Divisibility Sequences for Elliptic Curves with Complex Multiplication

Transcription

1 Divisibility Sequences for Elliptic Curves with Complex Multiplication Master s thesis, Universiteit Utrecht supervisor: Gunther Cornelissen Universiteit Leiden Journées Arithmétiques, Edinburgh, July 2007

2 Elliptic Curves An elliptic curve E is a non-singular projective curve E given by E : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6. It has a natural algebraic group structure with neutral element O = (0 : 1 : 0) at infinity.

3 Elliptic Divisibility Sequences (1) Let E be an elliptic curve, given by an equation with coefficients in Z. Every point Q E(Q) can be written uniquely in the form Q = ( A B 2, C ) B 3 with integers A, B, C such that A and C are both coprime to B.

4 Elliptic Divisibility Sequences (1) Let E be an elliptic curve, given by an equation with coefficients in Z. Every point Q E(Q) can be written uniquely in the form Q = ( A B 2, C ) B 3 with integers A, B, C such that A and C are both coprime to B. B is the largest integer such that Q reduces to (0 : 1 : 0) modulo B.

5 Elliptic Divisibility Sequences (1) Let E be an elliptic curve, given by an equation with coefficients in Z. Let P E(Q) be a point of infinite order. Every point Q E(Q) can be written uniquely in the form Q = ( A B 2, C ) B 3 with integers A, B, C such that A and C are both coprime to B. B is the largest integer such that Q reduces to (0 : 1 : 0) modulo B.

6 Elliptic Divisibility Sequences (1) Let E be an elliptic curve, given by an equation with coefficients in Z. Let P E(Q) be a point of infinite order. Every point np E(Q) can be written uniquely in the form np = ( An B 2, C ) n n B 3 n with integers A n, B n, C n such that A n and C n are both coprime to B n. B n is the largest integer such that np reduces to (0 : 1 : 0) modulo B n. We get a sequence B 1, B 2, B 3,..., which we call an elliptic divisibility sequence.

7 Applications Source of large primes... (Chudnovsky and Chudnovsky, 1986)

8 Applications Source of large primes... (Chudnovsky and Chudnovsky, 1986)... or not. (Everest, King, Miller, Reynolds, Stephens & Stevens)

9 Applications Source of large primes... (Chudnovsky and Chudnovsky, 1986)... or not. (Everest, King, Miller, Reynolds, Stephens & Stevens) Connection to Hilbert s Tenth Problem: Is there an algorithm that decides whether a polynomial equation P(X 1,..., X n ) = 0 has a solution (X 1,..., X n ) Z n?

10 Applications Source of large primes... (Chudnovsky and Chudnovsky, 1986)... or not. (Everest, King, Miller, Reynolds, Stephens & Stevens) Connection to Hilbert s Tenth Problem: Is there an algorithm that decides whether a polynomial equation P(X 1,..., X n ) = 0 has a solution (X 1,..., X n ) Z n? No. (Davis, Putnam, Robinson, Matiyasevich 1970)

11 Applications Source of large primes... (Chudnovsky and Chudnovsky, 1986)... or not. (Everest, King, Miller, Reynolds, Stephens & Stevens) Connection to Hilbert s Tenth Problem: Is there an algorithm that decides whether a polynomial equation P(X 1,..., X n ) = 0 has a solution (X 1,..., X n ) Z n? No. (Davis, Putnam, Robinson, Matiyasevich 1970) But what about other rings? With Z replaced by Q, still an open problem.

12 Applications Source of large primes... (Chudnovsky and Chudnovsky, 1986)... or not. (Everest, King, Miller, Reynolds, Stephens & Stevens) Connection to Hilbert s Tenth Problem: Is there an algorithm that decides whether a polynomial equation P(X 1,..., X n ) = 0 has a solution (X 1,..., X n ) Z n? No. (Davis, Putnam, Robinson, Matiyasevich 1970) But what about other rings? With Z replaced by Q, still an open problem. Learn about elliptic curves.

