DENOMINATORS OF IGUSA CLASS POLYNOMIALS
Size: px
Start display at page:

Download "DENOMINATORS OF IGUSA CLASS POLYNOMIALS"

Transcription

1 DENOMINATORS OF IGUSA CLASS POLYNOMIALS KRISTIN LAUTER AND BIANCA VIRAY Abstract. In [LVb], the authors proved an explicit formula for the arithmetic intersection number (CM(K).G ) on the Siegel moduli space of abelian surfaces, under some assumptions on the quartic CM field K. These intersection numbers allow one to compute the denominators of Igusa class polynomials, which has important applications to the construction of genus curves for use in cryptography. One of the main tools in the proof was a previous result of the authors [LVa] generalizing the singular moduli formula of Gross and Zagier. The current paper combines the arguments of [LVa, LVb] and presents a direct proof of the main arithmetic intersection formula. We focus on providing a stream-lined account of the proof such that the algorithm for implementation is clear, and we give applications and examples of the formula in corner cases.. Introduction Igusa defined a collection of invariants for genus curves and proved expressions for them in terms of quotients of Siegel modular forms. For genus curves with complex multiplication (CM) by a primitive quartic CM field K, these invariants lie in the Hilbert class field of the reflex field of K, and their minimal polynomials, Igusa class polynomials, have coefficients which are rational, not necessarily integral as is the case for Hilbert class polynomials related to invariants of elliptic curves. Ignoring cancellation with numerators, the primes which appear in the denominators of Igusa class polynomials are those which appear in (CM(K).G ), the arithmetic intersection on the Siegel moduli space of the divisor of the Siegel modular form χ 0 with the CM points of K. In [GL07], it was proved that these primes are those p for which there is a solution to an Embedding Problem, that is, there exists an embedding of O K into M (B p, ) with certain properties. Studying this embedding problem, [GL07] gave a bound on the primes which can appear, and [GL] gave a bound on the powers to which they can appear. At the same time, Bruinier and Yang, using methods from Arakelov intersection theory, gave a conjectural exact formula for the factorization of the denominators under certain conditions on the ramification in the primitive quartic CM field K [BY06]. They assume that the discriminant of K is p q, where p and q are both primes congruent to (mod ). In [Yan0b, Yan3], Yang gave a detailed treatment of the Embedding Problem and used it, along with other techniques, to prove the conjectured intersection formula assuming the ring integers of K is generated by one element over the ring of integers of the real quadratic subfield. Yang s proof uses results of Gross-Keating, and then computes local densities by evaluating certain local integrals over the quaternions. In practice, very few primitive quartic CM fields have ramification of such restricted form. In [GJLL + ], the authors studied all 3 quartic cyclic CM fields in van Wamelen s tables of The second author was partially supported by Microsoft Research and NSF grant DMS

2 CM genus curves defined over Q, compared denominators with the number of solutions to the Embedding Problem and Bruinier and Yang s formula, and found that the assumptions on the ramification of K are necessary for the Bruinier-Yang formula to hold. For applications to the computation of genus curves for cryptography, it is important to have a precise formula for the denominators of Igusa class polynomials which holds for general primitive quartic CM fields. An arithmetic intersection formula for (CM(K).G ) was proved in [LVb], extending the conjecture of Bruinier and Yang to general primitive quartic CM fields K with almost no assumptions on K. Furthermore, for all primitive quartic CM fields K, the formula proved in [LVb] gives an upper bound on prime powers in the denominator which is very accurate for the purpose of efficiently computing Igusa class polynomials. This solves the problem of estimating or clearing denominators of Igusa class polynomials from a practical point of view, for any primitive quartic CM field K, and gives strong motivation for an effective algorithm for computing the formula in practice. One of the main tools in [LVb] is earlier work of the two authors that generalizes the singular moduli formula of Gross and Zagier [GZ85]. As [LVb] cites only the results of [LVa], the algorithmic nature of the proof of the formula for (CM(K).G ) may not be readily apparent. The present paper combines the results of [LVa, LVb] and presents a direct proof of the main arithmetic intersection formula. The proof is more explicit than what is given in those two papers, but relies on the same building blocks. Here we revisit those ideas, and include all details necessary for implementing an algorithm to compute the formula. The main new content is in Section 5, where the direct proof is presented. We focus on providing a stream-lined account of the proof such that the algorithm for implementation is clear, and we give applications and examples of the formula in corner cases in Sections 8, 9. The statement of the theorem and an outline of the proof is given in Section, and a summary pulling all the steps of the proof together is given in Section 7. The strategy of our proof is as follows: to study and characterize solutions to the Embedding Problem, we first fix the embedding of the real quadratic subfield, as Yang did in [Yan0b, Yan3]. Then through a series of calculations explained in Section it becomes possible to see that solutions can be parameterized by pairs of endomorphisms of a supersingular elliptic curve E, x, u End(E) with a fixed norm and trace. This in turn is related to the counting problem studied by Gross and Zagier [GZ85] in their formula for the factorization of differences of singular moduli: counting simultaneous embeddings of maximal orders from two distinct imaginary quadratic fields, Q( d ) and Q( d ), into a maximal order in the quaternion algebra B p,. To solve this problem Gross and Zagier gave an explicit description of all maximal orders in B p, with an optimal embedding of the maximal order in Q( p), for p prime. In follow-up work, Dorman [Dor89] extended their description to work for maximal orders in B p, with an optimal embedding of a maximal order in an imaginary quadratic field that is unramified at. To solve the Embedding Problem, explicit descriptions of maximal orders in the quaternion algebra with an optimal embedding of arbitrary quadratic orders are needed. The fact that the quadratic orders which arise may have even discriminant makes the genus theory required for our formula considerably more difficult. The explicit descriptions of maximal orders in the quaternion algebra were given in [LVa], where a broad generalization of Gross and

