Igusa class polynomials

Transcription

1 Number Theory Seminar Cambridge 26 April 2011

2 Elliptic curves An elliptic curve E/k (char(k) 2) is a smooth projective curve y 2 = x 3 + ax 2 + bx + c. Q P P Q E is a commutative algebraic group

3 Endomorphisms End(E) = (ring of algebraic group morphisms E E) (φ + ψ)(p) = φ(p) + ψ(p) (φψ)(p) = φ(ψ(p)) Examples: Z End(E) with n : P P + + P. For most E s in characteristic 0, have End(E) = Z. If E : y 2 = x 3 + x and i 2 = 1 in k, then we have i : (x, y) ( x, iy), and Z[i] End(E). If #k = q, we have Frob : (x, y) (x q, y q ).

4 The j-invariant is The Hilbert class polynomial j(e) = b b c 2 for E : y 2 = x 3 + bx + c. j(e) = j(f ) E = k F Definition Let K be an imaginary quadratic number field. Its Hilbert class polynomial is H K = E/C End(E) =O K ( X j(e) ) Z[X ]. Application 1: roots generate the Hilbert class field of K over K. Application 2: make elliptic curves with prescribed order over F p.

5 Curves with prescribed order If p = ππ in O K, then (H K mod p) splits into linear factors. Let j 0 F p be a root and let E 0 /F p have j(e 0 ) = j 0. Then a twist E of E 0 has Frob = π. Reason: E 0 is the reduction of some Ẽ with End(Ẽ) = O K CM theory = Frob O K and N(Frob) = p. We get #E(F p ) = N(π 1) = p + 1 tr(π).

6 Computing Hilbert class polynomials (1) Any E is complex analytically C/Λ for a lattice Λ Endomorphisms induce C-linear maps α : C C with α(λ) Λ If End(E) = O K, then Λ = ca for an ideal a O K and c C. We get Cl K {E/C : End(E) = O K } = [a] C/a.

7 Computing Hilbert class polynomials (2) Write a = τz + Z and let q = exp(2πiτ). Let θ 0 = n=1 q 1 2 n2 and θ 1 = n=1 ( 1)n q 1 2 n2. Then j(z) = 256 (θ8 0 θ4 0 θ4 1 + θ8 1 )3 θ0 8θ8 1 (θ4 0 θ4 1 )2 Compute H K = Other algorithms: [a] CL K (X j(c/a)) Z[X ]. p-adic, [Couveignes-Henocq 2002, Bröker 2006] Chinese remainder theorem. [Chao-Nakamura-Sobataka-Tsujii 1998, Agashe-Lauter-Venkatesan 2004]

8 Performance The Hilbert class polynomial is huge: the degree h K grows like D 1 2, as do the logarithms of the coefficients. Small example: for K = Q( 17), get H K = x x x x Under GRH or heuristics, all three quasi-linear O( D 1+ɛ ). CRT (the underdog) is now the record holder: constructed a large finite field elliptic curve with D > 10 15, h K > [Belding-Bröker-Enge-Lauter 2008, Sutherland 2009]

9 Curves of genus 2 Definition A curve of genus 2 is a smooth geometrically irreducible curve of which the genus is 2. Definition (char. 2) A curve of genus 2 is a smooth projective curve that has an affine model y 2 = f (x), deg(f ) {5, 6}, where f has no double roots.

10 The group law on the Jacobian The Jacobian: group of equivalence classes of pairs of points. More precisely, divisor class group Pic 0 (C) {P 1, P 2 } [P 1 + P 2 D ] P1 P2 Q2 Q1 {P 1, P 2 } + {Q 1, Q 2 } =?

11 The group law on the Jacobian The Jacobian: group of equivalence classes of pairs of points. More precisely, divisor class group Pic 0 (C) {P 1, P 2 } [P 1 + P 2 D ] R2 P1 P2 Q2 Q1 S1 R1 S2 {P 1, P 2 } + {Q 1, Q 2 } = {S 1, S 2 }

12 Elliptic curves E have CM if End(E) is an order in an imaginary quadratic field K = Q( r) with r Q negative. Curves C of genus 2 have CM if End(J(C)) is an order in a CM field K of degree 4, i.e. K = K 0 ( r) with K 0 real quadratic and r K 0 totally negative. Assume K contains no imaginary quadratic field. Igusa s invariants i 1, i 2, i 3 are the genus-2 analogue of j The of a quartic CM field K are a set of polynomials of which the roots are the Igusa invariants of curves C of genus 2 with CM by O K.

13 Applications Roots generate class fields. not of K, but of its reflex field (no problem) not the full Hilbert class field (but we know which field) useful? efficient? (work in progress!) If p = ππ in O K, construct curve C with #J(C)(F p ) = N(π 1) and #C(F p ) = p + 1 tr(π).

14 Algorithms 1. Complex analytic [Spallek 1994, Van Wamelen 1999] 2. p-adic [Gaudry-Houtmann-Kohel-Ritzenthaler-Weng 2002, Carls-Kohel-Lubicz 2008] 3. Chinese remainder theorem [Eisenträger-Lauter 2005] None of these had running time bounds: denominators not known how to bound i n (C). algorithms not explicit enough no rounding error analysis for alg. 1 (not even for genus 1!!)