13 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = 84 B5 = 1343 B 6 = 6214 B7 = B 8 = B 9 = B 10 = B 11 = B 12 = B 13 = B 14 = B 15 = B 16 = B 17 = B 18 = B 19 = B 20 = B 21 = B 22 = B 23 = B 24 = B 25 = B 26 = B 27 = B 28 = B 29 = B 30 =

14 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = 84 B5 = 1343 B 6 = 6214 B7 = B 8 = B 9 = B 10 = B 11 = B 12 = B 13 = B 14 = B 15 = B 16 = B 17 = B 18 = B 19 = B 20 = B 21 = growth: B 22 = B 23 = B 24 = B 25 = log B m ĥ(p) m 2. (Weil, Siegel) B 26 = B 27 = B 28 = B 29 = B 30 =

15 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = 84 B5 = 1343 B 6 = 6214 B7 = B 8 = B 9 = B 10 = B 11 = B 12 = B 13 = B 14 = B 15 = B 16 = B 17 = B 18 = B 19 = B 20 = B 21 = growth: B 22 = B 23 = B 24 = B 25 = log B m ĥ(p) m 2. (Weil, Siegel) B 26 = log B m ĥ(p) m 2 + C. B 27 = B 28 = B 29 = B 30 =

16 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = 84 B5 = 1343 B 6 = 6214 B7 = B 8 = B 9 = B 10 = B 11 = B 12 = B 13 = B 14 = B 15 = B 16 = B 17 = B 18 = B 19 = B 20 = B 21 = growth: B 22 = B 23 = B 24 = B 25 = log B m ĥ(p) m 2. (Weil, Siegel) B 26 = log B m ĥ(p) m 2 + C. B 27 = B 28 = log B m = ĥ(p) m 2 + O ( (log m)(log log m) 3). (Linear forms in elliptic logarithms, David, 1995) B 29 = B 30 =

17 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = B 5 = B 6 = B 7 = B 8 = B 9 = B 10 =

18 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = B 5 = B 6 = B 7 = B 8 = B 9 = B 10 = divisibility: if m n, then B m B n.

19 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = B 5 = B 6 = B 7 = B 8 = B 9 = B 10 = divisibility: if m n, then B m B n. strong divisibility: gcd(b m, B n ) = B gcd(m,n).

20 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = B 5 = B 6 = B 7 = B 8 = B 9 = B 10 = divisibility: if m n, then B m B n. strong divisibility: gcd(b m, B n ) = B gcd(m,n). if ord p (B m ) >> 0, then ord p (B mn ) = ord p (B m ) + ord p (n). (formal groups / reduction)

21 Example: E : y 2 = x 3 2x, P = (2, 2) B 1 = 1 B 2 = 2 B 3 = 1 B 4 = B 5 = B 6 = B 7 = divisibility: if m n, then B m B n. strong divisibility: gcd(b m, B n ) = B gcd(m,n). if ord p (B m ) >> 0, then ord p (B mn ) = ord p (B m ) + ord p (n). (formal groups / reduction) B 8 = all but finitely many terms have a new prime factor B 9 = (Silverman, 1988) B 10 =

22 Proof of Silverman (1) A primitive divisor of the term B n is a prime q B n such that for every m, if q B m, then n m.

23 Proof of Silverman (1) A primitive divisor of the term B n is a prime q B n such that for every m, if q B m, then n m. The primitive part D n of B n is the largest divisor of B n such that all primes dividing D n are primitive divisors of B n.

24 Proof of Silverman (1) A primitive divisor of the term B n is a prime q B n such that for every m, if q B m, then n m. The primitive part D n of B n is the largest divisor of B n such that all primes dividing D n are primitive divisors of B n. Lemma There is a constant C = 0 in Z such that B n D n C p n pb n/p.

25 Proof of Silverman (2) so B n D n C p n pb n/p, log D n log B n (log B n/p + log p) log C p n ĥ(p)n 2 ĥ(p)(n/p) 2 o(1)n 2 p n ) = ĥ(p) n (1 2 p 2 o(1) p n ĥ(p) n 2 (0.547 o(1)).

26 Proof of Silverman (2) so B n D n C p n pb n/p, log D n log B n (log B n/p + log p) log C p n ĥ(p)n 2 ĥ(p)(n/p) 2 o(1)n 2 p n ) = ĥ(p) n (1 2 p 2 o(1) p n ĥ(p) n 2 (0.547 o(1)).

27 Proof of Silverman (2) so B n D n C p n pb n/p, log D n log B n (log B n/p + log p) log C p n ĥ(p)n 2 ĥ(p)(n/p) 2 o(1)n 2 p n ) = ĥ(p) n (1 2 p 2 o(1) p n ĥ(p) n 2 (0.547 o(1)).