3 Zagier s theorem on singular moduli was proved as a consequence. In Section we repeat the definitions and statements about the maximal orders in B p, with an optimal embedding of a non-maximal quadratic order without proof, since the notation is needed for the proof of the main theorem. A solution to the embedding problem is actually given by a pair of supersingular elliptic curves E and E modulo p, an embedding of the ring of integers of the real quadratic subfield of K into End(E E ), along with a pair of endomorphisms x End(E ) and z End(E ) and an isogeny y between them satisfying certain properties. In order to convert pairs of solutions x, u End(E ) into an actual solution to the Embedding Problem, there is another counting problem to be solved, namely counting ideals with certain properties in a quaternion algebra. The counting formula which solves this problem is stated in Theorem 6.., and was proved in [LVb]. Finally, in 8, we explain how this intersection number gives a sharp bound for the denominators of Igusa class polynomials, and we give several concrete examples in Section 9. These examples illustrate various complexities that arise in the formulae for corner cases.. Main Theorem Let K be a primitive quartic CM field, let F denote its real quadratic subfield, and let D denote the discriminant of O F. We assume that O K is generated over O F by one element, say η, so O K = O F [η]. If this assumption does not hold, then Theorem.3 in [LVb] gives an upper bound on the intersection number. Let D denote N F/Q ( DiscK/F (O K ) ) and let α 0, α, β 0, β Z be such that D + D D + D Tr K/F (η) = α 0 + α, N K/F (η) = β 0 + β. For any positive integer δ such that D δ =, we define ( ) c K (δ) := δ α0 + α 0 α D + α D D β 0 β D, ( ) and let a := D D δ, where we take the non-negative square root. Then for any integer n such that D (n + c K (δ)), we define d u (n) = (α δ) + (n + c K(δ))δ, D t x = α 0 + aα, ( d x (n) = (α 0 + aα ) β 0 + aβ + (n + c ) K(δ)), D t xu (n) = β δ + (D a) (n + c K(δ)) D s (n) = t x α δ t xu (n), t w (n) = α 0 + (D a)α, n w (n) = β 0 + (D a)β + (n + c K(δ)). D 3

4 Our main theorem gives a counting formula for an arithmetic intersection number, which is defined as a weighted sum of lengths of local rings at points in the intersection as follows: (CM(K).G ) l = log l # Aut(P ) length ÕG CM(K),P (.) P (CM(K) G )(F l ) where ÕG CM(K),P is the local ring of G CM(K) at P. Our counting formula is stated in terms of the quantities M(δ, n, f) and I(δ, n, f). The precise definition of M(δ, n, f) is given in Definition 5..: it is a weighted ideal count of certain invertible ideals of norm N in the imaginary quadratic order of discriminant d, where N and d are determined by (δ, n, f), and the sum is weighted by multiplicity and a factor which determines the genus class. The definition of I(δ, n, f) is given in Theorem 6.., and it counts the number of left integral ideals of a maximal order in a quaternion algebra with special properties defined by (δ, n, f). Let B (δ, n, f) = I(δ, n, f)m(δ, n, f). Theorem.0.. Let l be a prime different from. If l δ for any positive integer δ of the form D, then = ε(n) B (δ, n, f), otherwise, where C δ = (CM(K).G ) l log l (CM(K).G ) l log l { if δ = D otherwise, δ Z >0 δ= D δ Z >0 δ= D ε(n) = C δ C δ n Z δ D n D lz >0 D (n+c K (δ)) n Z δ D n D lz >0 D (n+c K (δ)) ε(n) f Z >0 δ D n Df lz >0 f Z >0 δ D n Df lz >0 B (δ, n, f), { 0 if v l (d u (n)) > and v l (d x (n)) > otherwise. Remark.0.. If O K is not generated by a single element over O F, then the proof instead gives an upper bound. For any integral element η K \ F, let D η := N F/Q (Disc K/F (η)) and let ( ) c η (δ) := δ α0 + α 0 α D + α D D β 0 β D, where α i and β i are defined in terms of η as above. Then (CM(K).G ) l log l δ Z >0 δ= D C δ min η O K \O F gcd([o K :O F [η]],lδ)= where the factor of can be removed if l δ. n Z δ Dη n lz D >0 D (n+c η(δ)) ε(n) f Z >0 δ Dη n Df lz >0 B (δ, n, f),

