {254--264},
1530 |   address   = {Berlin, Heidelberg},
1531 |   publisher = {Springer-Verlag},
1532 |   abstract  = {Let {f(X}) be a separable polynomial with
1533 |                    coefficients in a field K , generating a field
1534 |                    extension {M/K} . If this extension is Galois with a
1535 |                    solvable automorphism group, then the equation {f(X})
1536 |                    = 0 can be solved by radicals. The first step of the
1537 |                    solution consists of splitting the extension {M/K}
1538 |                    into intermediate fields. Such computations are
1539 |                    classical, and we explain how fast polynomial
1540 |                    arithmetic can be used to speed up the process.
1541 |                    Moreover, we extend the algorithms to a more general
1542 |                    case of extensions that are no longer Galois.
1543 |                    Numerical examples are provided, including results
1544 |                    obtained with our implementation for Hilbert class
1545 |                    fields of imaginary quadratic fields.},
1546 |   isbn      = {3-540-40111-3},
1547 | }
1548 | 
1549 | @Article{enge09,
1550 |   author  = {Enge, Andreas},
1551 |   title   = {Computing modular polynomials in quasi-linear time},
1552 |   journal = {Mathematics of Computation},
1553 |   year    = {2009},
1554 |   volume  = {78},
1555 |   number  = {267},
1556 |   pages   = {1809--1824},
1557 | }
1558 | 
1559 | @Article{feige+fiat+shamir88,
1560 |   author    = {Feige, Uriel and Fiat, Amos and Shamir, Adi},
1561 |   title     = {Zero-knowledge proofs of identity},
1562 |   journal   = {Journal of Cryptology},
1563 |   year      = {1988},
1564 |   volume    = {1},
1565 |   number    = {2},
1566 |   pages     = {77--94},
1567 |   month     = jun,
1568 |   issn      = {0933-2790},
1569 |   abstract  = {In this paper we extend the notion of interactive
1570 |                    proofs of assertions to interactive proofs of
1571 |                    knowledge. This leads to the definition of
1572 |                    unrestricted input zero-knowledge proofs of knowledge
1573 |                    in which the prover demonstrates possession of
1574 |                    knowledge without revealing any computational
1575 |                    information whatsoever (not even the one bit revealed
1576 |                    in zero-knowledge proofs of assertions). We show the
1577 |                    relevance of these notions to identification schemes,
1578 |                    in which parties prove their identity by
1579 |                    demonstrating their knowledge rather than by proving
1580 |                    the validity of assertions. We describe a novel
1581 |                    scheme which is provably secure if factoring is
1582 |                    difficult and whose practical implementations are
1583 |                    about two orders of magnitude faster than RSA-based
1584 |                    identification schemes. The advantages of thinking in
1585 |                    terms of proofs of knowledge rather than proofs of
1586 |                    assertions are demonstrated in two efficient variants
1587 |                    of the scheme: unrestricted input zero-knowledge
1588 |                    proofs of knowledge are used in the construction of a
1589 |                    scheme which needs no directory; a version of the
1590 |                    scheme based on parallel interactive proofs (which
1591 |                    are not known to be zero knowledge) is proved secure
1592 |                    by observing that the identification protocols are
1593 |                    proofs of knowledge.},
1594 |   doi       = {10.1007/BF02351717},
1595 |   publisher = {Springer New York},
1596 | }
1597 | 
1598 | @Article{feisel1999normal,
1599 |   author    = {Feisel, Sandra and von zur Gathen, Joachim and Shokrollahi, M. Amin},
1600 |   title     = {Normal bases via general Gauss periods},
1601 |   journal   = {Mathematics of Computation},
1602 |   year      = {1999},
1603 |   volume    = {68},
1604 |   number    = {225},
1605 |   pages     = {271--290},
1606 |   publisher = {American Mathematical Society},
1607 | }
1608 | 
1609 | @Article{ffisom-long,
1610 |   author  = {Brieulle, Ludovic and De Feo, Luca and Doliskani, Javad and Flori, Jean-Pierre and Schost, {\'E}ric},
1611 |   title   = {Computing isomorphisms and embeddings of finite fields (extended version)},
1612 |   journal = {arXiv preprint arXiv:1705.01221},
1613 |   year    = {2017},
1614 |   url     = {https://arxiv.org/abs/1705.01221},
1615 | }
1616 | 
1617 | @InProceedings{Fieker:2017:NCA:3087604.3087611,
1618 |   author    = {Fieker, Claus and Hart, William and Hofmann, Tommy and Johansson, Fredrik},
1619 |   title     = {{Nemo/Hecke}: Computer Algebra and Number Theory Packages for the {Julia} Programming Language},
1620 |   booktitle = {Proceedings of the 2017 ACM on International Symposium on Symbolic and Algebraic Computation},
1621 |   year      = {2017},
1622 |   series    = {ISSAC '17},
1623 |   pages     = {157--164},
1624 |   address   = {New York, NY, USA},
1625 |   publisher = {ACM},
1626 |   doi       = {10.1145/3087604.3087611},
1627 |   isbn      = {978-1-4503-5064-8},
1628 |   url       = {http://nemocas.org/},
1629 | }
1630 | 
1631 | @Manual{flint,
1632 |   title     = {{FLINT}: {F}ast {L}ibrary for {N}umber {T}heory},
1633 |   author    = {Hart, William and Johansson, Fredrik and Pancratz, Sebastian},
1634 |   year      = {2013},
1635 |   note      = {Version 2.4.0},
1636 |   shorthand = {Flint},
1637 |   url       = {http://flintlib.org},
1638 | }
1639 | 
1640 | @InProceedings{fouquet+morain02,
1641 |   author    = {Fouquet, Mireille and Morain, Fran\c{c}ois},
1642 |   title     = {Isogeny Volcanoes and the {SEA} Algorithm},
1643 |   booktitle = {Algorithmic Number Theory Symposium},
1644 |   year      = {2002},
1645 |   editor    = {Fieker, Claus and Kohel, David R.},
1646 |   volume    = {2369},
1647 |   series    = {Lecture Notes in Computer Science},
1648 |   pages     = {47--62},
1649 |   address   = {Berlin, Heidelberg},
1650 |   publisher = {Springer Berlin / Heidelberg},
1651 |   abstract  = {Recently, Kohel gave algorithms to compute the
1652 |                    conductor of the endomorphism ring of an ordinary
1653 |                    elliptic curve, given the cardinality of the curve.
1654 |                    Using his work, we give a complete description of the
1655 |                    structure of curves related via rational ℓ-degree
1656 |                    isogenies, a structure we call a volcano. We explain
1657 |                    how we can travel through this structure using
1658 |                    modular polynomials. The computation of the structure
1659 |                    is possible without knowing the cardinality of the
1660 |                    curve, and that as a result, we deduce information on
1661 |                    the cardinality.},
1662 |   chapter   = {23},
1663 |   doi       = {10.1007/3-540-45455-1_23},
1664 |   isbn      = {978-3-540-43863-2},
1665 | }
1666 | 
1667 | @Book{galbraith2012mathematics,
1668 |   title     = {Mathematics of public key cryptography},
1669 |   publisher = {Cambridge University Press},
1670 |   year      = {2012},
1671 |   author    = {Galbraith, Steven D.},
1672 |   note      = {\url{https://www.math.auckland.ac.nz/~sgal018/crypto-book/crypto-book.html}},
1673 | }
1674 | 
1675 | @InProceedings{gallant+lambert+vanstone01,
1676 |   author    = {Gallant, Robert P. and Lambert, Robert J. and Vanstone, Scott A.},
1677 |   title     = {Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms},
1678 |   booktitle = {CRYPTO '01: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology},
1679 |   year      = {2001},
1680 |   pages     = {190--200},
1681 |   address   = {London, UK},
1682 |   publisher = {Springer-Verlag},
1683 |   abstract  = {The fundamental operation in elliptic curve
1684 |                    cryptographic schemes is that of point multiplication
1685 |                    of an elliptic curve point by an integer. This paper
1686 |                    describes a new method for accelerating this
1687 |                    operation on classes of elliptic curves that have
1688 |                    efficiently-computable endomorphisms. One advantage
1689 |                    of the new method is that it is applicable to a
1690 |                    larger class of curves than previous such methods.},
1691 |   isbn      = {3-540-42456-3},
1692 |   url       = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.32.2004},
1693 | }
1694 | 
1695 | @Manual{GAP4,
1696 |   title        = {{GAP -- Groups, Algorithms, and Programming, Version 4.9.2}},
1697 |   organization = {The GAP~Group},
1698 |   year         = {2018},
1699 |   key          = {GAP},
1700 |   shorthand    = {GAP},
1701 |   url          = {https://www.gap-system.org},
1702 | }
1703 | 
1704 | @PhdThesis{gaudry2000algorithmique,
1705 |   author      = {Gaudry, Pierrick},
1706 |   title       = {Algorithmique des courbes hyperelliptiques et applications {\`a} la cryptologie},
1707 |   school      = {Ecole Polytechnique},
1708 |   year        = {2000},
1709 |   institution = {École Polytechnique},
1710 |   url         = {https://hal-polytechnique.archives-ouvertes.fr/tel-00514848/},
1711 | }
1712 | 
1713 | @Book{gauss1986disquisitiones,
1714 |   title     = {Disquisitiones Arithmeticae},
1715 |   publisher = {Springer-Verlag},
1716 |   year      = {1986},
1717 |   author    = {Gauss, Carl Friedrich},
1718 |   editor    = {Waterhouse, William C.},
1719 |   isbn      = {9783540962540},
1720 |   url       = {https://books.google.fr/books?id=Y-49PgAACAAJ},
1721 | }
1722 | 
1723 | @Article{giusti+lecerf+salvy01,
1724 |   author    = {Giusti, Marc and Lecerf, Gr\'{e}goire and Salvy, Bruno},
1725 |   title     = {A {G}r\"{o}bner free alternative for polynomial system solving},
1726 |   journal   = {Journal of Complexity},
1727 |   year      = {2001},
1728 |   volume    = {17},
1729 |   number    = {1},
1730 |   pages     = {154--211},
1731 |   month     = mar,
1732 |   issn      = {0885-064X},
1733 |   abstract  = {Given a system of polynomial equations and
1734 |                    inequations with coefficients in the field of
1735 |                    rational numbers, we show how to compute a geometric
1736 |                    resolution of the set of common roots of the system
1737 |                    over the field of complex numbers. A geometric
1738 |                    resolution consists of a primitive element of the
1739 |                    algebraic extension defined by the set of roots, its
1740 |                    minimal polynomial, and the parametrizations of the
1741 |                    coordinates. Such a representation of the solutions
1742 |                    has a long history which goes back to Leopold
1743 |                    Kronecker and has been revisited many times in
1744 |                    computer algebra. We introduce a new generation of
1745 |                    probabilistic algorithms where all the computations
1746 |                    use only univariate or bivariate polynomials. We give
1747 |                    a new codification of the set of solutions of a
1748 |                    positive dimensional algebraic variety relying on a
1749 |                    new global version of Newton's iterator. Roughly
1750 |                    speaking the complexity of our algorithm is
1751 |                    polynomial in some kind of degree of the system, in
1752 |                    its height, and linear in the complexity of
1753 |                    evaluation of the system. We present our
1754 |                    implementation in the Magma system which is called
1755 |                    Kronecker in homage to his method for solving systems
1756 |                    of polynomial equations. We show that the theoretical
1757 |                    complexity of our algorithm is well reflected in
1758 |                    practice and we exhibit some cases for which our
1759 |                    program is more efficient than the other available
1760 |                    software.},
1761 |   address   = {Orlando, FL, USA},
1762 |   doi       = {10.1006/jcom.2000.0571},
1763 |   publisher = {Academic Press, Inc.},
1764 | }
1765 | 
1766 | @Manual{givaro,
1767 |   title        = {Givaro -- {C++} library for arithmetic and algebraic computations},
1768 |   organization = {{The LinBox Team}},
1769 |   key          = {Givaro},
1770 |   shorthand    = {Giv},
1771 |   url          = {https://github.com/linbox-team/givaro},
1772 | }
1773 | 
1774 | @Misc{GMP-ECM,
1775 |   author = {Paul Zimmermann and others},
1776 |   title  = {{GMP-ECM} software},
1777 |   year   = {2018},
1778 |   url    = {http://ecm.gforge.inria.fr/},
1779 | }
1780 | 
1781 | @Article{goldreich+micali+widgerson91,
1782 |   author    = {Goldreich, Oded and Micali, Silvio and Wigderson, Avi},
1783 |   title     = {Proofs that yield nothing but their validity or all languages in {NP} have zero-knowledge proof systems},
1784 |   journal   = {Journal of the Association for Computing Machinery},
1785 |   year      = {1991},
1786 |   volume    = {38},
1787 |   number    = {3},
1788 |   pages     = {690--728},
1789 |   month     = jul,
1790 |   issn      = {0004-5411},
1791 |   abstract  = {An abstract is not available.},
1792 |   address   = {New York, NY, USA},
1793 |   doi       = {10.1145/116825.116852},
1794 |   publisher = {ACM},
1795 | }
1796 | 
1797 | @InBook{Goldreich2011,
1798 |   pages     = {451--464},
1799 |   title     = {Basic Facts about Expander Graphs},
1800 |   publisher = {Springer Berlin Heidelberg},
1801 |   year      = {2011},
1802 |   author    = {Goldreich, Oded},
1803 |   editor    = {Goldreich, Oded},
1804 |   address   = {Berlin, Heidelberg},
1805 |   isbn      = {978-3-642-22670-0},
1806 |   abstract  = {In this survey we review basic facts regarding
1807 |                    expander graphs that are most relevant to the theory
1808 |                    of computation.},
1809 |   booktitle = {Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation: In Collaboration with Lidor Avigad, Mihir Bellare, Zvika Brakerski, Shafi Goldwasser, Shai Halevi, Tali Kaufman, Leonid Levin, Noam Nisan, Dana Ron, Madhu Sudan, Luca Trevisan, Salil Vadhan, Avi Wigderson, David Zuckerman},
1810 |   doi       = {10.1007/978-3-642-22670-0_30},
1811 | }
1812 | 
1813 | @Article{hanrot+quercia+zimmermann,
1814 |   author   = {Hanrot, Guillaume and Quercia, Michel and Zimmermann, Paul},
1815 |   title    = {The Middle Product Algorithm {I}},
1816 |   journal  = {Applicable Algebra in Engineering, Communication and Computing},
1817 |   year     = {2004},
