Genus 2 Curves of p-rank 1 via CM method
|
|
- Dustin Fisher
- 5 years ago
- Views:
Transcription
1 School of Mathematical Sciences University College Dublin Ireland and Claude Shannon Institute April 2009, GeoCrypt Joint work with Laura Hitt, Michael Naehrig, Marco Streng
2 Introduction This talk is about using the CM method to construct genus 2 curves over finite fields with p-rank 1 and certain additional properties. We discuss reduction of class polynomials mod p in this setting. Paper on arxiv.org/abs/ Update coming soon
3 A Class of Problems in Computational Number Theory Construct an explicit curve over F q with Property X...
4 A Class of Problems in Computational Number Theory Construct an explicit curve over F q with Property X... Problem 1: Construct a genus 2 curve with p-rank 1 over F q, whose Jacobian has a prime number of F q -rational points. Problem 2: Construct a genus 2 curve with p-rank 1 over F q that has small embedding degree. These problems have been studied in the ordinary case: Spallek, Eisentrager-Lauter, Gaudry-Houtmann-Kohel-Ritzenthaler-Weng for problem 1 Freeman-Stevenhagen-Streng for problem 2 Also, q might be prescribed, or perhaps not q but the size of q. The number of points might be prescribed, or perhaps just its size. Usually the genus is prescribed.
5 The p-rank The p-rank of an abelian variety A defined over F q is the F p -dimension of the subgroup of p-torsion points (defined over F q ). The p-rank lies between 0 and dim(a), and is invariant under isogeny. If p-rank is equal to dim(a) we say A is ordinary.
6 The p-rank The p-rank of an abelian variety A defined over F q is the F p -dimension of the subgroup of p-torsion points (defined over F q ). The p-rank lies between 0 and dim(a), and is invariant under isogeny. If p-rank is equal to dim(a) we say A is ordinary. For an elliptic curve (so dim(a) = 1) if p-rank is 0 we say A is supersingular. A is called supersingular if A is isogenous (over F q ) to E g where E is a supersingular elliptic curve.
7 The p-rank The p-rank of an abelian variety A defined over F q is the F p -dimension of the subgroup of p-torsion points (defined over F q ). The p-rank lies between 0 and dim(a), and is invariant under isogeny. If p-rank is equal to dim(a) we say A is ordinary. For an elliptic curve (so dim(a) = 1) if p-rank is 0 we say A is supersingular. A is called supersingular if A is isogenous (over F q ) to E g where E is a supersingular elliptic curve. If dim(a) = 2 then supersingular p-rank is 0. If dim(a) = 2 then there are three types: ordinary, supersingular and p-rank 1 (intermediate, mixed, almost ordinary).
8 Complex Multiplication A CM field is a totally imaginary quadratic extension of a totally real algebraic number field of finite degree. In particular, a field K is a quartic CM field if K is an imaginary quadratic extension of a totally real field K 0 of degree 2 over Q. Definition Let C be a curve of genus 2 defined over k = F q, and let K be a quartic CM field. For any order O of K, we say that C has complex multiplication (CM) by O if End k (J C ) = O. We say that C has CM by K if C has CM by an order in K. We will assume O = O K.
9 Complex Multiplication An elliptic curve is ordinary if and only if its endomorphism ring is commutative. Note that this is false in dimension 2. Lemma Let A be a simple 2-dimensional abelian variety defined over a finite field k. If A has p-rank 1, then A is absolutely simple, and End 0 k (A) = End0 (A) is a CM field of degree 4. k
10 The moduli space of curves of genus 2 over C is 3-dimensional. Its function field is generated by three invariants (j 1, j 2, j 3 ) called the (absolute) Igusa invariants of C. We define three Igusa class polynomials of an order O of a primitive quartic CM field K by H O,l = s (x j (i) l ) Q[x] i=1 for l = 1, 2, 3. Here s is the number of isomorphism classes of 2-dimensional principally polarized abelian varieties over C with CM by O, and the product is over the invariants j (i) l from the s classes. We assume O = O K.
11 The CM Method We divide the genus 2 CM method into three parts. Input: K a quartic CM field 1 Find p and a quartic Weil q-number/polynomial with the right properties for your demands. 2 Given a Weil q-polynomial, output the reduced lifted invariants. This includes computing or looking up the class polynomials. Three ways to do this: complex analytic (Spallek, Weng) p-adic (Gaudry et al), CRT (Eisentrager-Lauter). Includes reducing the class polynomials (invariants) mod p. 3 Construct the curve from the invariants. (one way to do this: Mestre) Choose this curve or a twist.
12 The CM Method We divide the genus 2 CM method into three parts. Input: K a quartic CM field 1 Find p and a quartic Weil q-number/polynomial with the right properties for your demands. 2 Given a Weil q-polynomial, output the reduced lifted invariants. This includes computing or looking up the class polynomials. Three ways to do this: complex analytic (Spallek, Weng) p-adic (Gaudry et al), CRT (Eisentrager-Lauter). Includes reducing the class polynomials (invariants) mod p. 3 Construct the curve from the invariants. (one way to do this: Mestre) Choose this curve or a twist. Our paper concerns Part 1, and the last piece of Part 2.
13 Reduction Modulo p Let A be an (PP) abelian surface with CM by K. Let p be a rational prime. Let p be a prime of Q(j 1, j 2, j 3 ) lying over p, and suppose A has good reduction at p. Key Fact: The splitting behaviour of p in O K determines the p-rank of the reduction of A modulo p.