5 Proof of Main Theorem. G parametrizes products of elliptic curves with the product polarization, so a point P (G CM(K)) (F l ) corresponds to an isomorphism class of a pair of elliptic curves E, E, and an embedding ι: O K End(E E ). In addition, the embedding must be such that the action of complex conjugation agrees with the Rosati involution induced by the product polarization, i.e., ( ) ( ) g, g if ι(α) =, g where g g, g i,j Hom(E j, E i ), then ι(α) =, g,, g, g,, where g denotes the dual isogeny of g (see [GL07, p. 6]). Two tuples (E, E, ι: O K End(E E )) and (E, E, ι : O K End(E E )) are isomorphic if there exists an isomorphism ψ : E E E E such that ψ ι(α) = ι (α) ψ α O K, and ψ g ψ = ( ψ g ψ ) g End(E E ). We study the isomorphism classes by first fixing elliptic curves in each isomorphism class and then ranging over isomorphism classes of embeddings. When E i = E i, then the tuples are isomorphic if there exists a ψ Aut(E E ) such that ψ ι(α) = ι (α) ψ for all α O K and ψψ = ; this last condition is equivalent to the condition on the Rosati involution that is described at the beginning of the paragraph. Given two elliptic curves E, E over F l, the deformation space of E, E is W[[t, t ]], where W denotes the Witt ring of F l. Let E, E be the universal curves over this space and let I E,E,ι W[[t, t ]] denote the minimal ideal such that there exists an ι: O K End W[[t,t ]]/I that agrees with ι after reducing modulo the maximal ideal of W[[t E,E,ι, t ]]. Then we have length ÕG CM(K),P = length W[[t, t ]]/I E,E,ι, for any point P (E, E, ι) (G CM(K)) (F l ). Thus, (.) can be rewritten as (CM(K).G ) l = log l # Aut(E, E, ι) length W[[t, t ]], (.) iso. classes E,E ι: O K End(E E ) as above I E,E,ι where Aut(E, E, ι) := {σ Aut(E E ) : σι(α)σ = ι(α) α O K and σσ = }. The condition that σσ = ensures that σ preserves the product polarization. Since O K = O F [η], giving an embedding ι End(E E ) is equivalent to giving two elements Λ, Λ End(E E ) such that Λ DΛ + D D Λ Λ = Λ Λ, Λ + Λ = α 0 + α Λ, = 0. ( The equivalence is obtained by letting Λ = ι Λ Λ = β 0 + β Λ, and D+ D ), Λ = ι(η). This equivalence is a more precise reformulation of the Embedding Problem than the version used in [GL07, p. 63], where the elements from O K being embedded were of a simpler form and were not 5

6 necessarily generators of O K. By representing elements in End(E E ) as matrices (g i,j ) where g i,j End(E j, E i ) and expanding the above relations, we see that ( ) ( ) a b x y Λ = b, Λ D a = α b y, z where a Z, b, y Hom(E, E ), x End(E ), and z End(E ) satisfy D (D a) δ := N(b) =, (.3) Tr(x) = α 0 + aα, (.) Tr(z) = α 0 + (D a)α, (.5) Tr(yb ) = Tr(y b) = N(b)α, (.6) N(x) + N(y) = β 0 + aβ, (.7) N(z) + N(y) = β 0 + (D a)β, (.8) β b = α xb xy + yz (.9) bz = xb + (D a)y (.0) ( ) 0 After possibly conjugating Λ, Λ by and interchanging E 0, E, we may assume that a D. Then a is uniquely determined by δ. Thus for a fixed δ, the embedding ι is determined by a tuple (x, y, b, z) satisfying the above relations. Motivated by the definition of isomorphism of triples (E, E, ι) given above, we say that such two tuples (x, y, b, z), (x, y, b, z ) are isomorphic if In particular, xφ = φ x, bφ = φ b, yφ = φ y, zφ = φ z, for some φ i Aut(E i ). Aut(x, y, b, z) := {φ i Aut(E i ) : xφ = φ x, bφ = φ b, yφ = φ y, zφ = φ z}. If δ D, then (x, y, b, z) is isomorphic to (x, y, b, z ) if and only if the corresponding embeddings are isomorphic and # Aut(x, y, b, z) = # Aut(E, E, ι). If δ = D, then the situation is more complicated. If E E, then (x, y, b, z) and (z, y, b, x) correspond to the same embedding, although we do not say that they are isomorphic as tuples. If E = E, then for each tuple (x, y, b, z) we have two possibilities. Either there exists an (x, y, b, z ) that is not isomorphic to (x, y, b, z) but corresponds to an isomorphic embedding, or # Aut(x, y, b, z) = # Aut(E, E, ι), where ι is the corresponding embedding. In either case, we see that the number of isomorphism classes of tuples (x, y, b, z) weighted by is double the number of embeddings also weighted by. # Aut # Aut This discussion shows that (.) can be rewritten in terms of tuples (x, y, b, z), namely (CM(K).G ) l log l = δ Z >0 δ= D C δ E E x,y,b,z up to iso. as above # Aut(x, y, b, z) length W[[t, t ]] I x,y,b,z, (.) where C δ = if δ = D and otherwise, and where I x,y,b,z W[[t, t ]] is the minimal ideal such that there exists x End W[[t,t ]]/I x,y,b,z (E ), ỹ, b Hom W[[t,t ]]/I x,y,b,z (E, E ), z End W[[t,t ]]/I x,y,b,z (E ) 6

