Let $E\!: y^2 = x^3 + ax + b$ be an elliptic curve over a finite field $\mathbb{F}_{\!q}$ of prime characteristic $p$ (mostly, $q = p$ in practice). It is well known that in the $\mathbb{F}_{\!q}$-point group $E(\mathbb{F}_{\!q})$ there is so-called point halving $[2]^{-1}$, the operation inverse to doubling $[2]\!: E(\mathbb{F}_{\!q}) \to E(\mathbb{F}_{\!q})$. Recall that for $P \in E(\mathbb{F}_{\!q})$, the inverse image $[2]^{-1}(P)$ may have from $0$ to $4$ points in $E(\mathbb{F}_{\!q})$ depending on $P$ and on the structure of the $2$-torsion subgroup $E(\mathbb{F}_{\!q})[2]$. Assume that I know how to accelerate finding $[2]^{-1}(P)$ in such a way that this is still much slower than doubling, but my method is faster than the state-of-the-art ones for point halving. Are there real-world applications of point halving to motivate my research? Or is it a waste of time and is it better to focus on other scientific tasks?