14 Reduction Modulo p Let A be an (PP) abelian surface with CM by K. Let p be a rational prime. Let p be a prime of Q(j 1, j 2, j 3 ) lying over p, and suppose A has good reduction at p. Key Fact: The splitting behaviour of p in O K determines the p-rank of the reduction of A modulo p. e.g. For elliptic curves, the reduction is ordinary iff p splits completely. For dimension 2, Goren worked out the cases assuming p is unramified. Gaudry et al extended this to the ramified case. Note K must be non-galois for the reduction to be simple of p-rank 1.
15 p-rank 1 Reductions The part of the results of Goren, Gaudry et al, that applies to p-rank 1 is as follows. Lemma Let K be a quartic CM field and C a curve of genus 2 over a number field L K with endomorphism ring O K. Let p be a prime number and p a prime of O L, lying over p. The reduction of C modulo p is a genus-2 curve with p-rank 1 if and only if (p) factors in O K as (p) = p 1 p 2 p 3 or (p) = p 1 p 2 p 2 3. Alexey Zaytsev is developing these ideas. Primes p with (p) = p 1 p 2 p 2 3 will divide the discriminant of K.
16 2 K 2 L 2 K 0 2 K r K r 0 K r (j 1, j 2, j 3 ) H r Q(j 1, j 2, j 3 ) 2 2 Q
17 Field of Definition of Reduction If po K factors as p 1 p 2 p 3 then it is easy to show that p is inert in K r 0, then splits in K r, and so has inertial degree 2. Using also the main theorem of complex multiplication (Shimura), the reduction modulo a prime of Q(j 1, j 2, j 3 ) above p will be defined over F p 2.
18 Field of Definition of Reduction If po K factors as p 1 p 2 p 3 then it is easy to show that p is inert in K r 0, then splits in K r, and so has inertial degree 2. Using also the main theorem of complex multiplication (Shimura), the reduction modulo a prime of Q(j 1, j 2, j 3 ) above p will be defined over F p 2. [ If po K factors as p 1 p 2 p 2 3 then the reduction is defined over F p. For each prime p dividing the discriminant of K, check if po K factors as p 1 p 2 p 2 3. If so, we have a curve of p-rank 1 over F p. No control over size of p, it is small. Might be no such p. If there is a p, number of points on Jacobian may not be prime. ]
19 Algorithm 1 Algorithm Input: A non-galois CM field K of degree 4 and a positive integer n Output: A prime p of n bits and a curve of genus 2 over F p 2 has p-rank 1 and a Jacobian with a prime number of rational points. 1 Take a random prime p of n bits. 2 If po K factors as p 1 p 2 p 3, where p 3 has degree 2, continue. Otherwise, go to step 1. 3 If p 1 is principal and generated by α, let π = αα 1 p. Otherwise, go to step 1. 4 If N(uπ 1) is prime for some u {±1}, then replace π by uπ. Otherwise, go to step 1. that 5 Compute the curve corresponding to π using steps 2 and 3 of the CM method and return this curve.
20 Algorithm 2 Algorithm Input: A non-galois CM field K of degree 4, a positive integer κ and a prime number r 1 (mod 2κ) which splits completely in K. Output: A prime p and a curve of genus 2 over F p 2 that has p-rank 1 and embedding degree κ with respect to r. 1 Let r be a prime of K dividing r and let s = rr 1 r 1. 2 Take a random element x of F r and a primitive 2κ-th root of unity ζ. 3 Take α O K \ O K0 such that α mod r = x, α mod r = xζ and α mod s = x 1. 4 If p = N(α) is prime in Z and different from r, continue. Otherwise, go to Step 2. 5 If the prime β = N(α)α 1 α 1 of O K0 remains prime in O K, let π = α 2 β and p = N(α). Otherwise, go to Step 2. 6 Compute the curve corresponding to π using the CM method.
21 Example The heuristic running time is polynomial in n. In practice get curves of cryptographic size in 10 seconds.
22 Example The heuristic running time is polynomial in n. In practice get curves of cryptographic size in 10 seconds. We provide examples such that the Jacobian J C (F p 2) has prime order. The CM field for all examples is K = Q(α), where α is a root of X X Q[X ] of class number 2. We give the coefficients c i F p 2 of the curve equation C : y 2 = c 6 x 6 + c 5 x 5 + c 4 x 4 + c 3 x 3 + c 2 x 2 + c 1 x + c 0. The group order of the Jacobian can be computed as #J C (F p 2) = p a 1 (p 2 + 1) + a 2. The field F q = F p 2 is given as F p (σ), where σ has the minimal polynomial f σ = X F p [X ], i. e. σ = 3 F q.
23 Example p = a 1 = a 2 = c 6 = σ c 5 = σ c 4 = σ c 3 = σ c 2 = σ c 1 = σ c 0 = σ
24 Refinement Let the class polynomials be H 1 (x), H 2 (x), H 3 (x). In the CM method, we need to reduce the invariants mod p. We pick one root j 1 F q of H 1 (x) mod p (or for every irreducible factor h of H 1 (x)) and for each, take all roots j 2, j 3 F q of H 2 mod p and H 3 mod p. There are more triples than the triples that correspond to the reductions of CM curves.
