The Spine of a Supersingular $\ell$-Isogeny graph

TL;DR

This work investigates the spine of the supersingular $\ell$-isogeny graph, i.e., the subgraph of $\mathcal{G}_\ell(\overline{\mathbb{F}}_p)$ induced by $\mathbb{F}_p$-defined vertices, to understand deviations from random-graph behavior in cryptographic contexts. It delivers explicit congruence-based descriptions of the spine for $\ell=2$ and $\ell=3$, analyzes the spine's diameter, and provides extensive numerical experiments on the center of $\mathcal{G}_\ell(\overline{\mathbb{F}}_p)$ that suggest center sizes behave like those of random $(\ell+1)$-regular graphs. The methodology combines arithmetic geometry (Hilbert class polynomials, modular polynomials) with graph-theoretic concepts (folding, stacking, edge attachments) and leverages computational data to illuminate structural patterns. The results offer practical insights for evaluating assumptions about randomness in isogeny-based cryptography and supply data and code to enable replication and extension to larger primes and higher-degree isogenies.

Abstract

Supersingular elliptic curve $\ell$-isogeny graphs over finite fields offer a setting for a number of quantum-resistant cryptographic protocols. The security analysis of these schemes typically assumes that these graphs behave randomly. Motivated by this debatable assertion, we explore structural properties of these graphs. We detail the behavior, governed by congruence conditions on $p$, of the $\ell$-isogeny graph over $\mathbb{F}_p$ when passing to the spine, i.e. the subgraph induced by the $\mathbb{F}_p$-vertices in the full $\ell$-isogeny graph. We describe the diameter of the spine and offer numerical data on the number of vertices, over both $\mathbb{F}_p$ and $\overline{\mathbb{F}_p}$, in the center of the $\ell$-isogeny graph. Our plots of these counts exhibit a wave-shaped pattern which supports the assertion that centers of supersingular $\ell$-isogeny graphs exhibit the same behavior as those of random $(\ell+1)$-regular graphs.

Figures (5)

• Figure 4.1: (A): The graph $\mathcal{G}_2(\mathbb{F}_{71})$, with vertices labeled by the triple of invariants $(j,c_4,c_6)$. (B): The spine graph $\mathcal{S}_2^{71}$, with vertices labeled by $j$-invariant. Images created in sage.
• Figure 4.2: (A): One (of five) connected components of $\mathcal{G}_2(\mathbb{F}_{1319})$, with vertices labeled by the triple of invariants $(j,c_4,c_6)$. (B): The spine graph $\mathcal{S}_2^{1310}$, with vertices labeled by $j$-invariant. Images created in sage.
• Figure 6.1: Mean spine component diameters in $\mathcal{G}_2({\overline{\mathbb{F}}_{p}})$, for 250 primes $p \equiv 7\pmod{8}$ with $23 \le p \le 7879$.
• Figure 6.2: Size of the center of $\mathcal{G}_2({\overline{\mathbb{F}}_{p}})$ (in blue) and discrete Gauss sampling with $\mu = 1.8\log(p)$, $\sigma = 0.38$, (in green). The red segments represent the estimate $\epsilon/12$ for a vertex of $\mathcal{G}({\overline{\mathbb{F}}_{p}})$ to belong to the center, and the line $y = p/12$ (in black) approximates the total number of vertices in $\mathcal{G}_2({\overline{\mathbb{F}}_{p}})$.
• Figure 6.3: Number of ${\mathbb{F}_p}$-vertices in the center, sorted by congruence class of $p$. On the left, blue and red represent $p\equiv 1 \pmod{3}$ and $p \equiv 2 \pmod{3}$, respectively. On the right, blue and red correspond to $p \equiv 1 \pmod{4}$ and $p \equiv 3 \pmod{4}$, respectively.

Theorems & Definitions (55)

• Proposition 2.1: Class number, $p \equiv 3 \pmod{4}$
• proof
• Definition 2.2: Supersingular elliptic curve isogeny graphs
• Theorem 2.3
• Proposition 2.4: Loops in $\mathcal{G}_\ell(\mathbb{F}_p)$
• proof
• Corollary 2.5: Loops in $\mathcal{G}_\ell(\mathbb{F}_p)$ for $\ell = 2, 3$
• Proposition 2.6: Multi-edges in $\mathcal{G}_\ell(\mathbb{F}_p)$
• proof
• Corollary 2.7: Multi-edges in $\mathcal{G}_\ell(\mathbb{F}_p)$ for $\ell = 2, 3$