28 Proof of Silverman (2) so B n D n C p n pb n/p, log D n log B n (log B n/p + log p) log C p n ĥ(p)n 2 ĥ(p)(n/p) 2 o(1)n 2 p n ) = ĥ(p) n (1 2 p 2 o(1) p n ĥ(p) n 2 (0.547 o(1)).

29 Proof of Silverman (2) so B n D n C p n pb n/p, log D n log B n (log B n/p + log p) log C p n ĥ(p)n 2 ĥ(p)(n/p) 2 o(1)n 2 p n ) = ĥ(p) n (1 2 p 2 o(1) p n ĥ(p) n 2 (0.547 o(1)).

30 Complex Multiplication An endomorphism of E is an algebraic group homomorphism E E.

31 Complex Multiplication An endomorphism of E is an algebraic group homomorphism E E. Example: multiplication by n Z

32 Complex Multiplication An endomorphism of E is an algebraic group homomorphism E E. Example: multiplication by n Z Example: If E : y 2 = x 3 + ax, then (x, y) ( x, iy).

33 Complex Multiplication An endomorphism of E is an algebraic group homomorphism E E. Example: multiplication by n Z Example: If E : y 2 = x 3 + ax, then (x, y) ( x, iy). The endomorphisms form a ring End(E).

34 Complex Multiplication An endomorphism of E is an algebraic group homomorphism E E. Example: multiplication by n Z Example: If E : y 2 = x 3 + ax, then (x, y) ( x, iy). The endomorphisms form a ring End(E). End(E) is either Z or Z[ω], where ω C \ R is a zero of a polynomial X 2 + ax + b with a, b Z.

35 Complex Multiplication An endomorphism of E is an algebraic group homomorphism E E. Example: multiplication by n Z Example: If E : y 2 = x 3 + ax, then (x, y) ( x, iy). The endomorphisms form a ring End(E). End(E) is either Z or Z[ω], where ω C \ R is a zero of a polynomial X 2 + ax + b with a, b Z. If End(E) = Z, then we say that E has Complex Multiplication.

36 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α.

37 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α. αp is not always a rational point, so look at points and curves over number fields.

38 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α. αp is not always a rational point, so look at points and curves over number fields. Unique factorization in number fields only for ideals, so B α is an ideal.

39 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α. αp is not always a rational point, so look at points and curves over number fields. Unique factorization in number fields only for ideals, so B α is an ideal. Do all properties generalize? Growth. Divisibility: if α β, then B α B β. Strong divisibility: gcd(b α, B β ) = B gcd(α,β). If v(b α ) >> 0, then v(b αβ ) = v(b α ) + v(β). Primitive divisors.

40 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α. αp is not always a rational point, so look at points and curves over number fields. Unique factorization in number fields only for ideals, so B α is an ideal. Do all properties generalize? Growth. yes, with norms N(α) instead of squares n 2 Divisibility: if α β, then B α B β. Strong divisibility: gcd(b α, B β ) = B gcd(α,β). If v(b α ) >> 0, then v(b αβ ) = v(b α ) + v(β). Primitive divisors.

41 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α. αp is not always a rational point, so look at points and curves over number fields. Unique factorization in number fields only for ideals, so B α is an ideal. Do all properties generalize? Growth. yes, with norms N(α) instead of squares n 2 Divisibility: if α β, then B α B β. yes, but some work or use Néron models Strong divisibility: gcd(b α, B β ) = B gcd(α,β). If v(b α ) >> 0, then v(b αβ ) = v(b α ) + v(β). Primitive divisors.

42 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α. αp is not always a rational point, so look at points and curves over number fields. Unique factorization in number fields only for ideals, so B α is an ideal. Do all properties generalize? Growth. yes, with norms N(α) instead of squares n 2 Divisibility: if α β, then B α B β. yes, but some work or use Néron models Strong divisibility: gcd(b α, B β ) = B gcd(α,β). yes If v(b α ) >> 0, then v(b αβ ) = v(b α ) + v(β). Primitive divisors.

43 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α. αp is not always a rational point, so look at points and curves over number fields. Unique factorization in number fields only for ideals, so B α is an ideal. Do all properties generalize? Growth. yes, with norms N(α) instead of squares n 2 Divisibility: if α β, then B α B β. yes, but some work or use Néron models Strong divisibility: gcd(b α, B β ) = B gcd(α,β). yes If v(b α ) >> 0, then v(b αβ ) = v(b α ) + v(β). yes Primitive divisors.