25 Refinement Let the class polynomials be H 1 (x), H 2 (x), H 3 (x). In the CM method, we need to reduce the invariants mod p. We pick one root j 1 F q of H 1 (x) mod p (or for every irreducible factor h of H 1 (x)) and for each, take all roots j 2, j 3 F q of H 2 mod p and H 3 mod p. There are more triples than the triples that correspond to the reductions of CM curves. One refinement put forth in Gaudry et al is to replace H 2 (x) and H 3 (x) by two other polynomials in such a way that they directly only yield the correct triples (j 1, j 2, j 3 ). This refinement requires H 1 (x) to have a root of multiplicity 1 mod p.
26 Class Polynomials mod p p p (a 1, a 2 ) [D, A, B] h K H 1 (x) mod p H 1 (x) mod p (4,16) [8,22,113] 4 (x 2)(x 5)(x 2 + x + 6) (x + 25) 2 (x + 50) (3,3) [53,25,37] 3 x(x + 2) 2 (x 3 + 6x 2 + x + 2) (x x x + 16) (2,13) [8,50,617] 3 x(x + 2) 2 (x 3 + 3x 2 + 3x + 3) (x x x + 410) (8,35) [12, 50, 433] 2 x(x 6)(x 2 + 8x + 10) (x + 152) 2 (x + 304) (7,25) [37,45,53] 3 (x 3)(x 4)(x 5) - (x 3 + 8x 2 + 9x + 1) (4,23) [12, 74, 1321] 4 x(x 8) 2 (x 9) (x x + 178) 2 (x 4 + 4x x 2 + 2x + 4) (x x ) (2,-8) [124, 24, 20] 4 (x + 3)(x + 6)(x 2 + 9x + 4) x (7,31) [29,65,701] 3 (x + 1)(x + 7) 2 (x x x + 456) 2 (x 3 + 4x 2 + 6x + 8) (2,-11) [152, 26, 17] 2 (x + 7)(x + 11)(x 2 + 2x + 8) (x 2 + 6x + 4) (1,-25) [237,17,13] 2 x(x + 2)(x 2 + 2x + 7) (x 2 + 6) (9,41) [53, 69, 117] 4 x(x + 1)(x 2 + 8x + 11) (x 2 + 6x + 1) (10,57) [8,82,1481] 3 x(x + 2)(x + 4) (x x x ) 2 (x 3 + 7x x + 5) (11,67) [5, 89, 1829] 4 (x + 2)(x + 6) 2 (x + 15) (x + 7) 2 (x + 28) 2 (x + 50) 4 (x x + 13)(x x + 6) Table: Factorization of H 1 (x) modulo primes that split as p 1 p 2 p 2 3 in K, where K was generated by the characteristic polynomial of Frobenius of Jacobians of ordinary genus 2 curves defined over F p.
27 Class Polynomials mod p We show using elementary class field theory that this refinement will work when (p) = p 1 p 2 p 3 and will not work when (p) = p 1 p 2 p 2 3. In the latter case we provide a modification. We use the Kummer-Dedekind Theorem which states that the factorization of H 1 (x) modulo p reflects the factorization of (p) into prime ideals in Q(j 1 ).
28 Advertisment 9th International Finite Fields Conference University College Dublin and Claude Shannon Institute Dublin, Ireland, July
Igusa Class Polynomials
, supported by the Leiden University Fund (LUF) Joint Mathematics Meetings, San Diego, January 2008 Overview Igusa class polynomials are the genus 2 analogue of the classical Hilbert class polynomials.
More informationIgusa Class Polynomials
Genus 2 day, Intercity Number Theory Seminar Utrecht, April 18th 2008 Overview Igusa class polynomials are the genus 2 analogue of the classical Hilbert class polynomial. For each notion, I will 1. tell
More informationConstructing genus 2 curves over finite fields
Constructing genus 2 curves over finite fields Kirsten Eisenträger The Pennsylvania State University Fq12, Saratoga Springs July 15, 2015 1 / 34 Curves and cryptography RSA: most widely used public key
More informationIgusa class polynomials
Number Theory Seminar Cambridge 26 April 2011 Elliptic curves An elliptic curve E/k (char(k) 2) is a smooth projective curve y 2 = x 3 + ax 2 + bx + c. Q P P Q E is a commutative algebraic group Endomorphisms
More informationClass invariants for quartic CM-fields
Number Theory Seminar Oxford 2 June 2011 Elliptic curves An elliptic curve E/k (char(k) 2) is a smooth projective curve y 2 = x 3 + ax 2 + bx + c. Q P E is a commutative algebraic group P Q Endomorphisms
More informationConstructing Abelian Varieties for Pairing-Based Cryptography
for Pairing-Based CWI and Universiteit Leiden, Netherlands Workshop on Pairings in Arithmetic Geometry and 4 May 2009 s MNT MNT Type s What is pairing-based cryptography? Pairing-based cryptography refers
More informationCounting points on genus 2 curves over finite
Counting points on genus 2 curves over finite fields Chloe Martindale May 11, 2017 These notes are from a talk given in the Number Theory Seminar at the Fourier Institute, Grenoble, France, on 04/05/2017.