1818 |   volume   = {14},
1819 |   number   = {6},
1820 |   pages    = {415--438},
1821 |   issn     = {0938-1279},
1822 |   abstract = {We present new algorithms for the inverse, division,
1823 |                    and square root of power series. The key trick is a
1824 |                    new algorithm – {MiddleProduct} or, for short, {MP}
1825 |                    – computing the n middle coefficients of a (2
1826 |                    n-1)× n full product in the same number of
1827 |                    multiplications as a full n× n product. This
1828 |                    improves previous work of Brent, Mulders, Karp and
1829 |                    Markstein, Burnikel and Ziegler. These results apply
1830 |                    both to series and polynomials.},
1831 |   doi      = {10.1007/s00200-003-0144-2},
1832 | }
1833 | 
1834 | @InProceedings{Hart2010,
1835 |   author    = {William B. Hart},
1836 |   title     = {Fast Library for Number Theory: An Introduction},
1837 |   booktitle = {Proceedings of the Third International Congress on Mathematical Software},
1838 |   year      = {2010},
1839 |   series    = {ICMS'10},
1840 |   pages     = {88--91},
1841 |   address   = {Berlin, Heidelberg},
1842 |   publisher = {Springer-Verlag},
1843 |   location  = {Kobe, Japan},
1844 |   numpages  = {4},
1845 |   url       = {http://flintlib.org/},
1846 | }
1847 | 
1848 | @Article{harvey09,
1849 |   author   = {Harvey, David},
1850 |   title    = {Faster polynomial multiplication via multipoint {K}ronecker substitution},
1851 |   journal  = {Journal of Symbolic Computation},
1852 |   year     = {2009},
1853 |   volume   = {44},
1854 |   number   = {10},
1855 |   pages    = {1502--1510},
1856 |   month    = oct,
1857 |   issn     = {07477171},
1858 |   abstract = {We present several new algorithms for dense
1859 |                    polynomial multiplication in {inlMMLBox} based on the
1860 |                    Kronecker substitution method. Instead of reducing to
1861 |                    a single integer multiplication, we reduce to several
1862 |                    smaller multiplications. We describe an
1863 |                    implementation of multiplication in {inlMMLBox} for a
1864 |                    word-sized modulus n based on these methods, and
1865 |                    compare its performance to that of {NTL} and Magma.},
1866 |   doi      = {10.1016/j.jsc.2009.05.004},
1867 | }
1868 | 
1869 | @InProceedings{heath+loehr99,
1870 |   author    = {Heath, Lenwood S. and Loehr, Nicholas A.},
1871 |   title     = {New algorithms for generating {C}onway polynomials over finite fields},
1872 |   booktitle = {Proceedings of the tenth annual ACM-SIAM symposium on Discrete algorithms},
1873 |   year      = {1999},
1874 |   series    = {SODA '99},
1875 |   pages     = {429--437},
1876 |   address   = {Philadelphia, PA, USA},
1877 |   publisher = {Society for Industrial and Applied Mathematics},
1878 |   abstract  = {An abstract is not available.},
1879 |   isbn      = {0-89871-434-6},
1880 | }
1881 | 
1882 | @InProceedings{heath1992zero,
1883 |   author    = {Heath-Brown, David R.},
1884 |   title     = {Zero-free regions for {Dirichlet} {L-functions}, and the least prime in an arithmetic progression},
1885 |   booktitle = {Proceedings of the London Mathematical Society},
1886 |   year      = {1992},
1887 |   volume    = {64},
1888 |   number    = {2},
1889 |   pages     = {265--338},
1890 | }
1891 | 
1892 | @PhdThesis{hugounenq:tel-01635463,
1893 |   author = {Hugounenq, Cyril},
1894 |   title  = {Volcanoes and isogeny computing},
1895 |   school = {{Universit{\'e} Paris-Saclay}},
1896 |   year   = {2017},
1897 |   month  = sep,
1898 |   number = {2017SACLV050},
1899 |   url    = {https://tel.archives-ouvertes.fr/tel-01635463},
1900 | }
1901 | 
1902 | @Article{ionica+joux13,
1903 |   author  = {Ionica, Sorina and Joux, Antoine},
1904 |   title   = {Pairing the volcano},
1905 |   journal = {Mathematics of Computation},
1906 |   year    = {2013},
1907 |   volume  = {82},
1908 |   number  = {281},
1909 |   pages   = {581--603},
1910 | }
1911 | 
1912 | @Article{ionica2014isogeny,
1913 |   author  = {Ionica, Sorina and Thom{\'e}, Emmanuel},
1914 |   title   = {Isogeny graphs with maximal real multiplication},
1915 |   journal = {arXiv preprint arXiv:1407.6672},
1916 |   year    = {2014},
1917 | }
1918 | 
1919 | @Inprocedings{joux,
1920 |   author    = {Joux, Antoine},
1921 |   title     = {The {W}eil and {T}ate pairings as building blocks for public key cryptosystems},
1922 |   year      = {2002},
1923 |   address   = {Berlin},
1924 |   booktitle = {Algorithmic number theory},
1925 |   doi       = {10.1007/3-540-45455-1_3},
1926 |   pages     = {20--32},
1927 |   publisher = {Springer},
1928 |   series    = {Lecture Notes in Computer Science},
1929 |   volume    = {2369},
1930 | }
1931 | 
1932 | @InProceedings{kaltofen+shoup97,
1933 |   author    = {Kaltofen, Erich and Shoup, Victor},
1934 |   title     = {Fast polynomial factorization over high algebraic extensions of finite fields},
1935 |   booktitle = {ISSAC '97: Proceedings of the 1997 International Symposium on Symbolic and Algebraic Computation},
1936 |   year      = {1997},
1937 |   pages     = {184--188},
1938 |   address   = {New York, NY, USA},
1939 |   publisher = {ACM},
1940 |   abstract  = {Note: {OCR} errors may be found in this Reference
1941 |                    List extracted from the full text article. {ACM} has
1942 |                    opted to expose the complete List rather than only
1943 |                    correct and linked references.},
1944 |   doi       = {10.1145/258726.258777},
1945 |   isbn      = {0-89791-875-4},
1946 | }
1947 | 
1948 | @Article{kaltofen+shoup98,
1949 |   author    = {Kaltofen, Erich and Shoup, Victor},
1950 |   title     = {Subquadratic-time factoring of polynomials over finite fields},
1951 |   journal   = {Mathematics of Computation},
1952 |   year      = {1998},
1953 |   volume    = {67},
1954 |   number    = {223},
1955 |   pages     = {1179--1197},
1956 |   issn      = {0025-5718},
1957 |   address   = {Boston, MA, USA},
1958 |   doi       = {10.1090/S0025-5718-98-00944-2},
1959 |   publisher = {American Mathematical Society},
1960 | }
1961 | 
1962 | @Article{kaltofen87,
1963 |   author    = {Kaltofen, Erich},
1964 |   title     = {Computer algebra algorithms},
1965 |   journal   = {Annual Review in Computer Science},
1966 |   year      = {1987},
1967 |   volume    = {2},
1968 |   pages     = {91--118},
1969 |   address   = {Palo Alto, California},
1970 |   publisher = {Annual Reviews Inc.},
1971 |   url       = {http://www.math.ncsu.edu/~kaltofen/bibliography/87/Ka87_annrev.pdf},
1972 | }
1973 | 
1974 | @Article{kedlaya01,
1975 |   author   = {Kedlaya, Kiran S.},
1976 |   title    = {Counting points on hyperelliptic curves using {M}onsky-{W}ashnitzer cohomology},
1977 |   journal  = {Journal of the Ramanujan Mathematical Society},
1978 |   year     = {2001},
1979 |   volume   = {16},
1980 |   number   = {4},
1981 |   pages    = {323--338},
1982 |   abstract = {In this paper an algorithm for counting points on
1983 |                    hyperelliptic curvesover finite fields of odd
1984 |                    characteristic is developed.<P> The approach is to
1985 |                    compute in the Monsky-Washnitzer cohomology,described
1986 |                    in sections 2 and 3, of an affine curve endowed with
1987 |                    anaction of Frobenius which can be \$p\$-adically
1988 |                    approximated efficientlyusing certain power series.
1989 |                    The running time of the algorithm is onthe order of
1990 |                    \$g^{4+\epsilon}n^{3+\epsilon}\$, where \$n\$ is the
1991 |                    degreeof the finite field and \$g\$ is the genus of
1992 |                    the curve (assuming thatthe curve has a rational
1993 |                    Weierstrass point).},
1994 | }
1995 | 
1996 | @InCollection{kedlaya04,
1997 |   author    = {Kedlaya, Kiran S.},
1998 |   title     = {Computing zeta functions via \(p\)-adic cohomology},
1999 |   booktitle = {Algorithmic number theory},
2000 |   publisher = {Springer},
2001 |   year      = {2004},
2002 |   volume    = {3076},
2003 |   series    = {Lecture Notes in Comput. Sci.},
2004 |   pages     = {1--17},
2005 |   address   = {Berlin},
2006 | }
2007 | 
2008 | @Article{KeUm11,
2009 |   author    = {Kedlaya, Kiran S and Umans, Christopher},
2010 |   title     = {Fast polynomial factorization and modular composition},
2011 |   journal   = {SIAM Journal on Computing},
2012 |   year      = {2011},
2013 |   volume    = {40},
2014 |   number    = {6},
2015 |   pages     = {1767--1802},
2016 |   publisher = {SIAM},
2017 | }
2018 | 
2019 | @Article{kitaev1995hsp,
2020 |   author  = {Kitaev, Alexey Yuri},
2021 |   title   = {Quantum measurements and the Abelian stabilizer problem},
2022 |   journal = {arXiv preprint quant-ph/9511026},
2023 |   year    = {1995},
2024 |   url     = {https://arxiv.org/abs/quant-ph/9511026},
2025 | }
2026 | 
2027 | @InProceedings{kocher+jaffe+jun99,
2028 |   author    = {Kocher, Paul and Jaffe, Joshua and Jun, Benjamin},
2029 |   title     = {{Differential Power Analysis}},
2030 |   booktitle = {Advances in Cryptology --- CRYPTO' 99},
2031 |   year      = {1999},
2032 |   volume    = {1666},
2033 |   series    = {Lecture Notes in Computer Science},
2034 |   pages     = {388--397},
2035 |   address   = {Berlin, Heidelberg},
2036 |   month     = dec,
2037 |   publisher = {Springer Berlin Heidelberg},
2038 |   abstract  = {{Cryptosystem designers frequently assume that
2039 |                    secrets will be manipulated in closed, reliable
2040 |                    computing environments. Unfortunately, actual
2041 |                    computers and microchips leak information about the
2042 |                    operations they process. This paper examines specific
2043 |                    methods for analyzing power consumption measurements
2044 |                    to find secret keys from tamper resistant devices. We
2045 |                    also discuss approaches for building cryptosystems
2046 |                    that can operate securely in existing hardware that
2047 |                    leaks information.}},
2048 |   chapter   = {25},
2049 |   doi       = {10.1007/3-540-48405-1_25},
2050 |   isbn      = {978-3-540-66347-8},
2051 |   issn      = {0302-9743},
2052 | }
2053 | 
2054 | @Article{Kummer1846,
2055 |   author   = {Kummer, Ernst Eduard},
2056 |   title    = {{\"Uber die Divisoren gewisser Formen der Zahlen, welche aus der Theorie der Kreistheilung entstehen}},
2057 |   journal  = {Journal f\"ur die reine und angewandte Mathematik},
2058 |   year     = {1846},
2059 |   volume   = {30},
2060 |   pages    = {107--116},
2061 |   language = {German},
2062 |   url      = {http://eudml.org/doc/147278},
2063 | }
2064 | 
2065 | @Article{Kummer1847a,
2066 |   author   = {Kummer, Ernst Eduard},
2067 |   title    = {{\"Uber die Zerlegung der aus Wurzeln der Einheit gebildeten complexen Zahlen in ihre Primfactoren}},
2068 |   journal  = {Journal f\"ur die reine und angewandte Mathematik},
2069 |   year     = {1847},
2070 |   volume   = {35},
2071 |   pages    = {327--367},
2072 |   language = {German},
2073 |   url      = {http://eudml.org/doc/147394},
2074 | }
2075 | 
2076 | @Article{Kummer1847b,
2077 |   author   = {Kummer, Ernst Eduard},
2078 |   title    = {Sur les nombres complexes qui sont form\'es avec les nombres entiers r\'eels et les racines de l'unit\'e},
2079 |   journal  = {Journal de Math\'ematiques Pures et Appliqu\'ees},
2080 |   year     = {1847},
2081 |   pages    = {185--212},
2082 |   language = {French},
2083 |   url      = {http://eudml.org/doc/235075},
2084 | }
2085 | 
2086 | @Article{Kummer1847c,
2087 |   author   = {Kummer, Ernst Eduard},
2088 |   title    = {{Zur Theorie der complexen Zahlen}},
2089 |   journal  = {Journal f\"ur die reine und angewandte Mathematik},
2090 |   year     = {1847},
2091 |   volume   = {35},
2092 |   pages    = {319--326},
2093 |   language = {German},
2094 |   url      = {http://eudml.org/doc/147393},
2095 | }
2096 | 
2097 | @Article{Kummer1851,
2098 |   author   = {Kummer, Ernst Eduard},
2099 |   title    = {M\'emoire sur la th\'eorie des nombres complexes compos\'es de racines de l'unit\'e et de nombres entiers},
2100 |   journal  = {Journal de Math\'ematiques Pures et Appliqu\'ees},
2101 |   year     = {1851},
2102 |   pages    = {377--498},
2103 |   language = {French},
2104 |   url      = {http://eudml.org/doc/235621},
2105 | }
2106 | 
2107 | @Article{Kummer1855,
2108 |   author   = {Kummer, Ernst Eduard},
2109 |   title    = {{\"Uber eine besondere Art, aus complexen Einheiten gebildeter Ausdr\"ucke}},
2110 |   journal  = {Journal f\"ur die reine und angewandte Mathematik},
2111 |   year     = {1855},
2112 |   volume   = {50},
2113 |   pages    = {212--232},
2114 |   language = {German},
2115 |   url      = {http://eudml.org/doc/147605},
2116 | }
2117 | 
2118 | @Article{Kummer1857,
2119 |   author   = {Kummer, Ernst Eduard},
2120 |   title    = {{\"Uber die den Gau\ss{}schen Perioden der Kreistheilung entsprechenden Congruenzwurzeln}},
2121 |   journal  = {Journal f\"ur die reine und angewandte Mathematik},
2122 |   year     = {1857},
2123 |   volume   = {53},
2124 |   pages    = {142--148},
2125 |   language = {German},
2126 |   url      = {http://eudml.org/doc/147659},
2127 | }
2128 | 
2129 | @Book{Kunz86,
2130 |   title     = {K\"ahler differentials},
2131 |   publisher = {Friedrich Vieweg \& Sohn},
2132 |   year      = {1986},
2133 |   author    = {Kunz, Ernst},
2134 | }
2135 | 
2136 | @InProceedings{lairez-vaccon,
2137 |   author    = {Lairez, Pierre and Vaccon, Tristan},
2138 |   title     = {On $p$-adic Differential Equations with Separation of Variables},
2139 |   booktitle = {Proceedings of the ACM on International Symposium on Symbolic and Algebraic Computation},
2140 |   year      = {2016},
2141 |   series    = {ISSAC '16},
2142 |   pages     = {319--323},
2143 |   address   = {New York, NY, USA},
2144 |   publisher = {ACM},
2145 |   doi       = {10.1145/2930889.2930912},
2146 |   isbn      = {978-1-4503-4380-0},
2147 | }
2148 | 
2149 | @Book{lang,
2150 |   title        = {Algebra},
2151 |   publisher    = {Springer},
2152 |   year         = {2002},
2153 |   author       = {Lang, Serge},
2154 |   edition      = {3rd edition},
2155 |   month        = jan,
2156 |   isbn         = {038795385X},
2157 |   abstract     = {{"Lang's Algebra changed the way graduate algebra is
2158 |                    taught, retaining classical topics but introducing
2159 |                    language and ways of thinking from category theory
2160 |                    and homological algebra. It has affected all
2161 |                    subsequent graduate-level algebra books."