7 that reduce to x, y, b, z respectively, modulo the maximal ideal of W[[t, t ]]. Fix δ, E, E, and assume that there exists a tuple (x, y, b, z) as above. Then, there exists x, u := yb End(E ) satisfying Tr(x) = α 0 + aα, (.) Tr(u) = δα, (.3) δ N(x) + N(u) = δ (β 0 + β a), (.) (D a) N (u) + δ Tr (xu ) = β δ, (.5) where a Z is such that a D/ and (D a) = D δ. This is easy to check using the relations (.) (.0) on (x, y, b, z). We will complete the proof of the theorem in two steps in sections 5 and 6, respectively, () Calculate the number of (E, x, u) satisfying (.) (.5)( 5), and () For a fixed (E, x, u) determine the number of (E, y, b, z) such that u = yb and (x, y, b, z), satisfy (.) (.0) ( 6). As it is not necessarily obvious how the arguments in sections through 6 come together, we summarize the argument in 7. In the next two sections we present the necessary background to continue with these steps of the proof. These notation and statements are taken from [LVa] and the proofs are omitted. 3. Background: quadratic imaginary orders This section is taken from Section 5 of [LVa]. Let O be an order in a quadratic imaginary field, and let d be the discriminant of O. Let a be an ideal in O. If O is not maximal, then we can not necessarily write a uniquely as a product of primes. However, we can always write a uniquely as a product of primary ideals where no two ideals in the factorization are supported at the same prime. Precisely, for any prime p, define a p := O ao p. Then a = p a p, and since for any distinct primes p, q, a p and a q are co-maximal, we have that a = p a p. (See [Neu99, Prop.3] for more details.) If there is a unique prime p O lying over p, then we will often write a p instead of a p. We will often be concerned with the special case where a = D := do. If p d is odd, then for a, b O, the difference a b D p if and only if Tr(a) Tr(b) (mod p vp(d) ). If p = d, then a b D if and only if a 0 b 0 (mod v(d) ) and a b (mod ), where d+ a = a 0 + a d d+ and b = b 0 + b d. 3.. The Picard group. The Picard group of O, denoted Pic(O), is the group of invertible fractional ideals modulo fractional principal ideals. It is isomorphic to the form class group C(d), the group of classes of primitive positive definite forms of discriminant d [Cox89, 7]. We will use this isomorphism to determine whether there exists an ideal in Pic(O) of a certain norm. For more information on genus theory, i.e., the study of Pic(O)/ Pic(O), see [Cox89]. 7

8 Let p,..., p j be the distinct odd primes dividing d. Define j if d (mod ) or d (mod 6), k = j + if d 8, (mod 6) or d 6 (mod 3), j + if d 0 (mod 3). ( a For i =,..., j, we define χ pi (a) := for a coprime to p i. For a odd, we also define p i ) χ (a) := ( ) a, χ8 (a) := ( ) a 8. Then we define Ψ: (Z/dZ) {±} k as follows. (χ p,..., χ pj ) if d (mod ) or d (mod 6), (χ p,..., χ pj, χ ) if d (mod 6) or d 6 (mod 3), Ψ = (χ p,..., χ pj, χ 8 ) if d 8 (mod 3), (χ p,..., χ pj, χ χ 8 ) if d (mod 3), (χ p,..., χ pj, χ, χ 8 ) if d 0 (mod 3). For a prime p that divides d, but does not divide the conductor f of O, we define χ pi if p = p i, χ if p = and d (mod 6), Ψ p = χ 8 if p = and d 8 (mod 3), χ χ 8 if p = and d (mod 3). Let Ψ p be the projection of Ψ on the components that are complementary to the one that appears in Ψ p. If p f, then for n relatively prime to d one may check that Ψ p = (d, n) p where (d, n) p denotes the Hilbert symbol at p. We may use this equality to extend Ψ to (Z/fZ), by defining Ψ p (n) := (d, n) p. This map Ψ can be used to test when an ideal a is a square in the Picard group. Theorem 3.. ([Cox89, 3&7]). For any positive integer m prime to the conductor f of O d, there exists an invertible ideal a such that N(a) = m and [a] Pic(O d ) if and only if m ker Ψ. From this theorem, we can easily obtain the following corollary. Corollary 3... Let l be a prime that divides d, but does not divide the conductor f. Let a be an invertible integral ideal that is prime to the conductor. Then [a] Pic(O) if and only if N(a) ker Ψ l. Unfortunately, the map Ψ cannot be extended to all integers while still retaining the properties described in Theorem 3.. and Corollary 3... This is because it is possible to have two invertible ideals a, b O d with the same norm, such that ab Pic(O d ). This can only occur when the ideals are not prime to f. Let a be an integral invertible ideal that is supported at a single prime p that divides the conductor, i.e. a q = for all q p. Let α O be a generator for ao p such that gcd(n(α), f) is supported only at p. Then a ã in Pic(O), where ã := O p q p 8 (αo q ),