More informationClass polynomials for abelian surfaces
Class polynomials for abelian surfaces Andreas Enge LFANT project-team INRIA Bordeaux Sud-Ouest andreas.enge@inria.fr http://www.math.u-bordeaux.fr/~aenge LFANT seminar 27 January 2015 (joint work with
More informationConstructing Abelian Varieties for Pairing-Based Cryptography. David Stephen Freeman. A.B. (Harvard University) 2002
Constructing Abelian Varieties for Pairing-Based Cryptography by David Stephen Freeman A.B. (Harvard University) 2002 A dissertation submitted in partial satisfaction of the requirements for the degree
More informationComplex multiplication and canonical lifts
Complex multiplication and canonical lifts David R. Kohel Abstract The problem of constructing CM invariants of higher dimensional abelian varieties presents significant new challenges relative to CM constructions
More informationA Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties
A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties David Freeman Department of Mathematics University of California, Berkeley Berkeley, CA 94720-3840, USA
More informationHyperelliptic curves
1/40 Hyperelliptic curves Pierrick Gaudry Caramel LORIA CNRS, Université de Lorraine, Inria ECC Summer School 2013, Leuven 2/40 Plan What? Why? Group law: the Jacobian Cardinalities, torsion Hyperelliptic
More informationCONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES. Reinier Bröker
CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES Reinier Bröker Abstract. We give an algorithm that constructs, on input of a prime power q and an integer t, a supersingular elliptic curve over F q with trace
More informationBad reduction of genus 3 curves with Complex Multiplication
Bad reduction of genus 3 curves with Complex Multiplication Elisa Lorenzo García Universiteit Leiden Joint work with Bouw, Cooley, Lauter, Manes, Newton, Ozman. October 1, 2015 Elisa Lorenzo García Universiteit
More informationHONDA-TATE THEOREM FOR ELLIPTIC CURVES
HONDA-TATE THEOREM FOR ELLIPTIC CURVES MIHRAN PAPIKIAN 1. Introduction These are the notes from a reading seminar for graduate students that I organised at Penn State during the 2011-12 academic year.
More informationHeuristics. pairing-friendly abelian varieties
Heuristics on pairing-friendly abelian varieties joint work with David Gruenewald John Boxall john.boxall@unicaen.fr Laboratoire de Mathématiques Nicolas Oresme, UFR Sciences, Université de Caen Basse-Normandie,
More informationIsogeny graphs, modular polynomials, and point counting for higher genus curves
Isogeny graphs, modular polynomials, and point counting for higher genus curves Chloe Martindale July 7, 2017 These notes are from a talk given in the Number Theory Seminar at INRIA, Nancy, France. The
More informationGENERATORS OF JACOBIANS OF GENUS TWO CURVES
GENERATORS OF JACOBIANS OF GENUS TWO CURVES CHRISTIAN ROBENHAGEN RAVNSHØJ Abstract. We prove that in most cases relevant to cryptography, the Frobenius endomorphism on the Jacobian of a genus two curve
More informationMappings of elliptic curves
Mappings of elliptic curves Benjamin Smith INRIA Saclay Île-de-France & Laboratoire d Informatique de l École polytechnique (LIX) Eindhoven, September 2008 Smith (INRIA & LIX) Isogenies of Elliptic Curves
More informationIsogeny invariance of the BSD conjecture
Isogeny invariance of the BSD conjecture Akshay Venkatesh October 30, 2015 1 Examples The BSD conjecture predicts that for an elliptic curve E over Q with E(Q) of rank r 0, where L (r) (1, E) r! = ( p
More informationFORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS
Sairaiji, F. Osaka J. Math. 39 (00), 3 43 FORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS FUMIO SAIRAIJI (Received March 4, 000) 1. Introduction Let be an elliptic curve over Q. We denote by ˆ
More informationExplicit Complex Multiplication
Explicit Complex Multiplication Benjamin Smith INRIA Saclay Île-de-France & Laboratoire d Informatique de l École polytechnique (LIX) Eindhoven, September 2008 Smith (INRIA & LIX) Explicit CM Eindhoven,
More informationElliptic Curves Spring 2015 Lecture #23 05/05/2015
18.783 Elliptic Curves Spring 2015 Lecture #23 05/05/2015 23 Isogeny volcanoes We now want to shift our focus away from elliptic curves over C and consider elliptic curves E/k defined over any field k;
More informationOn elliptic curves in characteristic 2 with wild additive reduction
ACTA ARITHMETICA XCI.2 (1999) On elliptic curves in characteristic 2 with wild additive reduction by Andreas Schweizer (Montreal) Introduction. In [Ge1] Gekeler classified all elliptic curves over F 2
More informationCOMPUTING ENDOMORPHISM RINGS OF JACOBIANS OF GENUS 2 CURVES OVER FINITE FIELDS
COMPUTING ENDOMORPHISM RINGS OF JACOBIANS OF GENUS 2 CURVES OVER FINITE FIELDS DAVID FREEMAN AND KRISTIN LAUTER Abstract. We present probabilistic algorithms which, given a genus 2 curve C defined over
More informationComputing isogeny graphs using CM lattices
Computing isogeny graphs using CM lattices David Gruenewald GREYC/LMNO Université de Caen GeoCrypt, Corsica 22nd June 2011 Motivation for computing isogenies Point counting. Computing CM invariants. Endomorphism