2162 |                    \&nbsp;NOTICES OF THE AMS "The author has an
2163 |                    impressive knack for presenting the important and
2164 |                    interesting ideas of algebra in just the right way,
2165 |                    and he never gets bogged down in the dry formalism
2166 |                    which pervades some parts of
2167 |                    algebra."\&nbsp;MATHEMATICAL REVIEWS This book is
2168 |                    intended as a basic text for a one-year course in
2169 |                    algebra at the graduate level, or as a useful
2170 |                    reference for mathematicians and professionals who
2171 |                    use higher-level algebra. It successfully addresses
2172 |                    the basic concepts of algebra. \&nbsp;For the revised
2173 |                    third edition, the author has added exercises and
2174 |                    made numerous corrections to the text.}},
2175 |   howpublished = {Hardcover},
2176 | }
2177 | 
2178 | @Article{lauder04,
2179 |   author   = {Lauder, Alan G. B.},
2180 |   title    = {Computing zeta functions of {A}rtin-{S}chreier curves over finite fields {II}},
2181 |   journal  = {Journal of Complexity},
2182 |   year     = {2004},
2183 |   volume   = {20},
2184 |   number   = {2-3},
2185 |   pages    = {331--349},
2186 |   month    = jun,
2187 |   issn     = {0885064X},
2188 |   abstract = {We describe a method which may be used to compute the
2189 |                    zeta function of an arbitrary {Artin-Schreier} cover
2190 |                    of the projective line over a finite field.
2191 |                    Specifically, for covers defined by equations of the
2192 |                    form Z p − Z = f ( X ) we present, and give the
2193 |                    complexity analysis of, an algorithm for the case in
2194 |                    which f ( X ) is a rational function whose poles all
2195 |                    have order 1. However, we only prove the correctness
2196 |                    of this algorithm when the field characteristic is at
2197 |                    least 5. The algorithm is based upon a cohomological
2198 |                    formula for the L -function of an additive character
2199 |                    sum. One consequence is a practical method of finding
2200 |                    the order of the group of rational points on the
2201 |                    Jacobian of a hyperelliptic curve in characteristic
2202 |                    2.},
2203 |   doi      = {10.1016/j.jco.2003.08.009},
2204 | }
2205 | 
2206 | @Article{LEBRETON2015230,
2207 |   author   = {Romain Lebreton},
2208 |   title    = {Relaxed {H}ensel lifting of triangular sets},
2209 |   journal  = {Journal of Symbolic Computation},
2210 |   year     = {2015},
2211 |   volume   = {68},
2212 |   pages    = {230--258},
2213 |   issn     = {0747-7171},
2214 |   note     = {Effective Methods in Algebraic Geometry},
2215 |   abstract = {In this paper, we present a new lifting algorithm for
2216 |                    triangular sets over general p-adic rings. Our
2217 |                    contribution is to give, for any p-adic triangular
2218 |                    set, a shifted algorithm of which the triangular set
2219 |                    is a fixed point. Then we can apply the relaxed
2220 |                    recursive p-adic framework and deduce a relaxed
2221 |                    lifting algorithm for this triangular set. We compare
2222 |                    our algorithm to the existing technique and report on
2223 |                    implementations inside the C++ library Geomsolvex of
2224 |                    Mathemagix (van der Hoeven et al., 2002). Our new
2225 |                    relaxed algorithm is competitive and compare
2226 |                    favorably on some examples.},
2227 |   doi      = {10.1016/j.jsc.2014.09.012},
2228 | }
2229 | 
2230 | @InProceedings{LeGall14,
2231 |   author    = {Le Gall, Fran\c{c}ois},
2232 |   title     = {Powers of Tensors and Fast Matrix Multiplication},
2233 |   booktitle = {ISSAC'14},
2234 |   year      = {2014},
2235 |   pages     = {296--303},
2236 |   publisher = {ACM},
2237 | }
2238 | 
2239 | @InProceedings{LeMeSc13,
2240 |   author    = {Lebreton, Romain and Mehrabi, Esmaeil and Schost, \'Eric},
2241 |   title     = {On the Complexity of Solving Bivariate Systems: The Case of Non-singular Solutions},
2242 |   booktitle = {ISSAC'13},
2243 |   year      = {2013},
2244 |   pages     = {251--258},
2245 |   publisher = {ACM},
2246 | }
2247 | 
2248 | @Electronic{lenstra+desmit08-stdmodels,
2249 |   author = {Lenstra, Hendrik W. and de Smit, Bart},
2250 |   year   = {2008},
2251 |   title  = {Standard models for finite fields: the definition},
2252 |   url    = {http://www.math.leidenuniv.nl/~desmit/papers/standard_models.pdf},
2253 |   pages  = {1--4},
2254 | }
2255 | 
2256 | @Article{LENSTRA1977389,
2257 |   author  = {Lenstra, Hendrik W.},
2258 |   title   = {On the algebraic closure of two},
2259 |   journal = {Indagationes Mathematicae (Proceedings)},
2260 |   year    = {1977},
2261 |   volume  = {80},
2262 |   number  = {5},
2263 |   pages   = {389--396},
2264 |   issn    = {1385-7258},
2265 |   doi     = {10.1016/1385-7258(77)90053-1},
2266 | }
2267 | 
2268 | @Article{lenstra87,
2269 |   author  = {Lenstra, Hendrik W.},
2270 |   title   = {Factoring integers with elliptic curves},
2271 |   journal = {Annals of Mathematics},
2272 |   year    = {1987},
2273 |   volume  = {126},
2274 |   pages   = {649--673},
2275 | }
2276 | 
2277 | @Article{LenstraJr91,
2278 |   author  = {Lenstra, Hendrik W.},
2279 |   title   = {Finding isomorphisms between finite fields},
2280 |   journal = {Mathematics of Computation},
2281 |   year    = {1991},
2282 |   volume  = {56},
2283 |   number  = {193},
2284 |   pages   = {329--347},
2285 | }
2286 | 
2287 | @Article{lercier+sirvent08,
2288 |   author  = {Lercier, Reynald and Sirvent, Thomas},
2289 |   title   = {On {E}lkies subgroups of \(\ell\)-torsion points in elliptic curves defined over a finite field},
2290 |   journal = {Journal de th\'{e}orie des nombres de Bordeaux},
2291 |   year    = {2008},
2292 |   volume  = {20},
2293 |   number  = {3},
2294 |   pages   = {783--797},
2295 |   url     = {http://perso.univ-rennes1.fr/reynald.lercier/file/LS08.pdf},
2296 | }
2297 | 
2298 | @InProceedings{lercier96,
2299 |   author    = {Lercier, Reynald},
2300 |   title     = {Computing Isogenies in {GF(2,n)}},
2301 |   booktitle = {ANTS-II: Proceedings of the Second International Symposium on Algorithmic Number Theory},
2302 |   year      = {1996},
2303 |   pages     = {197--212},
2304 |   address   = {London, UK},
2305 |   publisher = {Springer-Verlag},
2306 |   isbn      = {3-540-61581-4},
2307 | }
2308 | 
2309 | @InProceedings{li+moreno+schost07,
2310 |   author    = {Li, Xin and Moreno Maza, Marc and Schost, \'{E}ric},
2311 |   title     = {Fast Arithmetic for Triangular Sets: From Theory to Practice},
2312 |   booktitle = {Proceedings of the 2007 International Symposium on Symbolic and Algebraic Computation},
2313 |   year      = {2007},
2314 |   series    = {ISSAC '07},
2315 |   pages     = {269--276},
2316 |   address   = {New York, NY, USA},
2317 |   publisher = {ACM},
2318 |   abstract  = {We study arithmetic operations for triangular
2319 |                    families of polynomials, concentrating on
2320 |                    multiplication in dimension zero. By a suitable
2321 |                    extension of fast univariate Euclidean division, we
2322 |                    obtain theoretical and practical improvements over a
2323 |                    direct recursive approach; for a family of special
2324 |                    cases, we reach quasi-linear complexity. The main
2325 |                    outcome we have in mind is the acceleration of
2326 |                    higher-level algorithms, by interfacing our low-level
2327 |                    implementation with languages such as {AXIOM} or
2328 |                    Maple We show the potential for huge speed-ups, by
2329 |                    comparing two {AXIOM} implementations of van Hoeij
2330 |                    and Monagan's modular {GCD} algorithm.},
2331 |   doi       = {10.1145/1277548.1277585},
2332 |   isbn      = {978-1-59593-743-8},
2333 | }
2334 | 
2335 | @Article{littlewood1928class,
2336 |   author    = {Littlewood, John E},
2337 |   title     = {On the Class-Number of the Corpus $P(\sqrt{k})$},
2338 |   journal   = {Proceedings of the London Mathematical Society},
2339 |   year      = {1928},
2340 |   volume    = {2},
2341 |   number    = {1},
2342 |   pages     = {358--372},
2343 |   publisher = {Wiley Online Library},
2344 | }
2345 | 
2346 | @InCollection{lo,
2347 |   author    = {Lagarias, Jeffrey C. and Odlyzko, Andrew M.},
2348 |   title     = {Effective versions of the {C}hebotarev density theorem},
2349 |   booktitle = {Algebraic number fields: {$L$}-functions and {G}alois properties},
2350 |   publisher = {Academic Press},
2351 |   year      = {1977},
2352 |   pages     = {409--464},
2353 |   address   = {London},
2354 | }
2355 | 
2356 | @Article{longa+sica14,
2357 |   author  = {Longa, Patrick and Sica, Francesco},
2358 |   title   = {Four-Dimensional {G}allant--{L}ambert--{V}anstone Scalar Multiplication},
2359 |   journal = {Journal of Cryptology},
2360 |   year    = {2014},
2361 |   volume  = {27},
2362 |   number  = {2},
2363 |   pages   = {248--283},
2364 |   issn    = {1432-1378},
2365 |   doi     = {10.1007/s00145-012-9144-3},
2366 | }
2367 | 
2368 | @Book{Lub,
2369 |   title     = {Discrete groups, expanding graphs and invariant measures},
2370 |   publisher = {Birkh\"{a}user Verlag},
2371 |   year      = {1994},
2372 |   author    = {Lubotzky, Alexander},
2373 |   volume    = {125},
2374 |   series    = {Progress in Mathematics},
2375 |   address   = {Basel},
2376 |   isbn      = {978-3-0346-0332-4},
2377 |   doi       = {10.1007/978-3-0346-0332-4},
2378 | }
2379 | 
2380 | @Article{lubicz_robert_2012,
2381 |   author    = {Lubicz, David and Robert, Damien},
2382 |   title     = {Computing isogenies between abelian varieties},
2383 |   journal   = {Compositio Mathematica},
2384 |   year      = {2012},
2385 |   volume    = {148},
2386 |   number    = {5},
2387 |   pages     = {1483--1515},
2388 |   doi       = {10.1112/S0010437X12000243},
2389 |   publisher = {London Mathematical Society},
2390 | }
2391 | 
2392 | @Article{lubicz_robert_2015,
2393 |   author    = {Lubicz, David and Robert, Damien},
2394 |   title     = {Computing separable isogenies in quasi-optimal time},
2395 |   journal   = {LMS Journal of Computation and Mathematics},
2396 |   year      = {2015},
2397 |   volume    = {18},
2398 |   number    = {1},
2399 |   pages     = {198--216},
2400 |   doi       = {10.1112/S146115701400045X},
2401 |   publisher = {London Mathematical Society},
2402 | }
2403 | 
2404 | @Article{LubPS,
2405 |   author  = {Lubotzky, Alexander and Phillips, Ralph and Sarnak, Peter},
2406 |   title   = {Ramanujan graphs},
2407 |   journal = {Combinatorica},
2408 |   year    = {1988},
2409 |   volume  = {8},
2410 |   number  = {3},
2411 |   doi     = {10.1007/BF02126799},
2412 | }
2413 | 
2414 | @Electronic{Luebeck,
2415 |   author = {Lübeck, Frank},
2416 |   year   = {2008},
2417 |   title  = {Conway polynomials for finite fields},
2418 |   url    = {http://www.math.rwth-aachen.de/~Frank.Luebeck/data/ConwayPol/},
2419 | }
2420 | 
2421 | @Article{MAGMA,
2422 |   author    = {Bosma, Wieb and Cannon, John and Playoust, Catherine},
2423 |   title     = {The {MAGMA} algebra system {I}: the user language},
2424 |   journal   = {Journal of Symbolic Computation},
2425 |   year      = {1997},
2426 |   volume    = {24},
2427 |   number    = {3-4},
2428 |   pages     = {235--265},
2429 |   issn      = {0747-7171},
2430 |   address   = {Duluth, MN, USA},
2431 |   doi       = {10.1006/jsco.1996.0125},
2432 |   publisher = {Academic Press, Inc.},
2433 | }
2434 | 
2435 | @InProceedings{mauer+menezes+teske01,
2436 |   author    = {Maurer, Markus and Menezes, Alfred and Teske, Edlyn},
2437 |   title     = {Analysis of the {GHS} {W}eil Descent Attack on the {ECDLP} over Characteristic Two Finite Fields of Composite Degree},
2438 |   booktitle = {INDOCRYPT '01: Proceedings of the Second International Conference on Cryptology in India},
2439 |   year      = {2001},
2440 |   pages     = {195--213},
2441 |   address   = {Berlin},
2442 |   publisher = {Springer-Verlag},
2443 |   isbn      = {3-540-43010-5},
2444 | }
2445 | 
2446 | @MastersThesis{memoire,
2447 |   author = {Kieffer, Jean},
2448 |   title  = {\'Etude et accélération du protocole d'échange de clés de Couveignes--Rostovtsev--Stolbunov},