9 and N(ã) is coprime to the conductor. Thus, the genus of a is equal to Ψ(N(ã)). Since every ideal can be factored uniquely into comaximal primary ideals, this gives a method of computing the genus class of any ideal.. Parametrizing endomorphism rings of supersingular elliptic curves This section is taken from Section 6 of [LVa] with proofs omitted. Let l be a fixed prime and let O be a quadratic imaginary order of discriminant d such that l f := cond(d). We assume that l is not split in O. Let W be the ring of integers in Q unr l ( d), and write π for the uniformizer. By the theory of complex multiplication [Lan87, 0.3], the isomorphism classes of elliptic curves that have CM by O are in bijection with Pic(O), and every elliptic curve E with CM by O has a model defined over W. Moreover, by [ST68, Cor. ], we may assume that E has good reduction. Fix a presentation B l, of the quaternion algebra ramified at l and, and fix an embedding L := Frac(O) B l,. The goal of this section is to define, for every [a] Pic(O), a maximal order R(a) B l, such that () R(a) L = O, () R(a), together with the optimal embedding O R(a) is isomorphic to the embedding End(E(a)) End(E(a) mod π), where E(a) is the elliptic curve with CM by O that corresponds to a, and (3) b R(a)b = R(ab). Our construction of these maximal orders R(a) generalizes the work of Gross-Zagier [GZ85] and Dorman [Dor89], where they defined maximal orders with these properties under the assumption that d is prime [GZ85] or d is squarefree [Dor89]. We give the statements and definitions for arbitrary discriminants d and include the ramified case; for proofs we refer you to [LVa, 6]. Note that Goren and the first author have given a different generalization of Dorman s work [GL3] to higher dimensions, which works for CM fields K, characterizing superspecial orders in a quaternion algebra over the totally real field K + with an optimal embedding of O K +. That work also corrects the proofs of [Dor89], but in a slightly different way than we do here, and does not handle the ramified case or non-maximal orders..0.. Outline. In., we give an explicit presentation of B l, that we will use throughout. The construction of the maximal orders R(a) depends on whether l is inert (.) or ramified (.3) in O... Representations of quaternion algebra. Given a fixed embedding ι: L B l,, the quaternion algebra B l, can be written uniquely as ι(l) ι(l)j, where j B l, is such that jι(α)j = ι(α), for all α L. Thus j defines a unique element in Q / N(L ). From now on, we will represent B l, as a sub-algebra of M (L) as follows. { ( ) } α β B l, = [α : β] := j : α, β L. (.) β α Under this representation, ι: L B l,, ι(α) = [α, 0]. If l is unramified in O then we may assume that j = lq, where q is a prime such that lq ker Ψ and q d. If l is ramified, then we may assume that j = q where q ker Ψ l, 9

10 q ker Ψ l and q d. (The functions Ψ, Ψ l and Ψ l were defined in Section 3 above.) In both cases, these conditions imply that q is split in O... The inert case. Let a O be an integral invertible ideal such that gcd(f, N(a)) =. Let q be a prime ideal of O lying over q. For any λ O such that () λq aa O, and () N(λ) lq (mod d), we define R(a, λ) := { [α, β] : α D, β q l n D aa, α λβ O }. From this definition, it is clear that if λ satisfies () and () and λ λ (mod D), then R(a, λ) = R(a, λ ). We claim that, for any a and λ, R(a, λ) is a maximal order. Remark... Although Dorman [Dor89] does not include condition () in his definition, it is, in fact, necessary. Without this assumption R(a, λ) is not closed under multiplication, even if d is squarefree. This was already remarked on in [GL3]. Remark... Write λ = λ 0 +λ d+ d. If d is odd, then the congruence class of λ mod D is determined by λ 0 mod d. In addition, the condition that N(λ) lq (mod d) is equivalent to the condition that λ 0 lq (mod d). Therefore, if d is odd, then we may think of λ as an integer, instead of as an element of O. This was the point of view taken in [GZ85,Dor89]. Lemma..3. R(a, λ) is an order with discriminant l, and so it is maximal. Proof. [LVa, Section 6] Given an ideal a, we will now construct a λ = λ a satisfying conditions () and (). Since we want our orders R(a) := R(a, λ a ) to satisfy R(a)b = br(ab) the relationship between λ a and λ ab will be quite important. In fact, the relation R(O)a = ar(a) shows that R(a) is determined from R(O) and so λ a mod D is determined by λ O mod D.... Defining λ a. For all regular ramified primes p, fix two elements λ (p), λ (p) O with norm congruent to lq mod p v(d) such that λ (p) λ (p) (mod D p ). For all irregular ramified primes p, fix λ (p) O such that N(λ (p) ) lq (mod p v(d) ). For any prime ideal p of O that is prime to D, let M(p) denote a fixed integer that is divisible by N(p) and congruent to (mod d). For any product of regular ramified primes b d := p regular p D p ep, we write λ bd λ bd mod D p for any element in O such that { λ (p) if e p 0 (mod ) λ (p) if e p (mod ) for all regular primes p and λ b λ (p) (mod D p ) for all irregular primes. These conditions imply that λ bd is well-defined modulo D. Let a be an invertible integral ideal O such that gcd(n(a), f) =. Then we may factor a as a a d, where a is prime to the discriminant and a d is supported only on regular ramified 0

11 ( ) primes. We define λ a := p a M(p) vp(a ) M(q)λ ad. Note that it follows from this definition that λ a is well-defined modulo D and, importantly, that λ a satisfies λ a q aa O and N(λ a ) lq mod d. Lemma... Let a, b be two invertible ideals in O that are prime to the conductor. Assume that a and ab are both integral. Then Proof. [LVa, Section 6] R(a, λ a )b = br(ab, λ ab )..3. The ramified case. Let a O be an integral invertible ideal such that gcd(f, N(a)) =. Let q be a prime ideal of O lying over q. For any λ O such that () λq aa O, and () N(λ) q (mod d/l), we define R(a, λ) := { [α, β] : α ld, β q ld aa, α λβ O }. From this definition, it is clear that if λ satisfies () and () and λ λ (mod Dl ), then R(a, λ) = R(a, λ ). We claim that, for any a and λ, R(a, λ) is a maximal order. Lemma.3.. R(a, λ) is an order of discriminant l, and so it is maximal. Proof. This proof is exactly the same as in the inert case after replacing q with q/l ( [LVa, Section 6])..3.. Defining λ a. For all regular ramified primes p, fix two elements λ (p), λ (p) O with norm congruent to q mod p v(d/l) such that λ (p) λ (p) (mod D p ). If p = l and l, then in addition we assume that λ l,0 = λ l,. For all irregular ramified primes p, fix λ (p) O such that N(λ (p) ) q (mod p v(d/l) ). For any prime ideal p of O that is coprime to D, let M(p) denote a fixed integer that is divisible by N(p) and congruent to (mod d). For any product of regular ramified primes b d := p regular p D p ep, we write λ bd λ bd mod D p for any element in O such that { λ (p) if e p 0 (mod ) λ (p) if e p (mod ) for all regular primes p and λ b λ (p) (mod D p ) for all irregular primes. These conditions imply that λ bd is well-defined modulo D. Let a be an invertible integral ideal O such that (N(a), f) =. Then we may factor a as a a d, where a is coprime( to the discriminant and a d is supported only on regular ramified ) primes. We define λ a := p a M(p) vp(a ) M(q)λ ad. Note that λ a is well-defined modulo D and that λ a satisfies λ a q aa O and N(λ a ) q mod d/l. Remark.3.. Since λ a λ al (mod Dl ) for any integral invertible ideal a, the corresponding orders R(a), R(al) are equal. This is not surprising, since E(a) = E(al) modulo π.