15 Denominators CM elliptic curves have potential good reduction, hence j(e) Z, hence Hilbert class polynomials are in Z[X ] CM abelian varieties (such as J(C)) also have potential good reduction, but may have (J(C) mod p) = E 1 E 2 and (C mod p) = E 1 E 2. In that case, ι : O K End(E 1 E 2 ) and E 1 and E 2 are isogenous supersingular elliptic curves. Can bound denominators by studying the embedding problem [Goren-Lauter 2007], [Goren-Lauter 2011]

16 Step 1: Enumerating =-classes K R = R alg. C 2 For Φ an isomorphism and a O K, get a lattice Λ = Φ(a) C 2 and End(C 2 /Λ) = O K. Also need a polarization E : C 2 C 2 R, given by E(Φ(x), Φ(y)) = Tr K/Q (ξxy) with ξ K, ξaad K/Q = O K, and Φ(ξ) ir 2 >0. Then {(Φ, a, ξ)} {C/C : End(J(C)) = O K }. = Symplectic basis gives Λ = τz 2 + Z 2 with τ Mat 2 (C) symmetric with pos. def. imaginary part.

17 Step 2: Reduction (elliptic case) For E = C/(τZ + Z), the number τ is unique up to SL 2 (Z) acting via ( a b c d ) τ = (aτ + b)(cτ + d) 1. We make τ reduced: 1. Re τ 1/2, 2. τ 1

18 Step 2: Reduction (elliptic case) For E = C/(τZ + Z), the number τ is unique up to SL 2 (Z) = {M GL 2 (Z) : M t ( acting via ( a b c d We make τ reduced: ) ( 0 1 M = 1 0 ) τ = (aτ + b)(cτ + d) Re τ 1/2, ( ) a b 2. cτ + d 1 for all SL c d 2 (Z) ) },

19 Step 2: Reduction For J(C) = C 2 /(τz 2 + Z 2 ), the matrix τ is unique up to Sp 4 (Z) = {M GL 4 (Z) : M t ( acting via ( a b c d We make τ reduced: ) ( 0 1 M = 1 0 ) τ = (aτ + b)(cτ + d) entries of Re τ have absolute value 1/2, ( ) a b 2. det(cτ + d) 1 for all Sp c d 4 (Z), ( ) y1 y 3. Im τ = 3 is reduced: 0 2y y 3 y 3 y 1 y 2. 2 ) },

20 Step 3: Numerical evaluation Thomae s formula [1870] gives an equation for C, given τ, in terms of the ten even theta constants θ[c 1, c 2 ](τ) = v Z 2 exp(πi(v + c 1 )τ(v + c 1 ) t + 2πi(v + c 1 )c t 2) with c 1, c 2 {0, 1 2 }2, 2c 1 c t 2 Z. Write out, get [Bolza 1887, Igusa 1967] i k (τ) = pol. in θ s θ 4, e.g. i 2 (τ) = ( θ 8 ) 5 θ 4. Evaluate numerically.

21 Bounds on Igusa invariants For running time bound, need upper bound on i k (τ) = pol. in θ s θ 4. Have θ(τ) < 2 for reduced τ, so only need lower bound on θ(τ). Got a bound in terms of 1. upper bound on entries of Im τ, 2. lower bound on τ 12 (allowed to be weak) Part 2 for free from detailed analysis of our construction of τ.

22 Bound on Im τ (elliptic case) For elliptic curves, we have τ = b + D 2a with a, b Z, hence Im τ 1 2 D. For genus 2, it is not that simple.

23 Bound on Im τ Bound Im τ by proving existence of alternative τ and relating it to τ via A Sp 4 (Z). Elliptic curves: if τ = Aτ and τ = x + yi, then Im τ = Im τ cτ + d 2 = y (cx + d) 2 + (cy) { 2 y if c = 0 y 1 if c 0 max{y, y 1 } Similar results for genus 2. To get τ, write a = zb + b 1 and maximize N K/Q (b 2 (z z)o K ). (related to fundamental domains for SL 2 (O K0 )).

24 Result Theorem Algorithm computes the of K in time less than cst.(d 7/2 1 D 11/2 0 ) 1+ɛ, where D 0 = disc K 0 and D 1 D0 2 = disc K. The bit size of the output is between Bottlenecks: cst.(d 1/2 1 D 1/2 0 ) 1 ɛ and cst.(d 2 1D 3 0) 1+ɛ. 1. quasi-quadratic time theta evaluation (quasi-linear method not proven [Dupont 2006]) 2. denominator bounds not optimal (special cases/conjectures [Bruinier-Yang 2006, Yang (preprint)])

25 What s next? g = 1: In practice, one does not use j, but uses smaller functions such as 3 j, Weber functions, and (double) eta quotients. g = 2: Still stuck with Igusa s invariants. g = 1: Useful tool: explicit version of Shimura s reciprocity law, relating Galois action of K on values of modular functions to the action of GL 2 ( Q) on the modular functions themselves. g = 2: I have been making Shimura s reciprocity law for g = 2 more explicit and have some ideas for smaller functions.

26 The embedding problem (Goren-Lauter) Given a quartic CM field K (not containing an imag. quadr. field). What are the primes p such that the following exist? a maximal order R in the quaternion algebra B p, /Q, a fractional right R-ideal a with left order R, and an embedding of O K into the matrix algebra ( ) R a 1 a R such that complex conjugation on O K coincides with ( ) ( α β α γn(a) 1 ). γ δ βn(a) δ Partial answer: we know the splitting behaviour of p in the normal closure of K and we know p < c disck. [GL 2006]