2449 |   school = {Inria Saclay \& Université Paris VI},
2450 |   year   = {2017},
2451 | }
2452 | 
2453 | @Article{Mihailescu2010825,
2454 |   author  = {Preda Mihailescu and Victor Vuletescu},
2455 |   title   = {Elliptic Gauss sums and applications to point counting},
2456 |   journal = {Journal of Symbolic Computation},
2457 |   year    = {2010},
2458 |   volume  = {45},
2459 |   number  = {8},
2460 |   pages   = {825--836},
2461 |   issn    = {0747-7171},
2462 |   doi     = {10.1016/j.jsc.2010.01.004},
2463 | }
2464 | 
2465 | @Article{milio_2015,
2466 |   author    = {Milio, Enea},
2467 |   title     = {A quasi-linear time algorithm for computing modular polynomials in dimension 2},
2468 |   journal   = {LMS Journal of Computation and Mathematics},
2469 |   year      = {2015},
2470 |   volume    = {18},
2471 |   number    = {1},
2472 |   pages     = {603--632},
2473 |   doi       = {10.1112/S1461157015000170},
2474 |   publisher = {London Mathematical Society},
2475 | }
2476 | 
2477 | @Unpublished{milio:hal-01520262,
2478 |   author = {Milio, Enea and Robert, Damien},
2479 |   title  = {Modular polynomials on {H}ilbert surfaces},
2480 |   note   = {Working paper or preprint},
2481 |   month  = sep,
2482 |   year   = {2017},
2483 |   url    = {https://hal.archives-ouvertes.fr/hal-01520262},
2484 | }
2485 | 
2486 | @Article{MIRET200867,
2487 |   author   = {Miret, Josep M. and Moreno, Ramiro and Sadornil, Daniel and Tena, Juan and Valls, Magda},
2488 |   title    = {Computing the height of volcanoes of ℓ-isogenies of elliptic curves over finite fields},
2489 |   journal  = {Applied Mathematics and Computation},
2490 |   year     = {2008},
2491 |   volume   = {196},
2492 |   number   = {1},
2493 |   pages    = {67--76},
2494 |   issn     = {0096-3003},
2495 |   abstract = {The structure of the volcano of ℓ-isogenies,
2496 |                    ℓ-prime, of elliptic curves over finite fields has
2497 |                    been extensively studied over recent years. Previous
2498 |                    works present some results and algorithms concerning
2499 |                    the height of such volcanoes in the case of isogenies
2500 |                    whose kernels are generated by a rational point. The
2501 |                    main goal of this paper is to extend such works to
2502 |                    the case of ℓ-isogenies whose kernels are defined
2503 |                    by a rational subgroup. In particular, the height of
2504 |                    such volcanoes is completely characterized and can be
2505 |                    computationally obtained.},
2506 |   doi      = {10.1016/j.amc.2007.05.037},
2507 | }
2508 | 
2509 | @Article{MiretMRV05,
2510 |   author  = {Josep M. Miret and Ramiro Moreno and Ana Rio and Magda Valls},
2511 |   title   = {Determining the 2-{S}ylow subgroup of an elliptic curve over a finite field},
2512 |   journal = {Mathematics of Computation},
2513 |   year    = {2005},
2514 |   volume  = {74},
2515 |   number  = {249},
2516 |   pages   = {411--427},
2517 |   doi     = {10.1090/S0025-5718-04-01640-0},
2518 | }
2519 | 
2520 | @Article{MiretMSTV06,
2521 |   author  = {Josep M. Miret and Ramiro Moreno and Daniel Sadornil and Juan Tena and Magda Valls},
2522 |   title   = {An algorithm to compute volcanoes of 2-isogenies of elliptic curves over finite fields},
2523 |   journal = {Applied Mathematics and Computation},
2524 |   year    = {2006},
2525 |   volume  = {176},
2526 |   number  = {2},
2527 |   pages   = {739--750},
2528 |   doi     = {10.1016/j.amc.2005.10.020},
2529 | }
2530 | 
2531 | @Article{moenck76,
2532 |   author    = {Moenck, Robert T.},
2533 |   title     = {Another polynomial homomorphism},
2534 |   journal   = {Acta Informatica},
2535 |   year      = {1976},
2536 |   volume    = {6},
2537 |   number    = {2},
2538 |   pages     = {153--169},
2539 |   month     = jun,
2540 |   issn      = {0001-5903},
2541 |   abstract  = {The current proposals for applying the so called fast
2542 |                    {O(N} {logaN}) algorithms to multivariate polynomials
2543 |                    is that the univariate methods be applied
2544 |                    recursively, much in the way more conventional
2545 |                    algorithms are used. Since the size of the problems
2546 |                    is rather large for which a fastrd algorithm is more
2547 |                    efficient than a classical one, the recursive
2548 |                    approach compounds this size completely out of any
2549 |                    practical range .},
2550 |   doi       = {10.1007/BF00268498},
2551 |   publisher = {Springer Berlin / Heidelberg},
2552 | }
2553 | 
2554 | @Article{monico2007,
2555 |   author  = {Maze, G\'erard and Monico, Chris and Rosenthal, Joachim},
2556 |   title   = {Public key cryptography based on semigroup actions},
2557 |   journal = {Advances in Mathematics of Communications},
2558 |   year    = {2007},
2559 |   volume  = {1},
2560 |   number  = {4},
2561 |   pages   = {489--507},
2562 |   issn    = {1930-5346},
2563 |   doi     = {10.3934/amc.2007.1.489},
2564 | }
2565 | 
2566 | @Article{montgomery,
2567 |   author    = {Montgomery, Peter L.},
2568 |   title     = {Speeding the Pollard and Elliptic Curve Methods of Factorization},
2569 |   journal   = {Mathematics of Computation},
2570 |   year      = {1987},
2571 |   volume    = {48},
2572 |   number    = {177},
2573 |   pages     = {243--264},
2574 |   issn      = {00255718},
2575 |   abstract  = {Since 1974, several algorithms have been developed
2576 |                    that attempt to factor a large number \$N\$ by doing
2577 |                    extensive computations modulo \$N\$ and occasionally
2578 |                    taking {GCDs} with \$N\$. These began with Pollard's
2579 |                    \$p - 1\$ and Monte Carlo methods. More recently,
2580 |                    Williams published a \$p + 1\$ method, and Lenstra
2581 |                    discovered an elliptic curve method ({ECM}). We
2582 |                    present ways to speed all of these. One improvement
2583 |                    uses two tables during the second phases of \$p \pm
2584 |                    1\$ and {ECM}, looking for a match. Polynomial
2585 |                    preconditioning lets us search a fixed table of size
2586 |                    \$n\$ with \$n/2 + o(n)\$ multiplications. A
2587 |                    parametrization of elliptic curves lets Step 1 of
2588 |                    {ECM} compute the \$x\$-coordinate of \${nP}\$ from
2589 |                    that of \$P\$ in about \$9.3 \log\_2 n\$
2590 |                    multiplications for arbitrary \$P\$.},
2591 |   doi       = {10.2307/2007888},
2592 |   publisher = {American Mathematical Society},
2593 | }
2594 | 
2595 | @Article{MOODY20125249,
2596 |   author   = {Moody, Dustin},
2597 |   title    = {Computing isogeny volcanoes of composite degree},
2598 |   journal  = {Applied Mathematics and Computation},
2599 |   year     = {2012},
2600 |   volume   = {218},
2601 |   number   = {9},
2602 |   pages    = {5249--5258},
2603 |   issn     = {0096-3003},
2604 |   abstract = {Isogeny volcanoes are an interesting structure that
2605 |                    have had several recent applications. An isogeny
2606 |                    volcano is a connected component of a larger graph
2607 |                    called a cordillera. In this paper, we further
2608 |                    explore properties of how to compute volcanoes given
2609 |                    that we have already computed one of a different
2610 |                    degree. This allows us to compute volcanoes of
2611 |                    composite degree more efficiently than a direct
2612 |                    construction using modular polynomials.},
2613 |   doi      = {10.1016/j.amc.2011.11.008},
2614 | }
2615 | 
2616 | @Article{morain95,
2617 |   author  = {Morain, Fran\c{c}ois},
2618 |   title   = {Calcul du nombre de points sur une courbe elliptique dans un corps fini: aspects algorithmiques},
2619 |   journal = {Journal de Th\'eorie des Nombres Bordeaux},
2620 |   year    = {1995},
2621 |   volume  = {7},
2622 |   number  = {1},
2623 |   pages   = {255--282},
2624 |   issn    = {1246-7405},
2625 |   note    = {Les Dix-huiti\`emes Journ\'ees Arithm\'etiques (Bordeaux, 1993)},
2626 |   url     = {http://jtnb.cedram.org/item?id=JTNB_1995__7_1_255_0},
2627 | }
2628 | 
2629 | @Book{mullen2013handbook,
2630 |   title     = {Handbook of finite fields},
2631 |   publisher = {CRC Press},
2632 |   year      = {2013},
2633 |   author    = {Mullen, Gary L. and Panario, Daniel},
2634 | }
2635 | 
2636 | @InProceedings{narayanan2016fast,
2637 |   author    = {Narayanan, Anand Kumar},
2638 |   title     = {Fast Computation of Isomorphisms Between Finite Fields Using Elliptic Curves},
2639 |   booktitle = {{International Workshop on the Arithmetic of Finite Fields, WAIFI 2018}},
2640 |   year      = {2018},
2641 |   series    = {Lecture Notes in Computer Science},
2642 |   publisher = {Springer Berlin / Heidelberg},
2643 | }
2644 | 
2645 | @Electronic{Nickel1988,
2646 |   author      = {Nickel, Werner},
2647 |   year        = {1988},
2648 |   title       = {{E}ndliche {K}örper in dem gruppentheoretischen {P}rogrammsystem {GAP}},
2649 |   url         = {https://www2.mathematik.tu-darmstadt.de/~nickel/},
2650 |   institution = {RWTH Aachen},
2651 |   type        = {mathesis},
2652 | }
2653 | 
2654 | @Electronic{NIST2016,
2655 |   author       = {{National Institute of Standards and Technology}},
2656 |   year         = {2016},
2657 |   title        = {Announcing Request for Nominations for Public-Key Post-Quantum Cryptographic Algorithms},
2658 |   organization = {National Institute of Standards and Technology},
2659 |   url          = {https://www.federalregister.gov/documents/2016/12/20/2016-30615/announcing-request-for-nominations-for-public-key-post-quantum-cryptographic-algorithms},
2660 |   editor       = {The Federal Register},
2661 | }
2662 | 
2663 | @Article{Noether1932,
2664 |   author  = {Noether, Emmy},
2665 |   title   = {{Normalbasis bei K\"orpern ohne h\"ohere Verzweigung}},
2666 |   journal = {Journal f\"ur die reine und angewandte Mathematik},
2667 |   year    = {1932},
2668 |   volume  = {167},
2669 |   pages   = {147--152},
2670 |   url     = {http://eudml.org/doc/149800},
2671 | }
2672 | 
2673 | @Misc{oeis,
2674 |   author       = {{OEIS Foundation Inc.}},
2675 |   title        = {The On-Line Encyclopedia of Integer Sequences},
2676 |   howpublished = {\url{http://oeis.org/A130715}},
2677 |   year         = {2012},
2678 | }
2679 | 
2680 | @InProceedings{OKS00,
2681 |   author    = {Katsuyuki Okeya and Hiroyuki Kurumatani and Kouichi Sakurai},
2682 |   title     = {Elliptic Curves with the {Montgomery}-Form and Their Cryptographic Applications},
2683 |   booktitle = {Public Key Cryptography --- {PKC} 2000},
2684 |   year      = {2000},
2685 |   editor    = {Hideki Imai and Yuliang Zheng},
2686 |   volume    = {1751},
2687 |   series    = {Lecture Notes in Computer Science},
2688 |   pages     = {238--257},
2689 |   publisher = {Springer},
2690 |   biburl    = {http://dblp.uni-trier.de/rec/bib/conf/pkc/OkeyaS00},
2691 |   doi       = {10.1007/978-3-540-46588-1\_17},
2692 |   isbn      = {3-540-66967-1},
2693 | }
2694 | 
2695 | @Manual{Pari,
2696 |   title        = {{PARI/GP, version {\texttt{2.8.0}}}},
2697 |   organization = {{The PARI Group}},
2698 |   address      = {Bordeaux},
2699 |   year         = {2016},
2700 |   key          = {PARI},
2701 |   shorthand    = {PARI},
2702 |   url          = {https://pari.math.u-bordeaux.fr/},
2703 | }
2704 | 
2705 | @InProceedings{pascal+schost06,
2706 |   author    = {Pascal, Cyril and Schost, \'{E}ric},
2707 |   title     = {Change of order for bivariate triangular sets},
2708 |   booktitle = {ISSAC '06: Proceedings of the 2006 international symposium on Symbolic and algebraic computation},
2709 |   year      = {2006},
2710 |   pages     = {277--284},
2711 |   address   = {New York, NY, USA},
2712 |   publisher = {ACM},
2713 |   abstract  = {Changing the order of variables in bivariate
2714 |                    triangular sets has applications in Trager's
2715 |                    factorization algorithm, or in rational function
2716 |                    integration. We discuss the complexity of this
2717 |                    question, using baby steps / giant steps techniques
2718 |                    and trace formulas, obtaining subquadratic
2719 |                    estimates.},
2720 |   doi       = {10.1145/1145768.1145814},
2721 |   isbn      = {1-59593-276-3},
2722 | }
2723 | 