12 Lemma.3.3. Let a, b be two invertible ideals in O that are coprime to the conductor. We assume that a and ab are integral. Then Proof. [LVa, Section 6] R(a, λ a )b = br(ab, λ ab )... Elliptic curves with complex multiplication. Theorem... Let R be a maximal order of B l, such that R L = O, where the intersection takes place using the embedding of B l, M (L) given in (.). Then there is an integral invertible ideal a O coprime to the conductor such that R is conjugate to R(a, λ a ) by an element of L. Proof. [LVa, Section 6] Fix an element [τ (0) ] of discriminant d, and let E = E(τ 0 ) be an elliptic curve over W with j(e) = j(τ (0) ) and good reduction at π. Then we have an optimal embedding of O = End(E) into End W/π (E), a maximal order in B l,. Thus, by Theorem.., there is an element [a 0 ] Pic(O) such that the pair (End(E mod l), ι: O = End(E) End(E mod l)) is conjugate to R(a 0 ) with the diagonal embedding O R(a 0 ). Now let σ Gal(H/L) and consider the pair (End(E σ mod l), ι: O End(E σ mod l)). By class field theory, Gal(H/L) = Pic(O); let a = a σ be an invertible ideal that corresponds to σ; note that a is unique as an element of Pic(O). We assume that a is integral and coprime to the conductor. Since Hom(E σ, E) is isomorphic to a as a left End(E)-module, we have End(E σ mod l) = a End(E)a [CF67, Chap. XIII]. Thus, by Lemmas.. and.3.3, the pair corresponding to E σ is conjugate to R(a 0 a). We define R n (a) := { [α, β] : α D, β q l n D aa, α λ a β O }, R n (a) := { [α, β] : α D, β q l n D aa, α λ a β O }, if l d if l d One can easily check that R (a) = R(a), that n R n(a) = O and that { O + l n R (a) if l d, R n (a) = O + l n R (a), if l d Then by [Gro86, Prop. 3.3], End W/π n(e σ ) = R n (a 0 a). (.) 5. Calculating the number of (E, x, u) Proposition Let E be an elliptic curve over F l and assume that there exists x, u End(E) satisfying (.) (.5). Then E must be supersingular and there exists an n Z such that δ D n lz >0, and n + c δ (K) 0 (mod D), (5.) D

13 ( ) where c K (δ) := δ α0 + α 0 α D + α D D β 0 β D. Proof. [LVb, Prop 3.] Proposition 5.0. shows that the tuples (E, x, u) satisfying (.) (.5) can be partitioned by integers n satisfying (5.). By the proof of Proposition 5.0., fixing such an n implies that N(u) = n u (n), N(x) = n x (n), and Tr(xu ) = t xu (n) where n u (n) := δ(n + c Kδ), n x (n) := β 0 + aβ n u(n), & t xu (n) := β δ (D a) n u(n). D δ δ The trace of x and u are already determined by δ, so we define d u (n) := (α δ) n u (n) and d x (n) := (α 0 + aα ) n x (n). For the rest of the section, we assume that n is a fixed integer satisfying (5.). We define { } [(E, x, u)] : Tr(x) = α0 + aα E(n) :=, Tr(u) = α δ, N(u) = n u (n), N(x) = n x (n), Tr(xu, ) = t xu (n) where [(E, x, u)] denotes the isomorphism class of (E, x, u). 5.. Counting pairs of endomorphisms for a fixed n. Fix a prime l. Let t x, t u, t xu, n x, n u be integers such that either d x := t x n x or d u := t u n u is a quadratic discriminant fundamental at l and such that d x d u (t x t u t xu ) is nonzero. In the rest of this section we will count triples (E, x, u) where E is a supersingular elliptic curve over F l and x, u End(E) satisfy Tr(x) = t x, Tr(u) = t u, Tr(xu ) = t xu, N(x) = n x, and N(u) = n u. The formula for the number of such triples and the proof become significantly more technical if t x t u t xu has a common factor prime to l with either the conductor of d x or the conductor of d u. For the sake of exposition, we will first give the formula and proof in a less technical case ( 5..), and then we will consider the general case ( 5..) A simpler case. Let t x, t u, t xu, n x, n u, d x, d u be as above. We also assume that GCD(t x t x t xu, cond(d u )) is a power of l, where = l 0 is considered to be a power of l. Let v := v l (cond(d u )). Theorem 5... The number of triples (E, x, u) where E/F l is a supersingular elliptic curve, and x, u are endomorphisms satisfying is equal to deg(x) = n x, deg(u) = n u, Tr(x) = t x, Tr(u) = t u, Tr(xu ) = t xu A d ( dx d u (t x t u t xu ) l +v ) ρ d,l ( dx d u (t x t u t xu ) l +v where d = d u /l v, A d (N) := # {b O d : N(b) = N, b invertible }, and { 0 if Ψ d (N) Ψ d ( l) ρ d,l (N) := #{p:p (N,d),p l} otherwise. 3 ),