More informationComputing the endomorphism ring of an ordinary elliptic curve
Computing the endomorphism ring of an ordinary elliptic curve Massachusetts Institute of Technology April 3, 2009 joint work with Gaetan Bisson http://arxiv.org/abs/0902.4670 Elliptic curves An elliptic
More informationPoint counting and real multiplication on K3 surfaces
Point counting and real multiplication on K3 surfaces Andreas-Stephan Elsenhans Universität Paderborn September 2016 Joint work with J. Jahnel. A.-S. Elsenhans (Universität Paderborn) K3 surfaces September
More informationSome algebraic number theory and the reciprocity map
Some algebraic number theory and the reciprocity map Ervin Thiagalingam September 28, 2015 Motivation In Weinstein s paper, the main problem is to find a rule (reciprocity law) for when an irreducible
More informationIdentifying supersingular elliptic curves
Identifying supersingular elliptic curves Andrew V. Sutherland Massachusetts Institute of Technology January 6, 2012 http://arxiv.org/abs/1107.1140 Andrew V. Sutherland (MIT) Identifying supersingular
More informationA BRIEF INTRODUCTION TO LOCAL FIELDS
A BRIEF INTRODUCTION TO LOCAL FIELDS TOM WESTON The purpose of these notes is to give a survey of the basic Galois theory of local fields and number fields. We cover much of the same material as [2, Chapters
More informationCOMPUTING ENDOMORPHISM RINGS OF JACOBIANS OF GENUS 2 CURVES OVER FINITE FIELDS
COMPUTING ENDOMORPHISM RINGS OF JACOBIANS OF GENUS 2 CURVES OVER FINITE FIELDS DAVID FREEMAN AND KRISTIN LAUTER Abstract. We present algorithms which, given a genus 2 curve C defined over a finite field
More informationAbstracts of papers. Amod Agashe
Abstracts of papers Amod Agashe In this document, I have assembled the abstracts of my work so far. All of the papers mentioned below are available at http://www.math.fsu.edu/~agashe/math.html 1) On invisible
More informationREDUCTION OF ELLIPTIC CURVES OVER CERTAIN REAL QUADRATIC NUMBER FIELDS
MATHEMATICS OF COMPUTATION Volume 68, Number 228, Pages 1679 1685 S 0025-5718(99)01129-1 Article electronically published on May 21, 1999 REDUCTION OF ELLIPTIC CURVES OVER CERTAIN REAL QUADRATIC NUMBER
More informationNUNO FREITAS AND ALAIN KRAUS
ON THE DEGREE OF THE p-torsion FIELD OF ELLIPTIC CURVES OVER Q l FOR l p NUNO FREITAS AND ALAIN KRAUS Abstract. Let l and p be distinct prime numbers with p 3. Let E/Q l be an elliptic curve with p-torsion
More informationClass invariants by the CRT method
Class invariants by the CRT method Andreas Enge Andrew V. Sutherland INRIA Bordeaux-Sud-Ouest Massachusetts Institute of Technology ANTS IX Andreas Enge and Andrew Sutherland Class invariants by the CRT
More informationc Copyright 2012 Wenhan Wang
c Copyright 01 Wenhan Wang Isolated Curves for Hyperelliptic Curve Cryptography Wenhan Wang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy University
More informationThe 2-adic CM method for genus 2 curves with application to cryptography
The 2-adic CM method for genus 2 curves with application to cryptography P. Gaudry 1,2, T. Houtmann 2, D. Kohel 3, C. Ritzenthaler 4, and A. Weng 2 1 LORIA - Projet SPACES Campus Scientifique - BP 239,
More informationIsogeny graphs of abelian varieties and applications to the Discrete Logarithm Problem
Isogeny graphs of abelian varieties and applications to the Discrete Logarithm Problem Chloe Martindale 26th January, 2018 These notes are from a talk given in the Séminaire Géométrie et algèbre effectives
More informationGalois theory (Part II)( ) Example Sheet 1
Galois theory (Part II)(2015 2016) Example Sheet 1 c.birkar@dpmms.cam.ac.uk (1) Find the minimal polynomial of 2 + 3 over Q. (2) Let K L be a finite field extension such that [L : K] is prime. Show that
More informationComputing the modular equation
Computing the modular equation Andrew V. Sutherland (MIT) Barcelona-Boston-Tokyo Number Theory Seminar in Memory of Fumiyuki Momose Andrew V. Sutherland (MIT) Computing the modular equation 1 of 8 The
More informationL-Polynomials of Curves over Finite Fields
School of Mathematical Sciences University College Dublin Ireland July 2015 12th Finite Fields and their Applications Conference Introduction This talk is about when the L-polynomial of one curve divides
More informationGenerating more Kawazoe-Takahashi Genus 2 Pairing-friendly Hyperelliptic Curves
Generating more Kawazoe-Takahashi Genus 2 Pairing-friendly Hyperelliptic Curves Ezekiel J Kachisa School of Computing Dublin City University Ireland ekachisa@computing.dcu.ie Abstract. Constructing pairing-friendly
More informationIntroduction to Elliptic Curves
IAS/Park City Mathematics Series Volume XX, XXXX Introduction to Elliptic Curves Alice Silverberg Introduction Why study elliptic curves? Solving equations is a classical problem with a long history. Starting
More informationGraph structure of isogeny on elliptic curves
Graph structure of isogeny on elliptic curves Université Versailles Saint Quentin en Yvelines October 23, 2014 1/ 42 Outline of the talk 1 Reminder about elliptic curves, 2 Endomorphism ring of elliptic
More informationEquations for Hilbert modular surfaces