2724 | @Article{paterson_stockmeyer,
2725 |   author  = {Michael S. Paterson and Larry J. Stockmeyer},
2726 |   title   = {On the Number of Nonscalar Multiplications Necessary to Evaluate Polynomials},
2727 |   journal = {SIAM Journal on Computing},
2728 |   year    = {1973},
2729 |   volume  = {2},
2730 |   number  = {1},
2731 |   pages   = {60--66},
2732 |   doi     = {10.1137/0202007},
2733 | }
2734 | 
2735 | @Article{pila90,
2736 |   author    = {Pila, Jonathan},
2737 |   title     = {Frobenius Maps of {A}belian Varieties and Finding Roots of Unity in Finite Fields},
2738 |   journal   = {Mathematics of Computation},
2739 |   year      = {1990},
2740 |   volume    = {55},
2741 |   number    = {192},
2742 |   pages     = {745--763},
2743 |   issn      = {00255718},
2744 |   abstract  = {We give a generalization to Abelian varieties over
2745 |                    finite fields of the algorithm of Schoof for elliptic
2746 |                    curves. Schoof showed that for an elliptic curve
2747 |                    \$E\$ over \$\mathbf{F}\_q\$, given by a Weierstrass
2748 |                    equation, one can compute the number of
2749 |                    \$\mathbf{F}\_q\$-rational points of \$E\$ in time
2750 |                    \$O((\log q)^9)\$. Our result is the following. Let
2751 |                    \$A\$ be an Abelian variety over \$\mathbf{F}\_q\$.
2752 |                    Then one can compute the characteristic polynomial of
2753 |                    the Frobenius endomorphism of \$A\$ in time \$O((\log
2754 |                    q)^\Delta)\$, where \$\Delta\$ and the implied
2755 |                    constant depend only on the dimension of the
2756 |                    embedding space of \$A\$, the number of equations
2757 |                    defining \$A\$ and the addition law, and their
2758 |                    degrees. The method, generalizing that of Schoof, is
2759 |                    to use the machinery developed by Weil to prove the
2760 |                    Riemann hypothesis for Abelian varieties. By means of
2761 |                    this theory, the calculation is reduced to
2762 |                    ideal-theoretic computations in a ring of polynomials
2763 |                    in several variables over \$\mathbf{F}\_q\$. As
2764 |                    applications we show how to count the rational points
2765 |                    on the reductions modulo primes \$p\$ of a fixed
2766 |                    curve over \$\mathbf {Q}\$ in time polynomial in
2767 |                    \$\log p\$; we show also that, for a fixed prime
2768 |                    \$l\$, we can compute the \$l\$th roots of unity
2769 |                    \$\operatorname{mod} p\$, when they exist, in
2770 |                    polynomial time in \$\log p\$. This generalizes
2771 |                    Schoof's application of his algorithm to find square
2772 |                    roots of a fixed integer \$x \operatorname{mod} p\$.},
2773 |   doi       = {10.2307/2008445},
2774 |   publisher = {American Mathematical Society},
2775 | }
2776 | 
2777 | @InProceedings{Pinch,
2778 |   author    = {Richard G. E. Pinch},
2779 |   title     = {Recognising Elements Of Finite Fields},
2780 |   booktitle = {Cryptography and Coding II},
2781 |   year      = {1992},
2782 |   pages     = {193--197},
2783 |   publisher = {Oxford University Press},
2784 | }
2785 | 
2786 | @InProceedings{pointcheval95-pp,
2787 |   author    = {Pointcheval, David},
2788 |   title     = {A New Identification Scheme Based on the Perceptrons Problem},
2789 |   booktitle = {Advances in Cryptology --- EUROCRYPT '95},
2790 |   year      = {1995},
2791 |   volume    = {921},
2792 |   series    = {Lecture Notes in Computer Science},
2793 |   pages     = {319--328},
2794 |   address   = {Berlin, Heidelberg},
2795 |   publisher = {Springer Berlin / Heidelberg},
2796 |   abstract  = {Identification is a useful cryptographic tool. Since
2797 |                    zero-know- ledge theory appeared [ 3 ], several
2798 |                    interactive identification schemes have been proposed
2799 |                    (in particular Fiat-Shamir [ 2 ] and its variants [ 8
2800 |                    , 5 , 4 ], Schnorr [ 9 ]). These identifications are
2801 |                    based on number theoretical prob- lems. More
2802 |                    recently, new schemes appeared with the peculiarity
2803 |                    that they are more efficient from the computational
2804 |                    point of view and that their security is based on NP
2805 |                    -complete problems: PKP (Permuted Ker- nels Problem)
2806 |                    [ 10 ], SD (Syndrome Decoding) [ 12 ] and CLE
2807 |                    (Constrained Linear Equations) [ 13 ]. We present a
2808 |                    new NP -complete linear problem which comes from
2809 |                    learn- ing machines: the Perceptrons Problem. We have
2810 |                    some constraints, m vectors X i of {−1, +1} n , and
2811 |                    we want to find a vector V of {−1, +1} n such that
2812 |                    X i · V ≥ 0 for all i . Next, we provide some
2813 |                    zero-knowledge interactive identification protocols
2814 |                    based on this problem, with an evaluation of their
2815 |                    security. Eventually, those protocols are well suited
2816 |                    for smart card applications.},
2817 |   chapter   = {26},
2818 |   doi       = {10.1007/3-540-49264-X\_26},
2819 |   isbn      = {978-3-540-59409-3},
2820 |   url       = {http://dx.doi.org/10.1007/3-540-49264-X\_26},
2821 | }
2822 | 
2823 | @Article{PoSc13a,
2824 |   author    = {Adrian Poteaux and \'Eric Schost},
2825 |   title     = {Modular Composition Modulo Triangular Sets and Applications},
2826 |   journal   = {Computational Complexity},
2827 |   year      = {2013},
2828 |   volume    = {22},
2829 |   number    = {3},
2830 |   pages     = {463--516},
2831 |   publisher = {Springer Basel},
2832 | }
2833 | 
2834 | @Article{PoSc13b,
2835 |   author  = {Adrien Poteaux and \'Eric Schost},
2836 |   title   = {On the complexity of computing with zero-dimensional triangular sets},
2837 |   journal = {Journal of Symbolic Computation},
2838 |   year    = {2013},
2839 |   volume  = {50},
2840 |   pages   = {110--138},
2841 | }
2842 | 
2843 | @InProceedings{quis,
2844 |   author    = {Petit, Christophe and Lauter, Kristin and Quisquater, Jean-Jacques},
2845 |   title     = {Full Cryptanalysis of {LPS} and {M}orgenstern Hash Functions},
2846 |   booktitle = {Proceedings of the 6th international conference on Security and Cryptography for Networks},
2847 |   year      = {2008},
2848 |   series    = {SCN '08},
2849 |   address   = {Berlin, Heidelberg},
2850 |   publisher = {Springer-Verlag},
2851 |   doi       = {10.1007/978-3-540-85855-3_18},
2852 | }
2853 | 
2854 | @Unpublished{rains2008,
2855 |   author = {Eric M. Rains},
2856 |   title  = {Efficient Computation of Isomorphisms Between Finite Fields},
2857 |   note   = {Personal communication},
2858 |   year   = {1996},
2859 | }
2860 | 
2861 | @Misc{Roe2013,
2862 |   author       = {Roe, David and Flori, Jean-Pierre and Bruin, Peter},
2863 |   title        = {Implement pseudo-{C}onway polynomials},
2864 |   howpublished = {Trac ticket \#14958},
2865 |   month        = oct,
2866 |   year         = {2013},
2867 |   url          = {https://trac.sagemath.org/ticket/14958},
2868 | }
2869 | 
2870 | @Article{rouiller99,
2871 |   author   = {Rouillier, Fabrice},
2872 |   title    = {Solving Zero-Dimensional Systems Through the Rational Univariate Representation},
2873 |   journal  = {Applicable Algebra in Engineering, Communication and Computing},
2874 |   year     = {1999},
2875 |   volume   = {9},
2876 |   number   = {5},
2877 |   pages    = {433--461},
2878 |   month    = may,
2879 |   issn     = {0938-1279},
2880 |   abstract = {Abstract.\&nbsp;\&nbsp; This paper is devoted to the
2881 |                    resolution of zero-dimensional systems in {K[X} 1,
2882 |                    …X n ], where K is a field of characteristic zero
2883 |                    (or strictly positive under some conditions). We
2884 |                    follow the definition used in {MMM95} and basically
2885 |                    due to Kronecker for solving zero-dimensional
2886 |                    systems: A system is solved if each root is
2887 |                    represented in such way as to allow the performance
2888 |                    of any arithmetical operations over the arithmetical
2889 |                    expressions of its coordinates. We propose new
2890 |                    definitions for solving zero-dimensional systems in
2891 |                    this sense by introducing the Univariate
2892 |                    Representation of their roots. We show by this way
2893 |                    that the solutions of any zero-dimensional system of
2894 |                    polynomials can be expressed through a special kind
2895 |                    of univariate representation (Rational Univariate
2896 |                    Representation): where (f,g,g 1, …,g n ) are
2897 |                    polynomials of {K[X} 1, …, X n ]. A special feature
2898 |                    of our Rational Univariate Representation is that we
2899 |                    dont loose geometrical information contained in the
2900 |                    initial system. Moreover we propose different
2901 |                    efficient algorithms for the computation of the
2902 |                    Rational Univariate Representation, and we make a
2903 |                    comparison with standard known tools.},
2904 |   doi      = {10.1007/s002000050114},
2905 | }
2906 | 
2907 | @Manual{Sage,
2908 |   title        = {{SageMath, the Sage Mathematics Software System (Version 8.0)}},
2909 |   organization = {{The Sage Developers}},
2910 |   year         = {2018},
2911 |   key          = {SageMath},
2912 |   shorthand    = {Sage},
2913 |   url          = {https://www.sagemath.org},
2914 | }
2915 | 
2916 | @Book{Sarnak,
2917 |   title     = {Some applications of modular forms},
2918 |   publisher = {Cambridge University Press},
2919 |   year      = {1990},
2920 |   author    = {Sarnak, Peter},
2921 |   volume    = {99},
2922 |   series    = {Cambridge Tracts in Mathematics},
2923 |   address   = {Cambridge},
2924 | }
2925 | 
2926 | @Article{satoh00,
2927 |   author    = {Satoh, Takakazu},
2928 |   title     = {The canonical lift of an ordinary elliptic curve over a finite field and its point counting},
2929 |   journal   = {Journal of the Ramanujan Mathematical Society},
2930 |   year      = {2000},
2931 |   volume    = {15},
2932 |   number    = {4},
2933 |   pages     = {247--270},
2934 |   publisher = {The Ramanujan Mathematical Society},
2935 | }
2936 | 
2937 | @Article{schoof85,
2938 |   author    = {Schoof, Ren\'{e}},
2939 |   title     = {Elliptic Curves Over Finite Fields and the Computation of Square Roots mod \(p\)},
2940 |   journal   = {Mathematics of Computation},
2941 |   year      = {1985},
2942 |   volume    = {44},
2943 |   number    = {170},
2944 |   pages     = {483--494},
2945 |   issn      = {00255718},
2946 |   abstract  = {In this paper we present a deterministic algorithm to
2947 |                    compute the number of \$\mathbf{F}\_q\$-points of an
2948 |                    elliptic curve that is defined over a finite field
2949 |                    \$\mathbf{F}\_q\$ and which is given by a Weierstrass
2950 |                    equation. The algorithm takes \$O(\log^9 q)\$
2951 |                    elementary operations. As an application we give an
2952 |                    algorithm to compute square roots
2953 |                    \$\operatorname{mod} p\$. For fixed \$x \in
2954 |                    \mathbf{Z}\$, it takes \$O(\log^9 p)\$ elementary
2955 |                    operations to compute \$\sqrt x \operatorname{mod}
2956 |                    p\$.},
2957 |   doi       = {10.2307/2007968},
2958 |   publisher = {American Mathematical Society},
2959 | }
2960 | 
2961 | @Article{schoof95,
2962 |   author   = {Schoof, Ren\'{e}},
2963 |   title    = {Counting points on elliptic curves over finite fields},
2964 |   journal  = {Journal de Th\'{e}orie des Nombres de Bordeaux},
2965 |   year     = {1995},
2966 |   volume   = {7},
2967 |   number   = {1},
2968 |   pages    = {219--254},
2969 |   abstract = {Les Dix-huiti\`{e}mes Journ\'{e}es Arithm\'{e}tiques
2970 |                    (Bordeaux, 1993)},
2971 |   url      = {http://www.ams.org/mathscinet-getitem?mr=1413578},
2972 | }
2973 | 
2974 | @Book{Serre.Arith,
2975 |   title     = {{Cours d'arithmétique}},
