Faster Kohel isogenies without bivariate polynomials

[remyoudompheng]

📚 Description

This patch accelerates computation of Kohel formulas by replacing internal bivariate polynomials k[x,y] by a tower of polynomial rings k[x][y].

Because the y-coordinate of isogenies are always defined by a polynomial of y-degree 1, this is equivalent to working with a pair of univariate polynomials, which often have efficient representations especially over finite fields.

The public API still exposes bivariate rational functions and is not modified.

The resulting representation is several times faster.

📝 Checklist

• The title is concise, informative, and self-explanatory.
• The description explains in detail what this PR is about.
• I have linked a relevant issue or discussion.
• I have created tests covering the changes.
• I have updated the documentation accordingly.

⌛ Dependencies

This change is self-contained but is meant to be combined with 2 other changes:

• (to be published) faster __call__ for NTL ZZ_pX polynomials
• Lighter construction of finite field elements from lists #35358 : provides additional performance (independent patch)

[remyoudompheng]

Benchmarks (to be continued, including the effect of PR #35358 for both "before" and "after")
Results seem to indicate that the Singular interface has issues with very large inputs.

Small characteristic, very large degree

Univariate polynomials use FLINT.

p = next_prime(2*10**8)
E = EllipticCurve(GF(p), [2, 3])
Tpol = kernel polynomial generated by the order 366341 subgroup of E(GF(p^2))
phi = Isogeny of degree 366341 from Elliptic Curve defined by y^2 = x^3 + 2*x + 3 over Finite Field of size 200000033
      to Elliptic Curve defined by y^2 = x^3 + 38806919*x + 97796536 over Finite Field of size 200000033

Before:
sage: %time E.isogeny(Tpol.list(), check=False)
CPU times: user 5.18 s, sys: 172 ms, total: 5.35 s
sage: %timeit phi(point)
<never finishes, trying to create a Singular object>

After:
sage: %time E.isogeny(Tpol.list(), check=False)
CPU times: user 2.58 s, sys: 44 ms, total: 2.62 s
sage: %timeit phi(P)
8.06 ms ± 2.07 µs per loop

Small characteristic, large degree

p = next_prime(3*10**8)
E = EllipticCurve(GF(p), [2, 3])
Tpol = kernel polynomial for the order 15259 subgroup of E(GF(p^2))

Before:
sage: %timeit E.isogeny(Tpol.list(), check=False)
146 ms ± 827 µs per loop (mean ± std. dev. of 7 runs, 10 loops each)
sage: %timeit phi(P)
3.54 s ± 7.07 ms per loop (mean ± std. dev. of 7 runs, 1 loop each)

After:
sage: %timeit E.isogeny(Tpol.list(), check=False)
59.7 ms ± 108 µs per loop
sage: %timeit phi(P)
381 µs ± 130 ns per loop (mean ± std. dev. of 7 runs, 1,000 loops each)

For larger characteristics (128-bit primes), over prime fields GF(p), including the NTL polynomial interface change, the speedup in isogeny evaluation is about 8x.

[yyyyx4]

Looks good, but the branch needs a rebase onto the latest beta.

[github-actions]

Documentation preview for this PR is ready! 🎉
Built with commit: f6802e1

[yyyyx4]

Thank you!