14 Proof. Since E is a supersingular elliptic curve, End(E) is a maximal order in the quaternion algebra B l,. Since End(E) contains u, Q[u] End(E) is an order in Q( d u ) of discriminant d = d u /f for some integer f. In addition, d must be fundamental at l [Vig80, Chap., Lemma.5], so l v must divide f. Fix such a d. Then, by Theorem.., End(E) [ t ] = R(a), u u+f d, 0, where a is an invertible ideal in O d. By [Gro86], if l is inert in O d, then a is well-defined as an element in Pic(O d ), and if l is ramified then there are choices for a Pic(O d ). Now we have to count the number of elements [α, β] in R(a) such that Tr([α, β]) = t x, N([α, β]) = n x, and Tr([α, β] [ tu+ d u, 0]) = t xu ; such [α, β] will correspond to the endomorphism x. The trace conditions imply that α = (txtu t xu )+txf d f d. Since α must be contained in D, we must have txtu t xu f Z. Using our assumption on the GCD of d and t x t u t xu, we must have that f = l v. So we have reduced to counting pairs (β, [a]) where c β := [ (txt u t xu )+t xf d N(c β ) = n x and a O d, an invertible ideal, under the assumption that f d N := d xd u (t x t u t xu ) = d xd u (t x t u t xu ) l v+ f l ], β R(a), is prime to the conductor of d. Since each pair (β, [a]) will correspond to a distinct (E, x, u) if l is inert, and, if l is ramified, then exactly pairs (β, [a]) will correspond to the same (E, x, u). This combined with the following proposition shows that the number of triples (E, x, u) is A(N)ρ d,l (N) as desired. Proposition 5... Let t x, t u, t xu, n x, n u Z be as defined at the beginning of the section. Let v = v l (cond(t u n u )), set f = l v, d = d u /f and set N := dxdu (txtu t xu ). Assume f l that N is prime to the conductor of d. Then there is an e ρ d,l (N)-to- map {(β, [a]) : c β R(a), N(c β ) = n x, a O d invertible} {b O d : N(b) = N, b invertible}, (β, a) βqdaa if l is inert in O d, (β, a) βl qdaa if l is ramified in O d. [ (txt where c β := u t xu )+t ] xf d f, β, and q is as defined in, and e is the ramification index d of l in O d. Proof. First we show that the map is well-defined if l is inert in O d. By the definition of R(a), β q D aa so βqdaa is integral. Since N(c β ) = n x, we have ( ( N(βqDaa ) = N(β)qd = d (t x t u t xu ) + t x f )) d n x N l f d = d ( n x (t ) xt u t xu ) t xf d l f d = ( f d(t lf x n x ) (t x t u t xu ) ) = N.

15 Since a and q are invertible and D is principal, βqdaa is invertible. A similar computation shows that the map is well-defined in the ramified case. Assume that N is coprime to the conductor of d. We first consider the case where Ψ d,p (N) Ψ d,p ( l) for some p l. First we assume that l is inert in O d. Since q was chosen such that Ψ d,p ( lq) = for all p l, Ψ d,p (N) Ψ d,p (q) for some prime p. Thus, by Theorem 3.., there is no ideal b O d such that [bq ] Pic(O d ) and N(b) = N so the domain must be empty. Now assume that l is ramified. In this case q was chosen such that Ψ d,p ( q) = for all p l so there is some p l such that Ψ d,p (N) Ψ d,p (lq). Therefore, again by Theorem 3.., there is no ideal b O d such that [blq ] Pic(O d ) and N(b) = N so again the domain must be empty. Now assume that Ψ d,p (N) = Ψ d,p ( l) for all p l. Then by our assumptions on q, Ψ l (N) = Ψ l (q) if l is inert, or such that Ψ l (N) = Ψ l (lq) if l is ramified. Fix an integral invertible ideal b in the codomain. By [LVa, Cor. 5.], if l is inert, b = γ a qaa for some invertible ideal a and γ a Q( d) (γ a is uniquely determined by a). Similarly, if l is ramified then b = γ a l qaa for some invertible ideal a and γ a Q( d) (again γ a is uniquely determined by a). Note that for every c Pic(O)[], b can also be written as γ ac qac(ac) if l is inert, and as γ ac l qac(ac) if l is ramified, where γ ac = γ a ɛ c / N(c) and c = (ɛ c ). Let β ac := γ ac / d so that b = β ac qdac(ac) in the inert case, and b = β ac l qdac(ac) in the ramified case. One can easily check that N(c βac ) = n x and that β ac q D ac(ac) in the inert case, and β ac q ld ac(ac) in the ramified case. Since N is an integer, t x t u t xu 0 (mod f), so (txtu t xu )+txf d f D. In the case l is ramified, one can show d that (txtu t xu )+txf d f ld. Therefore (β d ac, ac) is in the pre-image of b if and only if or equivalently, (t x t u t xu ) + t x f d f λ ac β ac O, d t x t u t xu f + t x d λac γ ac D. (5.) Fix c,..., c µ representatives for Pic(O)[], that are prime to the discriminant. To calculate the size of the pre-image of b, we need to determine for which c i (5.) holds. Since c i is prime to the discriminant, we may rewrite λ aci γ aci = (M(c i )ɛ c i / N(c i ))λ a γ a, where M(c i ) is as in subsection.3.. Applying [LVa, Lemmas 7.5 and 7.6] with a := txtu t xu + tx f d and b := λ a γ a completes the proof The general case. Now we would like to consider the case where N and cond(d u ) share common factors different from l. Theorem The number of triples (E, x, u) where E/F l is a supersingular elliptic curve, and x, u are endomorphisms satisfying deg(x) = n x, deg(u) = n u, Tr(x) = t x, Tr(u) = t u, Tr(xu ) = t xu 5