2976 |   publisher = {Presses Universitaires de France},
2977 |   year      = {1970},
2978 |   author    = {Serre, Jean-Pierre},
2979 |   address   = {Paris},
2980 | }
2981 | 
2982 | @InProceedings{shamir89-pkp,
2983 |   author    = {Shamir, Adi},
2984 |   title     = {An efficient identification scheme based on permuted kernels (extended abstract)},
2985 |   booktitle = {Proceedings on Advances in cryptology},
2986 |   year      = {1989},
2987 |   series    = {CRYPTO '89},
2988 |   pages     = {606--609},
2989 |   address   = {New York, NY, USA},
2990 |   publisher = {Springer-Verlag New York, Inc.},
2991 |   abstract  = {In 1985 Goldwasser Micali and Rackoff proposed a new
2992 |                    type of interactive proof system which reveals no
2993 |                    knowledge whatsoever about the assertion except its
2994 |                    validity. The practical significance of these proofs
2995 |                    was demonstrated in 1986 by Fiat and Shamir, who
2996 |                    showed how to use efficient zero knowledge proofs of
2997 |                    quadratic residuosity to establish user identities
2998 |                    and to digitally sign messages. In this paper we
2999 |                    propose a new zero knowledge identification scheme,
3000 |                    which is even faster than the Fiat-Shamir scheme,
3001 |                    using a small number of communicated bits, simple
3002 |                    8-bit arithmetic operations, and compact public and
3003 |                    private keys. The security of the new scheme depends
3004 |                    on an NP-complete algebraic problem rather than on
3005 |                    factoring, and thus it widens the basis of public key
3006 |                    cryptography, which has become dangerously dependent
3007 |                    on the difficulty of a single problem.},
3008 |   isbn      = {0-387-97317-6},
3009 | }
3010 | 
3011 | @Article{Shoup_1990,
3012 |   author    = {Victor Shoup},
3013 |   title     = {New algorithms for finding irreducible polynomials over finite fields},
3014 |   journal   = {Mathematics of Computation},
3015 |   year      = {1990},
3016 |   volume    = {54},
3017 |   number    = {189},
3018 |   pages     = {435--435},
3019 |   month     = jan,
3020 |   doi       = {10.1090/s0025-5718-1990-0993933-0},
3021 |   publisher = {American Mathematical Society ({AMS})},
3022 | }
3023 | 
3024 | @Manual{shoup2003ntl,
3025 |   title     = {{NTL}: A library for doing number theory},
3026 |   author    = {Shoup, Victor},
3027 |   shorthand = {NTL},
3028 |   url       = {http://www.shoup.net/ntl},
3029 | }
3030 | 
3031 | @InProceedings{shoup93,
3032 |   author    = {Shoup, Victor},
3033 |   title     = {Fast construction of irreducible polynomials over finite fields},
3034 |   booktitle = {SODA '93: Proceedings of the fourth annual ACM-SIAM Symposium on Discrete algorithms},
3035 |   year      = {1993},
3036 |   pages     = {484--492},
3037 |   address   = {Philadelphia, PA, USA},
3038 |   publisher = {Society for Industrial and Applied Mathematics},
3039 |   abstract  = {Note: {OCR} errors may be found in this Reference
3040 |                    List extracted from the full text article. {ACM} has
3041 |                    opted to expose the complete List rather than only
3042 |                    correct and linked references.},
3043 |   isbn      = {0-89871-313-7},
3044 | }
3045 | 
3046 | @Article{shoup94,
3047 |   author    = {Shoup, Victor},
3048 |   title     = {Fast construction of irreducible polynomials over finite fields},
3049 |   journal   = {Journal of Symbolic Computation},
3050 |   year      = {1994},
3051 |   volume    = {17},
3052 |   number    = {5},
3053 |   pages     = {371--391},
3054 |   issn      = {0747-7171},
3055 |   address   = {Duluth, MN, USA},
3056 |   doi       = {10.1006/jsco.1994.1025},
3057 |   publisher = {Academic Press, Inc.},
3058 | }
3059 | 
3060 | @Article{shoup95,
3061 |   author    = {Shoup, Victor},
3062 |   title     = {A New Polynomial Factorization Algorithm and its Implementation},
3063 |   journal   = {Journal of Symbolic Computation},
3064 |   year      = {1995},
3065 |   volume    = {20},
3066 |   number    = {4},
3067 |   pages     = {363--397},
3068 |   issn      = {0747-7171},
3069 |   abstract  = {We consider the problem of factoring univariate
3070 |                    polynomials over a finite field. We demonstrate that
3071 |                    the new baby step/giant step factoring method,
3072 |                    recently developed by Kaltofen and Shoup, can be made
3073 |                    into a very practical algorithm. We describe an
3074 |                    implementation of this algorithm, and present the
3075 |                    results of empirical tests comparing this new
3076 |                    algorithm with others. When factoring polynomials
3077 |                    modulo large primes, the algorithm allows much larger
3078 |                    polynomials to be factored using a reasonable amount
3079 |                    of time and space than was previously possible. For
3080 |                    example, this new software has been used to factor a
3081 |                    generic polynomial of degree 2048 modulo a 2048-bit
3082 |                    prime in under 12 days on a Sun SPARC-station 10,
3083 |                    using 68 MB of main memory.},
3084 |   address   = {Duluth, MN, USA},
3085 |   doi       = {10.1006/jsco.1995.1055},
3086 |   publisher = {Academic Press, Inc.},
3087 | }
3088 | 
3089 | @InProceedings{shoup99,
3090 |   author    = {Shoup, Victor},
3091 |   title     = {Efficient Computation of Minimal Polynomials in Algebraic Extensions of Finite Fields},
3092 |   booktitle = {Proceedings of the 1999 International Symposium on Symbolic and Algebraic Computation},
3093 |   year      = {1999},
3094 |   series    = {ISSAC '99},
3095 |   pages     = {53--58},
3096 |   address   = {New York, NY, USA},
3097 |   publisher = {ACM},
3098 |   doi       = {10.1145/309831.309859},
3099 |   isbn      = {1-58113-073-2},
3100 | }
3101 | 
3102 | @Article{Shparlinski2014,
3103 |   author   = {Shparlinski, Igor E. and Sutherland, Andrew V.},
3104 |   title    = {On the Distribution of {A}tkin and {E}lkies Primes},
3105 |   journal  = {Foundations of Computational Mathematics},
3106 |   year     = {2014},
3107 |   volume   = {14},
3108 |   number   = {2},
3109 |   pages    = {285--297},
3110 |   month    = apr,
3111 |   issn     = {1615-3383},
3112 |   abstract = {Given an elliptic curve {\$}{\$}E{\$}{\$} E over a
3113 |                    finite field {\$}{\$}{\backslash}mathbb
3114 |                    {\{}F{\}}{\_}q{\$}{\$} F q of {\$}{\$}q{\$}{\$} q
3115 |                    elements, we say that an odd prime
3116 |                    {\$}{\$}{\backslash}ell {\backslash}not
3117 |                    {\backslash}mid q{\$}{\$} ℓ ∤ q is an Elkies
3118 |                    prime for {\$}{\$}E{\$}{\$} E if {\$}{\$}t{\_}E^2 -
3119 |                    4q{\$}{\$} t E 2 - 4 q is a square modulo 
3120 |                    {\$}{\$}{\backslash}ell {\$}{\$} ℓ , where
3121 |                    {\$}{\$}t{\_}E = q+1 -
3122 |                    {\backslash}{\#}E({\backslash}mathbb
3123 |                    {\{}F{\}}{\_}q){\$}{\$} t E = q + 1 - {\#} E ( F q )
3124 |                    and {\$}{\$}{\backslash}{\#}E({\backslash}mathbb
3125 |                    {\{}F{\}}{\_}q){\$}{\$} {\#} E ( F q ) is the number
3126 |                    of {\$}{\$}{\backslash}mathbb {\{}F{\}}{\_}q{\$}{\$}
3127 |                    F q -rational points on {\$}{\$}E{\$}{\$} E ;
3128 |                    otherwise, {\$}{\$}{\backslash}ell {\$}{\$} ℓ is
3129 |                    called an Atkin prime. We show that there are
3130 |                    asymptotically the same number of Atkin and Elkies
3131 |                    primes {\$}{\$}{\backslash}ell < L{\$}{\$} ℓ < L on
3132 |                    average over all curves {\$}{\$}E{\$}{\$} E over
3133 |                    {\$}{\$}{\backslash}mathbb {\{}F{\}}{\_}q{\$}{\$} F q
3134 |                    , provided that {\$}{\$}L {\backslash}ge
3135 |                    ({\backslash}log q)^{\backslash}varepsilon {\$}{\$} L
3136 |                    ≥ ( log q ) $\epsilon$ for any fixed
3137 |                    {\$}{\$}{\backslash}varepsilon >0{\$}{\$} $\epsilon$
3138 |                    > 0 and a sufficiently large {\$}{\$}q{\$}{\$} q . We
3139 |                    use this result to design and analyze a fast
3140 |                    algorithm to generate random elliptic curves with
3141 |                    {\$}{\$}{\backslash}{\#}E({\backslash}mathbb
3142 |                    {\{}F{\}}{\_}p){\$}{\$} {\#} E ( F p ) prime, where
3143 |                    {\$}{\$}p{\$}{\$} p varies uniformly over primes in a
3144 |                    given interval {\$}{\$}[x,2x]{\$}{\$} [ x , 2 x ] .},
3145 |   doi      = {10.1007/s10208-013-9181-9},
3146 | }
3147 | 
3148 | @Book{SL2,
3149 |   title     = {Arbres, amalgames, $SL_2$},
3150 |   publisher = {Société Mathématique de France},
3151 |   year      = {1977},
3152 |   author    = {Serre, Jean-Pierre},
3153 |   volume    = {46},
3154 |   series    = {Astérisque},
3155 |   address   = {Paris},
3156 | }
3157 | 
3158 | @TechReport{solinas01,
3159 |   author      = {Solinas, Jerome A.},
3160 |   title       = {Low-Weight Binary Representations for Pairs of Integers},
3161 |   institution = {National Security Agency, USA},
3162 |   year        = {2001},
3163 | }
3164 | 
3165 | @InProceedings{stern94-CLE,
3166 |   author    = {Stern, Jacques},
3167 |   title     = {Designing Identification Schemes with Keys of Short Size},
3168 |   booktitle = {Advances in Cryptology --- CRYPTO '94},
3169 |   year      = {1994},
3170 |   volume    = {839},
3171 |   series    = {Lecture Notes in Computer Science},
3172 |   pages     = {164--173},
3173 |   address   = {Berlin, Heidelberg},
3174 |   publisher = {Springer Berlin / Heidelberg},
3175 |   abstract  = {In the last few years, there have been several
3176 |                    attempts to build identification protocols that do
3177 |                    not rely on arithmetical operations with large
3178 |                    numbers but only use simple operations (see [ 10 , 8
3179 |                    ]). One was presented at the CRYPTO 89 rump session
3180 |                    ([ 8 ]) and depends on the so-called Permuted Kernel
3181 |                    problem (PKP). Another appeared in the CRYPTO 93
3182 |                    proceedings and is based on the syndrome decoding
3183 |                    problem (SD) form the theory of error correcting
3184 |                    codes ([ 11 ]). In this paper, we introduce a new
3185 |                    scheme of the same family with the distinctive
3186 |                    character that both the secret key and the public
3187 |                    identification key can be taken to be of short
3188 |                    length. By short, we basically mean the usual size of
3189 |                    conventional symmetric cryptosystems. As is known,
3190 |                    the possibility of using short keys has been a
3191 |                    challenge in public key cryptography and has
3192 |                    practical applications. Our scheme relies on a
3193 |                    combinatorial problem which we call Constrained
3194 |                    Linear Equations (CLE in short) and which consists of
3195 |                    solving a set of linear equations modulo some small
3196 |                    prime q , the unknowns being subject to belong to a
3197 |                    specific subset of the integers mod q . Thus, we
3198 |                    enlarge the set of tools that can be used in
3199 |                    cryptography.},
3200 |   chapter   = {18},
3201 |   doi       = {10.1007/3-540-48658-5\_18},
3202 |   isbn      = {978-3-540-58333-2},
3203 |   url       = {http://dx.doi.org/10.1007/3-540-48658-5\_18},
3204 | }
3205 | 
3206 | @InProceedings{stern94-SD,
3207 |   author    = {Stern, Jacques},
3208 |   title     = {A new identification scheme based on syndrome decoding},
3209 |   booktitle = {Advances in Cryptology --- CRYPTO' 93},
3210 |   year      = {1994},
3211 |   volume    = {773},
3212 |   series    = {Lecture Notes in Computer Science},
3213 |   pages     = {13--21},
3214 |   address   = {Berlin, Heidelberg},
3215 |   publisher = {Springer Berlin / Heidelberg},
3216 |   abstract  = {Zero-knowledge proofs were introduced in 1985, in a
3217 |                    paper by Goldwasser, Micali and Rackoff ([ 6 ]).