Equations for Hilbert modular surfaces Abhinav Kumar MIT April 24, 2013 Introduction Outline of talk Elliptic curves, moduli spaces, abelian varieties 2/31 Introduction Outline of talk Elliptic curves,
More informationMA 162B LECTURE NOTES: THURSDAY, FEBRUARY 26
MA 162B LECTURE NOTES: THURSDAY, FEBRUARY 26 1. Abelian Varieties of GL 2 -Type 1.1. Modularity Criteria. Here s what we ve shown so far: Fix a continuous residual representation : G Q GLV, where V is
More informationTables of elliptic curves over number fields
Tables of elliptic curves over number fields John Cremona University of Warwick 10 March 2014 Overview 1 Why make tables? What is a table? 2 Simple enumeration 3 Using modularity 4 Curves with prescribed
More informationTOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS. 1. Introduction
TOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS KEITH CONRAD A (monic) polynomial in Z[T ], 1. Introduction f(t ) = T n + c n 1 T n 1 + + c 1 T + c 0, is Eisenstein at a prime p when each coefficient
More informationGenus 2 Hyperelliptic Curve Families with Explicit Jacobian Order Evaluation and Pairing-Friendly Constructions
Genus Hyperelliptic Curve Families with Explicit Jacobian Order Evaluation and Pairing-Friendly Constructions Aurore Guillevic 1, and Damien Vergnaud 1 1 Équipe crypto DI, École Normale Supérieure, C.N.R.S.,
More informationUp to twist, there are only finitely many potentially p-ordinary abelian varieties over. conductor
Up to twist, there are only finitely many potentially p-ordinary abelian varieties over Q of GL(2)-type with fixed prime-to-p conductor Haruzo Hida Department of Mathematics, UCLA, Los Angeles, CA 90095-1555,
More informationGENUS 2 CURVES WITH COMPLEX MULTIPLICATION
GENUS 2 CURVES WITH COMPLEX MULTIPLICATION EYAL Z. GOREN & KRISTIN E. LAUTER 1. Introduction While the main goal of this paper is to give a bound on the denominators of Igusa class polynomials of genus
More informationthis to include the explicit maps, please do so!
Contents 1. Introduction 1 2. Warmup: descent on A 2 + B 3 = N 2 3. A 2 + B 3 = N: enriched descent 3 4. The Faltings height 5 5. Isogeny and heights 6 6. The core of the proof that the height doesn t
More informationIntegral models of Shimura varieties
Zavosh Amir-Khosravi April 9, 2011 Motivation Let n 3 be an integer, S a scheme, and let (E, α n ) denote an elliptic curve E over S with a level-n structure α n : (Z/nZ) 2 E n. Motivation Let n 3 be an
More informationGalois Representations
Galois Representations Samir Siksek 12 July 2016 Representations of Elliptic Curves Crash Course E/Q elliptic curve; G Q = Gal(Q/Q); p prime. Fact: There is a τ H such that E(C) = C Z + τz = R Z R Z. Easy
More informationIN POSITIVE CHARACTERISTICS: 3. Modular varieties with Hecke symmetries. 7. Foliation and a conjecture of Oort
FINE STRUCTURES OF MODULI SPACES IN POSITIVE CHARACTERISTICS: HECKE SYMMETRIES AND OORT FOLIATION 1. Elliptic curves and their moduli 2. Moduli of abelian varieties 3. Modular varieties with Hecke symmetries
More informationLectures on Cryptography Heraklion 2003 Gerhard Frey IEM, University of Duisburg-Essen Part II Discrete Logarithm Systems
Lectures on Cryptography Heraklion 2003 Gerhard Frey IEM, University of Duisburg-Essen Part II Discrete Logarithm Systems 1 Algebraic Realization of Key exchange and Signature 1.1 Key exchange and signature
More informationORAL QUALIFYING EXAM QUESTIONS. 1. Algebra
ORAL QUALIFYING EXAM QUESTIONS JOHN VOIGHT Below are some questions that I have asked on oral qualifying exams (starting in fall 2015). 1.1. Core questions. 1. Algebra (1) Let R be a noetherian (commutative)
More informationComputing class polynomials in genus 2
Contrat de recherches numéro 21 42 349 Rapport numéro 8 Computing class polynomials in genus 2 Rapport DGA Andreas Enge and Damien Robert 26 April 213 Inria Bordeaux Sud-Ouest, 2 avenue de la Vieille Tour
More information2,3,5, LEGENDRE: ±TRACE RATIOS IN FAMILIES OF ELLIPTIC CURVES
2,3,5, LEGENDRE: ±TRACE RATIOS IN FAMILIES OF ELLIPTIC CURVES NICHOLAS M. KATZ 1. Introduction The Legendre family of elliptic curves over the λ-line, E λ : y 2 = x(x 1)(x λ), is one of the most familiar,
More informationComputing modular polynomials in dimension 2 ECC 2015, Bordeaux
Computing modular polynomials in dimension 2 ECC 2015, Bordeaux Enea Milio 29/09/2015 Enea Milio Computing modular polynomials 29/09/2015 1 / 49 Computing modular polynomials 1 Dimension 1 : elliptic curves
More informationCOMPLEX MULTIPLICATION OF ABELIAN SURFACES. ter verkrijging van. Proefschrift
COMPLEX MULTIPLICATION OF ABELIAN SURFACES Proefschrift ter verkrijging van de graad van Doctor aan de Universiteit Leiden, op gezag van Rector Magnificus prof. mr. P.F. van der Heijden, volgens besluit
More informationCounting points on elliptic curves over F q
Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 p.2 Motivation Given an elliptic curve E over a finite
More informationSome. Manin-Mumford. Problems
Some Manin-Mumford Problems S. S. Grant 1 Key to Stark s proof of his conjectures over imaginary quadratic fields was the construction of elliptic units. A basic approach to elliptic units is as follows.
