Fast computation of canonical lifts of elliptic curves and its application to point counting

Let p be a fixed small prime. We give an algorithm with preprocessing to compute the j-invariant of the canonical lift of a given ordinary elliptic curve E/Fq (q=pN, j(E) Fp2) modulo pN/2+O(1) in O(N2μ+1/μ+1) bit operations (assuming the time complexity of multiplying two n-bit objects is O(nμ)) using O(N2) memory, not including preprocessing. This is faster than the algorithm of Vercauteren et al. [14] by a factor of Nμ/μ+1. Let K be the unramified extension field of degree N over Qp. We also develop an algorithm to compute NK/Qp(x) mod pN/2+O(1) with O(N2μ+0.5) bit operations and O(N2) memory when x K satisfies certain conditions, which are always satisfied when applied to our point counting algorithm. As a result, we get an O(N2μ+0.5) time, O(N2) memory algorithm for counting the Fq-rational points on E/Fq, which turns out to be very fast in practice for cryptographic size elliptic curves.