3218 |                    Their practical significance was soon demonstrated in
3219 |                    the work of Fiat and Shamir ([ 4 ]), who turned
3220 |                    zero-knowledge proofs of quadratic residuosity into
3221 |                    efficient means of establishing user identities.
3222 |                    Still, as is almost always the case in public-key
3223 |                    cryptography, the Fiat-Shamir scheme relied on
3224 |                    arithmetic operations on large numbers. In 1989,
3225 |                    there were two attempts to build identification
3226 |                    protocols that only use simple operations (see [ 11 ,
3227 |                    10 ]). One appeared in the EUROCRYPT proceedings and
3228 |                    relies on the intractability of some coding problems,
3229 |                    the other was presented at the CRYPTO rump session
3230 |                    and depends on the so-called Permuted Kernel problem
3231 |                    (PKP). Unfortunately, the first of the schemes was
3232 |                    not really practical. In the present paper, we
3233 |                    propose a new identification scheme, based on
3234 |                    error-correcting codes, which is zero-knowledge and
3235 |                    is of practical value. Furthermore, we describe
3236 |                    several variants, including one which has an identity
3237 |                    based character. The security of our scheme depends
3238 |                    on the hardness of decoding a word of given syndrome
3239 |                    w.r.t. some binary linear error-correcting code.},
3240 |   chapter   = {2},
3241 |   doi       = {10.1007/3-540-48329-2\_2},
3242 |   isbn      = {978-3-540-57766-9},
3243 |   url       = {http://dx.doi.org/10.1007/3-540-48329-2\_2},
3244 | }
3245 | 
3246 | @Article{sutherland10:modpol,
3247 |   author   = {Br{\"o}ker, Reinier and Lauter, Kristin and Sutherland, Andrew},
3248 |   title    = {Modular polynomials via isogeny volcanoes},
3249 |   journal  = {Mathematics of Computation},
3250 |   year     = {2012},
3251 |   volume   = {81},
3252 |   number   = {278},
3253 |   pages    = {1201--1231},
3254 |   abstract = {We present a new algorithm to compute the classical
3255 |                    modular polynomial Phi\_nin the rings {Z[X},Y] and
3256 |                    ({Z/mZ})[{X,Y}], for a prime n and any positive
3257 |                    integer {m.Our} approach uses the graph of
3258 |                    n-isogenies to efficiently compute Phi\_n mod pfor
3259 |                    many primes p of a suitable form, and then applies
3260 |                    the Chinese {RemainderTheorem} ({CRT}). Under the
3261 |                    Generalized Riemann Hypothesis ({GRH}), we achieve
3262 |                    anexpected running time of O(n^3 (log n)^3 log log
3263 |                    n), and compute Phi\_n mod musing O(n^2 (log n)^2 +
3264 |                    n^2 log m) space. We have used the new algorithm
3265 |                    tocompute Phi\_n with n over 5000, and Phi\_n mod m
3266 |                    with n over 20000. We alsoconsider several modular
3267 |                    functions g for which Phi\_n^g is smaller than
3268 |                    Phi\_n,allowing us to handle n over 60000.},
3269 |   doi      = {10.1090/S0025-5718-2011-02508-1},
3270 | }
3271 | 
3272 | @Article{Sutherland2012,
3273 |   author  = {Sutherland, Andrew V.},
3274 |   title   = {Accelerating the {CM} method},
3275 |   journal = {LMS Journal of Computational Mathematics},
3276 |   year    = {2012},
3277 |   volume  = {15},
3278 |   pages   = {172--204},
3279 |   issn    = {1461-1570},
3280 |   doi     = {10.1112/S1461157012001015},
3281 | }
3282 | 
3283 | @Article{sutherland2012constructing,
3284 |   author  = {Sutherland, Andrew V.},
3285 |   title   = {Constructing elliptic curves over finite fields with prescribed torsion},
3286 |   journal = {Mathematics of Computation},
3287 |   year    = {2012},
3288 |   volume  = {81},
3289 |   pages   = {1131--1147},
3290 | }
3291 | 
3292 | @Article{sutherland2013evaluation,
3293 |   author    = {Sutherland, Andrew},
3294 |   title     = {On the evaluation of modular polynomials},
3295 |   journal   = {The Open Book Series},
3296 |   year      = {2013},
3297 |   volume    = {1},
3298 |   number    = {1},
3299 |   pages     = {531--555},
3300 |   publisher = {Mathematical Sciences Publishers},
3301 | }
3302 | 
3303 | @InProceedings{sutherland2013isogeny,
3304 |   author    = {Sutherland, Andrew},
3305 |   title     = {Isogeny volcanoes},
3306 |   booktitle = {ANTS X: Proceedings of the Algorithmic Number Theory 10th International Symposium},
3307 |   year      = {2013},
3308 |   volume    = {1},
3309 |   pages     = {507--530},
3310 |   address   = {Berkeley},
3311 |   publisher = {Mathematical Sciences Publishers},
3312 |   journal   = {The Open Book Series},
3313 | }
3314 | 
3315 | @Misc{SutherlandDatabase,
3316 |   author = {Andrew V. Sutherland},
3317 |   title  = {Modular polynomials},
3318 |   year   = {2018},
3319 |   url    = {https://math.mit.edu/~drew/ClassicalModPolys.html},
3320 | }
3321 | 
3322 | @Electronic{tao2011expander,
3323 |   author = {Terence Tao},
3324 |   year   = {2011},
3325 |   title  = {Expansion in groups of {Lie} type -- Basic theory of expander graphs},
3326 |   url    = {https://terrytao.wordpress.com/2011/12/02/245b-notes-1-basic-theory-of-expander-graphs/},
3327 | }
3328 | 
3329 | @Article{Tate,
3330 |   author  = {Tate, John},
3331 |   title   = {Endomorphisms of abelian varieties over finite fields},
3332 |   journal = {Inventiones mathematicae},
3333 |   year    = {1966},
3334 |   volume  = {2},
3335 |   number  = {2},
3336 |   pages   = {134--144},
3337 |   month   = apr,
3338 |   issn    = {1432-1297},
3339 |   doi     = {10.1007/BF01404549},
3340 | }
3341 | 
3342 | @Article{teske-ph,
3343 |   author  = {Teske, Edlyn},
3344 |   title   = {The {P}ohlig-{H}ellman Method Generalized for Group Structure Computation},
3345 |   journal = {Journal of Symbolic Computation},
3346 |   year    = {1999},
3347 |   volume  = {27},
3348 |   number  = {6},
3349 |   pages   = {521--534},
3350 |   issn    = {0747-7171},
3351 |   doi     = {10.1006/jsco.1999.0279},
3352 | }
3353 | 
3354 | @InProceedings{tillich2008collisions,
3355 |   author       = {Tillich, Jean-Pierre and Z{\'e}mor, Gilles},
3356 |   title        = {Collisions for the {LPS} expander graph hash function},
3357 |   booktitle    = {Annual International Conference on the Theory and Applications of Cryptographic Techniques},
3358 |   year         = {2008},
3359 |   pages        = {254--269},
3360 |   organization = {Springer},
3361 | }
3362 | 
3363 | @InProceedings{twisted-edwards,
3364 |   author    = {Bernstein, Daniel and Birkner, Peter and Joye, Marc and Lange, Tanja and Peters, Christiane},
3365 |   title     = {{Twisted Edwards Curves}},
3366 |   booktitle = {Progress in Cryptology --- AFRICACRYPT 2008},
3367 |   year      = {2008},
3368 |   pages     = {389--405},
3369 |   abstract  = {{This paper introduces ” twisted Edwards curves,”
3370 |                    a generalization of the recently introduced Edwards
3371 |                    curves; shows that twisted Edwards curves include
3372 |                    more curves over finite fields, and in particular
3373 |                    every elliptic curve in Montgomery form; shows how to
3374 |                    cover even more curves via isogenies; presents fast
3375 |                    explicit formulas for twisted Edwards curves in
3376 |                    projective and inverted coordinates; and shows that
3377 |                    twisted Edwards curves save time for many curves that
3378 |                    were already expressible as Edwards curves.}},
3379 |   doi       = {10.1007/978-3-540-68164-9_26},
3380 | }
3381 | 
3382 | @InProceedings{vanderHoeven:2004:TFT:1005285.1005327,
3383 |   author    = {van der Hoeven, Joris},
3384 |   title     = {The Truncated {F}ourier Transform and Applications},
3385 |   booktitle = {Proceedings of the 2004 International Symposium on Symbolic and Algebraic Computation},
3386 |   year      = {2004},
3387 |   series    = {ISSAC '04},
3388 |   pages     = {290--296},
3389 |   address   = {New York, NY, USA},
3390 |   publisher = {ACM},
3391 |   doi       = {10.1145/1005285.1005327},
3392 |   isbn      = {1-58113-827-X},
3393 | }
3394 | 
3395 | @Electronic{Voight2018,
3396 |   author = {Voight, John},
3397 |   year   = {2018},
3398 |   title  = {Quaternion Algebras},
3399 |   url    = {https://math.dartmouth.edu/~jvoight/quat-book.pdf},
3400 | }
3401 | 
3402 | @InProceedings{vzgathen+shoup92,
3403 |   author    = {Joachim von zur Gathen and Shoup, Victor},
3404 |   title     = {Computing {F}robenius maps and factoring polynomials},
3405 |   booktitle = {STOC '92: Proceedings of the twenty-fourth annual ACM symposium on Theory of computing},
3406 |   year      = {1992},
3407 |   pages     = {97--105},
3408 |   address   = {New York, NY, USA},
3409 |   publisher = {ACM},
3410 |   abstract  = {A new probabilistic algorithm for factoring
3411 |                    univariate polynomials over finite fields is
3412 |                    presented whose asymptotic running time improves upon
3413 |                    previous results. To factor a polynomial of degree n
3414 |                    over F q , the algorithm uses O (( n 2 + n log q
3415 |                    )•(log n ) 2 log log n ) arithmetic operations in F
3416 |                    q . The main technical innovation is a new way to
3417 |                    compute Frobenius and trace maps in the ring of
3418 |                    polynomials modulo the polynomial to be factored.},
3419 |   doi       = {10.1145/129712.129722},
3420 |   isbn      = {0-89791-511-9},
3421 | }
3422 | 
3423 | @Article{vzgathen+shoup92:journal,
3424 |   author   = {von zur Gathen, Joachim and Shoup, Victor},
3425 |   title    = {Computing {F}robenius Maps and Factoring Polynomials},
3426 |   journal  = {Computational Complexity},
3427 |   year     = {1992},
3428 |   volume   = {2},
3429 |   pages    = {187--224},
3430 |   abstract = {A new probabilistic algorithm for factoring
3431 |                    univariate polynomials over finite fields is
3432 |                    presented. To factor a polynomial of degree n over F
3433 |                    q , the number of arithmetic operations in F q is
3434 |                    O((n 2 +n log q) \Delta (log n) 2 loglog n). The main
3435 |                    technical innovation is a new way to compute
3436 |                    Frobenius and trace maps in the ring of polynomials
3437 |                    modulo the polynomial to be factored. Subject
3438 |                    classifications. {68Q40}; {11Y16}, {12Y05}. 1.
