Computing supersingular endomorphism rings using inseparable endomorphisms

We give an algorithm for computing an inseparable endomorphism of a supersingular elliptic curve E defined over Fp2, which, conditional on GRH, runs in expected O(p1/2(log p)2(log log p)3) bit operations and requires O((logp)2) storage. This matches the time and storage complexity of the best conditional algorithms for computing a nontrivial supersingular endomorphism, such as those of Eisentr & auml;ger-Hallgren-Leonardi-Morrison-Park and Delfs- Galbraith. Unlike these prior algorithms, which require two paths from E to a curve defined over Fp, the algorithm we introduce only requires one; thus when combined with the algorithm of Corte-Real Santos-Costello-Shi, our algorithm will be faster in practice. Moreover, our algorithm produces endomorphisms with predictable discriminants, enabling us to prove properties about the orders they generate. With two calls to our algorithm, we can provably compute a Bass sub order of End(E). This result is then used in an algorithm for computing a basis for End(E) with the same time complexity, assuming GRH. We also argue that End(E) can be computed using O(1) calls to our algorithm along with polynomial overhead, conditional on a heuristic assumption about the distribution of the discriminants of these endomorphisms. Conditional on GRH and this additional heuristic, this yields a O(p1/2(logp)2(log log p)3) algorithm for computing End(E) requiring O((logp)2) storage. (c) 2025 Elsevier Inc. All rights are reserved, including those for text and data mining, AI training, and similar technologies.