More informationCYCLOTOMIC FIELDS CARL ERICKSON
CYCLOTOMIC FIELDS CARL ERICKSON Cyclotomic fields are an interesting laboratory for algebraic number theory because they are connected to fundamental problems - Fermat s Last Theorem for example - and
More informationThe Fricke-Macbeath Curve
The Fricke-Macbeath Curve Jaap Top BIRS, September 28th, 2016 joint work with Carlo Verschoor (master s student in Groningen during 2014/15, currently PhD student with Frits Beukers, Utrecht) Some history
More informationConstructing Families of Pairing-Friendly Elliptic Curves
Constructing Families of Pairing-Friendly Elliptic Curves David Freeman Information Theory Research HP Laboratories Palo Alto HPL-2005-155 August 24, 2005* cryptography, pairings, elliptic curves, embedding
More informationc ij x i x j c ij x i y j
Math 48A. Class groups for imaginary quadratic fields In general it is a very difficult problem to determine the class number of a number field, let alone the structure of its class group. However, in
More informationElliptic Curves Spring 2019 Problem Set #7 Due: 04/08/2019
18.783 Elliptic Curves Spring 2019 Problem Set #7 Due: 04/08/2019 Description These problems are related to the material covered in Lectures 13-14. Instructions: Solve problem 1 and then solve one of Problems
More informationQUADRATIC TWISTS OF AN ELLIPTIC CURVE AND MAPS FROM A HYPERELLIPTIC CURVE
Math. J. Okayama Univ. 47 2005 85 97 QUADRATIC TWISTS OF AN ELLIPTIC CURVE AND MAPS FROM A HYPERELLIPTIC CURVE Masato KUWATA Abstract. For an elliptic curve E over a number field k we look for a polynomial
More informationSOLVING SOLVABLE QUINTICS. D. S. Dummit
D. S. Dummit Abstract. Let f(x) = x 5 + px 3 + qx + rx + s be an irreducible polynomial of degree 5 with rational coefficients. An explicit resolvent sextic is constructed which has a rational root if
More informationVARIETIES WITHOUT EXTRA AUTOMORPHISMS II: HYPERELLIPTIC CURVES
VARIETIES WITHOUT EXTRA AUTOMORPHISMS II: HYPERELLIPTIC CURVES BJORN POONEN Abstract. For any field k and integer g 2, we construct a hyperelliptic curve X over k of genus g such that #(Aut X) = 2. We
More informationSurjectivity in Honda-Tate
Surjectivity in Honda-Tate Brian Lawrence May 5, 2014 1 Introduction Let F q be a finite field with q = p a elements, p prime. Given any simple Abelian variety A over F q, we have seen that the characteristic
More informationExplicit Methods in Algebraic Number Theory
Explicit Methods in Algebraic Number Theory Amalia Pizarro Madariaga Instituto de Matemáticas Universidad de Valparaíso, Chile amaliapizarro@uvcl 1 Lecture 1 11 Number fields and ring of integers Algebraic
More informationThe Galois group of a polynomial f(x) K[x] is the Galois group of E over K where E is a splitting field for f(x) over K.
The third exam will be on Monday, April 9, 013. The syllabus for Exam III is sections 1 3 of Chapter 10. Some of the main examples and facts from this material are listed below. If F is an extension field
More informationTOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS. 1. Introduction
TOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS KEITH CONRAD A (monic) polynomial in Z[T ], 1. Introduction f(t ) = T n + c n 1 T n 1 + + c 1 T + c 0, is Eisenstein at a prime p when each coefficient
More informationLecture 2: Elliptic curves
Lecture 2: Elliptic curves This lecture covers the basics of elliptic curves. I begin with a brief review of algebraic curves. I then define elliptic curves, and talk about their group structure and defining
More informationNon CM p-adic analytic families of modular forms
Non CM p-adic analytic families of modular forms Haruzo Hida Department of Mathematics, UCLA, Los Angeles, CA 90095-1555, U.S.A. The author is partially supported by the NSF grant: DMS 1464106. Abstract:
More informationPAIRINGS ON HYPERELLIPTIC CURVES. 1. Introduction
PAIRINGS ON HYPERELLIPTIC CURVES JENNIFER BALAKRISHNAN, JULIANA BELDING, SARAH CHISHOLM, KIRSTEN EISENTRÄGER, KATHERINE E. STANGE, AND EDLYN TESKE Dedicated to the memory of Isabelle Déchène (1974-2009)
More informationCOUNTING MOD l SOLUTIONS VIA MODULAR FORMS
COUNTING MOD l SOLUTIONS VIA MODULAR FORMS EDRAY GOINS AND L. J. P. KILFORD Abstract. [Something here] Contents 1. Introduction 1. Galois Representations as Generating Functions 1.1. Permutation Representation
More informationGENERATORS OF FINITE FIELDS WITH POWERS OF TRACE ZERO AND CYCLOTOMIC FUNCTION FIELDS. 1. Introduction
GENERATORS OF FINITE FIELDS WITH POWERS OF TRACE ZERO AND CYCLOTOMIC FUNCTION FIELDS JOSÉ FELIPE VOLOCH Abstract. Using the relation between the problem of counting irreducible polynomials over finite
More information8430 HANDOUT 6: PROOF OF THE MAIN THEOREM