3439 |                    Introduction We consider the problem of factoring a
3440 |                    univariate polynomial over a finite field. This
3441 |                    problem plays a central role in computational
3442 |                    algebra. Indeed, many of the efficient algorithms for
3443 |                    factoring univariate and multivariate polynomials
3444 |                    over finite fields, the field of rational numbers,
3445 |                    and finite extensions of the rationals solve as a
3446 |                    subproblem the problem of factoring univariate
3447 |                    polynomials over finite fields (Kaltofen 1990). This
3448 |                    problem also has important applications in number
3449 |                    theory (Buchmann 1990), coding theory (Berlekamp
3450 |                    1968), and ...},
3451 | }
3452 | 
3453 | @Book{vzGG,
3454 |   title     = {Modern Computer Algebra},
3455 |   publisher = {Cambridge University Press},
3456 |   year      = {1999},
3457 |   author    = {von zur Gathen, Joachim and Gerhard, Jurgen},
3458 |   address   = {New York, NY, USA},
3459 |   isbn      = {0-521-64176-4},
3460 | }
3461 | 
3462 | @InProceedings{Williams12,
3463 |   author    = {Vassilevska Williams, Virginia},
3464 |   title     = {Multiplying matrices faster than {C}oppersmith-{W}inograd},
3465 |   booktitle = {STOC'12},
3466 |   year      = {2012},
3467 |   pages     = {887--898},
3468 |   publisher = {ACM},
3469 | }
3470 | 
3471 | @Article{williams1982,
3472 |   author  = {Williams, Hugh C.},
3473 |   title   = {A $p+1$ method of factoring},
3474 |   journal = {Mathematics of Computation},
3475 |   year    = {1982},
3476 |   volume  = {39},
3477 |   number  = {159},
3478 |   pages   = {225--234},
3479 | }
3480 | 
3481 | @InProceedings{zhang,
3482 |   author    = {Zhang, Shengyu},
3483 |   title     = {{Promised and Distributed Quantum Search Computing and Combinatorics}},
3484 |   booktitle = {Proceedings of the Eleventh Annual International Conference on Computing and Combinatorics},
3485 |   year      = {2005},
3486 |   volume    = {3595},
3487 |   series    = {Lecture Notes in Computer Science},
3488 |   pages     = {430--439},
3489 |   address   = {Berlin, Heidelberg},
3490 |   publisher = {Springer Berlin / Heidelberg},
3491 |   abstract  = {{This paper gives a quantum algorithm to search in an
3492 |                    set S for a k -tuple satisfying some predefined
3493 |                    relation, with the promise that some components of a
3494 |                    desired k -tuple are in some subsets of S . In
3495 |                    particular when k =2, we show a tight bound of the
3496 |                    quantum query complexity for the Claw Finding
3497 |                    problem, improving previous upper and lower bounds by
3498 |                    Buhrman, Durr, Heiligman, Hoyer, Magniez, Santha and
3499 |                    de Wolf [7]. We also consider the distributed
3500 |                    scenario, where two parties each holds an n -element
3501 |                    set, and they want to decide whether the two sets
3502 |                    share a common element. We show a family of protocols
3503 |                    s . t . q ( P ) 3/2 . c ( P )= O ( n 2 log n ), where
3504 |                    q ( P ) and c ( P ) are the number of quantum queries
3505 |                    and the number of communication qubits that the
3506 |                    protocol P makes, respectively. This implies that we
3507 |                    can pay more for quantum queries to save on quantum
3508 |                    communication, and vice versa. To our knowledge, it
3509 |                    is the first result about the tradeoff between the
3510 |                    two resources.}},
3511 |   chapter   = {44},
3512 |   doi       = {10.1007/11533719_44},
3513 |   isbn      = {978-3-540-28061-3},
3514 | }
3515 | 
3516 | @Article{gaudry+hess+smart02,
3517 |   author               = {Gaudry, Pierrick and Hess, Florian and Smart, Niegel},
3518 |   title                = {Constructive and destructive facets of {W}eil descent on elliptic curves},
3519 |   journal              = {Journal of Cryptology},
3520 |   year                 = {2002},
3521 |   volume               = {15},
3522 |   number               = {1},
3523 |   pages                = {19-46-46},
3524 |   month                = mar,
3525 |   issn                 = {0933-2790},
3526 |   abstract             = {In this paper we look in detail at the curves which arise in the method of Galbraith and Smart for producing curves in the Weil restriction of an elliptic curve over a finite field of characteristic 2 of composite degree. We explain how this method can be used to construct hyperelliptic cryptosystems which could be as secure as cryptosystems based on the original elliptic curve. On the other hand, we show that the same technique may provide a way of attacking the original elliptic curve cryptosystem using recent advances in the study of the discrete logarithm problem on hyperelliptic curves.  We examine the resulting higher genus curves in some detail and propose an additional check on elliptic curve systems defined over fields of characteristic 2 so as to make them immune from the methods in this paper.},
3527 |   citeulike-article-id = {7751788},
3528 |   citeulike-linkout-0  = {http://dx.doi.org/10.1007/s00145-001-0011-x},
3529 |   citeulike-linkout-1  = {http://www.springerlink.com/content/hx8b621p8p4417qv},
3530 |   day                  = {1},
3531 |   doi                  = {10.1007/s00145-001-0011-x},
3532 |   keywords             = {cryptography, ghs, hyperelliptic\_curves, weil\_descent},
3533 |   posted-at            = {2010-09-01 15:45:05},
3534 |   publisher            = {Springer New York},
3535 |   url                  = {http://dx.doi.org/10.1007/s00145-001-0011-x},
3536 | }
3537 | 
3538 | @Book{joux2009algorithmic,
3539 |   title     = {Algorithmic cryptanalysis},
3540 |   publisher = {CRC Press},
3541 |   year      = {2009},
3542 |   author    = {Joux, Antoine},
3543 | }
3544 | 
3545 | @Article{koblitz87,
3546 |   author               = {Koblitz, Neal},
3547 |   title                = {Elliptic Curve Cryptosystems},
3548 |   journal              = {Mathematics of Computation},
3549 |   year                 = {1987},
3550 |   volume               = {48},
3551 |   number               = {177},
3552 |   pages                = {203-209},
3553 |   citeulike-article-id = {2405523},
3554 |   citeulike-linkout-0  = {http://www.jstor.org/stable/2007884},
3555 |   keywords             = {cryptography},
3556 |   posted-at            = {2010-07-13 18:02:46},
3557 |   url                  = {http://www.jstor.org/stable/2007884},
3558 | }
3559 | 
3560 | @PhdThesis{lercier-algorithmique,
3561 |   author               = {Lercier, Reynald},
3562 |   title                = {Algorithmique des courbes elliptiques dans les corps finis},
3563 |   school               = {LIX - CNRS},
3564 |   year                 = {1997},
3565 |   month                = jun,
3566 |   citeulike-article-id = {7300668},
3567 |   groups               = {Isogenies},
3568 |   keywords             = {lercier},
3569 |   posted-at            = {2010-06-14 18:24:56},
3570 | }
3571 | 
3572 | @Electronic{sutherland10,
3573 |   author               = {Sutherland, Andrew V.},
3574 |   year                 = {2010},
3575 |   title                = {Genus 1 point counting over prime fields},
3576 |   howpublished         = {Last accessed July 16, 2010. \url{http://www-math.mit.edu/\~drew/SEArecords.html}},
3577 |   url                  = {#},
3578 |   citeulike-article-id = {7499834},
3579 |   citeulike-linkout-0  = {#},
3580 |   groups               = {Isogenies},
3581 |   keywords             = {cryptography, elliptic\_curve, schoof},
3582 |   posted-at            = {2010-07-16 13:25:40},
3583 | }
3584 | 
3585 | @article{10.1016/j.dam.2007.12.010,
3586 | author = {Galbraith, Steven D. and Paterson, Kenneth G. and Smart, Nigel P.},
3587 | title = {Pairings for Cryptographers},
3588 | year = {2008},
3589 | issue_date = {September, 2008},
3590 | publisher = {Elsevier Science Publishers B. V.},
3591 | address = {NLD},
3592 | volume = {156},
3593 | number = {16},
3594 | issn = {0166-218X},
3595 | doi = {10.1016/j.dam.2007.12.010},
3596 | abstract = {Many research papers in pairing-based cryptography treat pairings as a ''black box''. These papers build cryptographic schemes making use of various properties of pairings. If this approach is taken, then it is easy for authors to make invalid assumptions concerning the properties of pairings. The cryptographic schemes developed may not be realizable in practice, or may not be as efficient as the authors assume. The aim of this paper is to outline, in as simple a fashion as possible, the basic choices that are available when using pairings in cryptography. For each choice, the main properties and efficiency issues are summarized. The paper is intended to be of use to non-specialists who are interested in using pairings to design cryptographic schemes.},
3597 | journal = {Discrete Applied Mathematics},
3598 | month = {sep},
3599 | pages = {3113–3121},
3600 | numpages = {9},
3601 | keywords = {Pairings, Cryptography}
3602 | }
3603 | 
3604 | @electronic{trevisan-graphs,
3605 |   author = {Luca Trevisan},
3606 |   title = {Lecture Notes on Graph Partitioning, Expanders and Spectral Methods},
3607 |   url = {https://lucatrevisan.github.io/books/expanders-2016.pdf},
3608 |   year = {2017},
3609 | }
3610 | 
3611 | @electronic{sutherland-notes,
3612 |   author = {Andrew Sutherland},
3613 |   title = {Lecture Notes on Elliptic Curves},
3614 |   url = {https://math.mit.edu/classes/18.783/2017/lectures.html},
3615 |   year = {2017},
3616 | }
3617 | 
3618 | @article{waterhouse69,
3619 |     author = {Waterhouse, William C.},
3620 |     journal = {Annales Scientifiques de l'\'{E}cole Normale Sup\'{e}rieure},
3621 |     number = {4},
3622 |     pages = {521--560},
3623 |     title = {Abelian varieties over finite fields},
3624 |     volume = {2},
3625 |     year = {1969}
3626 | }
3627 | 
3628 | @article{mordell61,
3629 |   title =	 {Mathematical Notes: The congruence $(p-1/2)! \equiv \pm 1 \mod p$},
3630 |   volume =	 {68},
3631 |   ISSN =	 {1930-0972},
3632 |   DOI =		 {10.1080/00029890.1961.11989636},
3633 |   number =	 {2},
3634 |   journal =	 {The American Mathematical Monthly},
3635 |   publisher =	 {Informa UK Limited},
3636 |   author =	 {Mordell, Louis J.},
3637 |   year =	 {1961},
3638 |   month =	 {Feb},
3639 |   pages =	 {131--149}
3640 | }
3641 | 
3642 | @article{pizer1980,
3643 |   title =	 {An algorithm for computing modular forms on $\Gamma_0(N)$},
3644 |   volume =	 {64},
3645 |   ISSN =	 {0021-8693},
3646 |   DOI =		 {10.1016/0021-8693(80)90151-9},
3647 |   number =	 {2},
3648 |   journal =	 {Journal of Algebra},
3649 |   publisher =	 {Elsevier BV},
3650 |   author =	 {Pizer, Arnold},
3651 |   year =	 {1980},
3652 |   month =	 {Jun},
3653 |   pages =	 {340--390}
3654 | }
3655 | 
3656 | @article{isogpoksurvey,
3657 |   title =	 {Proving knowledge of isogenies: a survey},
3658 |   volume =	 {91},
3659 |   ISSN =	 {1573-7586},
3660 |   DOI =		 {10.1007/s10623-023-01243-3},
3661 |   number =	 {11},
3662 |   journal =	 {Designs, Codes and Cryptography},
3663 |   publisher =	 {Springer Science and Business Media LLC},
3664 |   author =	 {Beullens, Ward and De Feo, Luca and Galbraith,
3665 |                   Steven D. and Petit, Christophe},
3666 |   year =	 {2023},
3667 |   month =	 {Jun},
3668 |   pages =	 {3425--3456}
3669 | }
3670 | 
3671 | @article{onuki2021,
3672 |   title =	 {On oriented supersingular elliptic curves},
3673 |   volume =	 {69},
3674 |   ISSN =	 {1071-5797},
3675 |   DOI =		 {10.1016/j.ffa.2020.101777},
3676 |   journal =	 {Finite Fields and Their Applications},
3677 |   publisher =	 {Elsevier BV},
3678 |   author =	 {Onuki, Hiroshi},
3679 |   year =	 {2021},
3680 |   month =	 {Jan},
3681 |   pages =	 {101777}
3682 | }
3683 | 


--------------------------------------------------------------------------------