44 Elliptic divisibility sequences with CM Look at αp for all α End(E) to get B α. αp is not always a rational point, so look at points and curves over number fields. Unique factorization in number fields only for ideals, so B α is an ideal. Do all properties generalize? Growth. yes, with norms N(α) instead of squares n 2 Divisibility: if α β, then B α B β. yes, but some work or use Néron models Strong divisibility: gcd(b α, B β ) = B gcd(α,β). yes If v(b α ) >> 0, then v(b αβ ) = v(b α ) + v(β). yes Primitive divisors.?

45 Silverman s proof? Assume that O is a principal ring. The original proof gives at best ( log D α ĥ(p) N(α) 1 N(π) 1 o(1) π α There are now too many small primes, because half of the primes split. ).

46 Silverman s proof? Assume that O is a principal ring. The original proof gives at best ( log D α ĥ(p) N(α) 1 N(π) 1 o(1) π α There are now too many small primes, because half of the primes split. Solution: Inclusion-exclusion. ).

47 The proof (1) Inclusion-exclusion works best with unique factorization.

48 The proof (1) Inclusion-exclusion works best with unique factorization. The ring O = End(E) does not always have unique factorization, but the set of ideals of O coprime to the conductor of O does.

49 The proof (1) Inclusion-exclusion works best with unique factorization. The ring O = End(E) does not always have unique factorization, but the set of ideals of O coprime to the conductor of O does. Define B a for every ideal a by B a = gcd α a B α. In other words, B a is the largest ideal such that αp reduces to (0 : 1 : 0) modulo B a for all α a.

50 The proof (1) Inclusion-exclusion works best with unique factorization. The ring O = End(E) does not always have unique factorization, but the set of ideals of O coprime to the conductor of O does. Define B a for every ideal a by B a = gcd α a B α. In other words, B a is the largest ideal such that αp reduces to (0 : 1 : 0) modulo B a for all α a. Then generalize the properties.

51 The proof (2) For the growth, we need points.

52 The proof (2) For the growth, we need points. There is a natural way to associate to every a a homomorphism of elliptic curves a : E E.

53 The proof (2) For the growth, we need points. There is a natural way to associate to every a a homomorphism of elliptic curves a : E E. Its image E depends only on the ideal class of a, so we get points ap on a finite set of elliptic curves.

54 The proof (2) For the growth, we need points. There is a natural way to associate to every a a homomorphism of elliptic curves a : E E. Its image E depends only on the ideal class of a, so we get points ap on a finite set of elliptic curves. Their denominators are almost equal to the B 2 a s and we can apply David s theorem to each of the (finitely many) curves.

55 The proof (2) For the growth, we need points. There is a natural way to associate to every a a homomorphism of elliptic curves a : E E. Its image E depends only on the ideal class of a, so we get points ap on a finite set of elliptic curves. Their denominators are almost equal to the B 2 a s and we can apply David s theorem to each of the (finitely many) curves. Inclusion-exclusion and Mertens theorem then prove the existence of primitive divisors.

56 Results (1) Theorem For all ideals a O coprime to the conductor of O, except finitely many, the term B a has a primitive divisor.

57 Results (2) For Z-indexed sequences, the methods give the following: Theorem log D n = ĥ(p) n 2 (1 p 2 ) + O(n ɛ ), p n where p n (1 p 2 ) is between ζ(2) 1 > and 1. (compare to log D n ĥ(p)n 2 (0.547 o(1)).)

58 Results (3) Suppose that E and P are defined over a number field L and that not all endomorphisms of E are defined over L. Then they are defined over a quadratic extension M/L. Consider the Z-indexed sequence of L-ideals B 1, B 2, B 3,.... Corollary Define for all n Z, the numbers r n = #{p n prime : p ramifies in End(E)}, s n = #{p n prime : p splits in End(E)}. Then for all but finitely many n, the term B n has at least r n + s n + 1 primitive divisors, of which at least s n split in M/L.

59 Open problems Prove the conjectures of Gunther Cornelissen and Karim Zahidi. Give a good definition of divisibility sequence for an abelian variety... indexed by (a subring of) the endomorphism ring. preprint: