Enhanced Algorithms for the Representation of integers by Binary Quadratic forms: Reduction to Subset Sum
Maher Mamah
TL;DR
The paper tackles representing an integer $m$ by a definite binary quadratic form $f$ (i.e., solving $f(x,y)=m$) given the factorization of $m$. It reduces this problem to an instance of the subset-sum problem in the corresponding ideal class group, enabling deterministic algorithms and a meet-in-the-middle variant. It introduces Alg1 with deterministic time $O(D^{1/2+\varepsilon}\omega(m)+\log^2 m)$ and Alg2 with a quadratic speedup, achieving $O\left(2^{\omega(m)/2}(\omega(m)\log D+\log m)+\log^2 m\right)$ time and $O(2^{\omega(m)/2})$ space (with a $O(2^{\omega(m)/4})$ space variant). Notably, the method yields polynomial-time solvability when $|\mathrm{disc}(f)|=\mathrm{polylog}(m)$ and has applications to norm form equations in elliptic curves and isogeny-based cryptography, where efficient representations by forms are central.
Abstract
In this paper, we present efficient algorithms for solving the Diophantine equation $f(x, y) = m$ for an arbitrary definite binary quadratic form $f$, given the factorization of $m$. While Cornacchia's algorithm to solve $x^2 + dy^2 = m$ is efficient in many cases, its runtime becomes exponentially large when $m$ is highly composite and encounters subtleties when generalized to arbitrary forms $f$. To address these issues, we give a reduction from our problem to an instance of the Subset sum, a weakly NP complete problem, allowing for more efficient solutions. Leveraging this approach, we develop deterministic algorithms that adapt to different cases based on $\mathrm{disc}(f)$ and $ m $. In particular, when $|\mathrm{disc}(f)| = \mathrm{polylog}(m) $, we provide a polynomial time solution that remains efficient regardless of the structure of $ m $. For more general cases, we present an algorithm that improves upon Cornacchia's method, achieving a quadratic speedup. Recently, the problem of representing integers by a form $ f $ found important applications in elliptic curves and isogeny based cryptography, where these algorithms are central to solving norm form equations.