8430 HANDOUT 6: PROOF OF THE MAIN THEOREM PETE L. CLARK 1. Proof of the main theorem for maximal orders We are now going to take a decisive step forward by proving the Main Theorem on which primes p are
More informationComputing the image of Galois
Computing the image of Galois Andrew V. Sutherland Massachusetts Institute of Technology October 9, 2014 Andrew Sutherland (MIT) Computing the image of Galois 1 of 25 Elliptic curves Let E be an elliptic
More informationarxiv: v2 [math.nt] 17 Jul 2018
arxiv:1803.00514v2 [math.nt] 17 Jul 2018 CONSTRUCTING PICARD CURVES WITH COMPLEX MULTIPLICATION USING THE CHINESE REMAINDER THEOREM SONNY ARORA AND KIRSTEN EISENTRÄGER Abstract. We give a new algorithm
More informationGalois Representations
9 Galois Representations This book has explained the idea that all elliptic curves over Q arise from modular forms. Chapters 1 and introduced elliptic curves and modular curves as Riemann surfaces, and
More informationMaximal Class Numbers of CM Number Fields
Maximal Class Numbers of CM Number Fields R. C. Daileda R. Krishnamoorthy A. Malyshev Abstract Fix a totally real number field F of degree at least 2. Under the assumptions of the generalized Riemann hypothesis
More informationYou could have invented Supersingular Isogeny Diffie-Hellman
You could have invented Supersingular Isogeny Diffie-Hellman Lorenz Panny Technische Universiteit Eindhoven Πλατανιάς, Κρήτη, 11 October 2017 1 / 22 Shor s algorithm 94 Shor s algorithm quantumly breaks
More informationModular polynomials and isogeny volcanoes
Modular polynomials and isogeny volcanoes Andrew V. Sutherland February 3, 010 Reinier Bröker Kristin Lauter Andrew V. Sutherland (MIT) Modular polynomials and isogeny volcanoes 1 of 9 Isogenies An isogeny
More informationOn metacyclic extensions
On metacyclic extensions Masanari Kida 1 Introduction A group G is called metacyclic if it contains a normal cyclic subgroup N such that the quotient group G/N is also cyclic. The category of metacyclic
More informationAlgebraic number theory Revision exercises
Algebraic number theory Revision exercises Nicolas Mascot (n.a.v.mascot@warwick.ac.uk) Aurel Page (a.r.page@warwick.ac.uk) TA: Pedro Lemos (lemos.pj@gmail.com) Version: March 2, 20 Exercise. What is the
More informationIsogeny graphs with maximal real multiplication
Isogeny graphs with maximal real multiplication Sorina Ionica 1,2 and Emmanuel Thomé 3 1 IMB, Université de Bordeaux 351 Cours de la Libération 33405 Talence France 2 LFANT Project INRIA Bordeaux Sud-Est
More informationImaginary Quadratic Fields With Isomorphic Abelian Galois Groups
Imaginary Quadratic Fields With Isomorphic Abelian Galois Groups Universiteit Leiden, Université Bordeaux 1 July 12, 2012 - UCSD - X - a Question Let K be a number field and G K = Gal(K/K) the absolute
More informationCOMPUTING MODULAR POLYNOMIALS
COMPUTING MODULAR POLYNOMIALS DENIS CHARLES AND KRISTIN LAUTER 1. Introduction The l th modular polynomial, φ l (x, y), parameterizes pairs of elliptic curves with an isogeny of degree l between them.
More informationx mv = 1, v v M K IxI v = 1,
18.785 Number Theory I Fall 2017 Problem Set #7 Description These problems are related to the material covered in Lectures 13 15. Your solutions are to be written up in latex (you can use the latex source
More information15 Elliptic curves and Fermat s last theorem
15 Elliptic curves and Fermat s last theorem Let q > 3 be a prime (and later p will be a prime which has no relation which q). Suppose that there exists a non-trivial integral solution to the Diophantine
More information14 Ordinary and supersingular elliptic curves
18.783 Elliptic Curves Spring 2015 Lecture #14 03/31/2015 14 Ordinary and supersingular elliptic curves Let E/k be an elliptic curve over a field of positive characteristic p. In Lecture 7 we proved that
More informationOn the equality case of the Ramanujan Conjecture for Hilbert modular forms
On the equality case of the Ramanujan Conjecture for Hilbert modular forms Liubomir Chiriac Abstract The generalized Ramanujan Conjecture for unitary cuspidal automorphic representations π on GL 2 posits
More informationl-adic Representations
l-adic Representations S. M.-C. 26 October 2016 Our goal today is to understand l-adic Galois representations a bit better, mostly by relating them to representations appearing in geometry. First we ll
More information2-ADIC ARITHMETIC-GEOMETRIC MEAN AND ELLIPTIC CURVES
-ADIC ARITHMETIC-GEOMETRIC MEAN AND ELLIPTIC CURVES KENSAKU KINJO, YUKEN MIYASAKA AND TAKAO YAMAZAKI 1. The arithmetic-geometric mean over R and elliptic curves We begin with a review of a relation between
More informationKAGAWA Takaaki. March, 1998
Elliptic curves with everywhere good reduction over real quadratic fields KAGAWA Takaaki March, 1998 A dissertation submitted for the degree of Doctor of Science at Waseda University Acknowledgments I
More information