学术文献库

It is well known that there is a one-to-one correspondence between supersingular $j$-invariants up to the action of $\text{Gal}(\mathbb{F}_{p^2}/\mathbb{F}_p)$ and type classes of maximal orders in $B_{p,\infty}$ by Deuring's theorem. Interestingly, we establish a one-to-one correspondence between $\mathbb{F}_p$-isomorphism classes of supersingular elliptic curves and primitive reduced binary quadratic forms with discriminant $-p$ or $-16p$. Due to this correspondence and the fact that $\mathbb{F}_p$-isogenies between elliptic curves could be represented by quadratic forms, we show that operations of these isogenies on supersingular elliptic curves over $\mathbb{F}_p$ are compatible with the composition of quadratic forms. Based on these results, we could reduce the security of CSIDH cryptosystem to computing this correspondence explicitly.