16 is equal to where and ρ () d (s, t) := ρ d,l (s, t) := f Z d:=d u/f Z fundamental at l ( ) dx d u (t x t u t xu ) à d f l { q if l inert in O d, r := l q otherwise. if d mod 6, s t mod or if 8 d, v (s) v (d) otherwise { ρ () d (s, t) #{p:vp(s) vp(d),p,l} for l #{p:vp(s) vp(d),p,l} for l =, ( ) tx t u t xu ρ d,l, t x, f { if 3 d, (s t) otherwise à d (N) := #{b O d : N(b) = N, b invertible, b r mod Pic(O d ) } a O d prime to d, ɛ O d such that γ = br aa, N(ɛ) (mod d), and ɛm(q)m(a)γ t xt u t xu f + t x d (mod d)}}, Moreover, there is an algorithm to compute Ãd(N) and Ãd(N) is always bounded above by A d (N). In addition, if N and the conductor of d, cond(d), share no common factors, à d (N) ρ d,l (N) = A d (N)ρ d,l (N). Proof. We will follow the proof of Theorem 5... Until the invocation of Proposition 5.., the only place the GCD assumption is used is in concluding that f = l v. In the general case, we are only able to conclude that l v f GCD(t x t u t xu, cond(d u )). So to count the tuples (E, x, u), we will sum over f as above, and try to follow the proof Proposition 5... It is still a necessary condition that Ψ d,p (N) = Ψ d,p ( l) for every prime p d, p (cond(d), N) (Ψ d,p (N) is undefined if p (cond(d), N)). However, as mentioned in 3, this is no longer sufficient. Thus instead of considering all ideals of norm N, as we do in the case where N is prime to the conductor, we must only consider ideals of norm N in a fixed genus. The rest of the proof can be applied in this more general case, until we cite [LVa, Lemma 7.5 and 7.6]. Lemma 7.6 of [LVa] no longer guarantees the existence of an ideal c such that (5.) holds. However, once the existence of such an ideal c is known, Lemmas 7.5 and 7.6 in [LVa] still give the exact number of ideal classes c for which (5.) holds. Thus the proof of the formula is complete. The proof of Proposition 5.. gives an algorithm to compute Ãd(N), and it is clear from the definition that Ãd(N) A d (N). The statement about equality follows from the above discussion. 6

17 5.. Multiplicity of pairs of endomorphisms. Proposition 5... Let E be a supersingular elliptic curve over F l, and let x, u End(E) be elements such that at least one of Disc(x), Disc(u) is fundamental at l and that the two orders Q(x) End(E), Q(u) End(E) have different discriminants. Then { v l (N) + if l d length (W Fl [[t]]/i x,u ) = µ Disc(x),Disc(u) (N) := (v l (N) + ) otherwise, where N := l (Disc(x) Disc(u) (Tr(x) Tr(u) Tr(xu )) ), and d {Disc(x), Disc(u)} is chosen so that it is a discriminant fundamental at l. Proof. [LVb, Theorem 3.3] In fact, it is always the case that if E = then at least one of d u (n), d x (n) is the discriminant of a quadratic imaginary order that is maximal at l. Lemma 5... Let E be a supersingular elliptic curve over F l and let x, u End(E) be endomorphisms satisfying (.) (.5). Then the indices [Q(x) End(E) : Z[x]] and [Q(u) End(E) : Z[u]] are relatively prime. In particular, at least one of Z[x], Z[u] is a quadratic imaginary order maximal at l. Proof. [LVb, Lemma 3.] 5.3. Automorphisms of triples (E, x, u). Fix a supersingular elliptic curve E, and two endomorphisms x, u such that the Z-algebra generated by x, u has rank. This is equivalent to the assumption that d x d u is not a square. We define Aut((E, x, u)) = {φ Aut(E) : φx = xφ, φu = uφ}. Since x, u generate a rank module, if φ commutes with x, u, then φ is in the center of End(E) Z Q. Since E is supersingular, End(E) is a maximal order in a quaternion algebra, so the center of End(E) Z Q is exactly Q. Therefore, for any (E, x, u) as above, Aut((E, x, u)) = {±}. 5.. Summary. Fix an odd prime l. To count solutions x, u, to the embedding problem for a fixed δ, we will range over the integers n which arise in Equation 5.. Then for a fixed δ and n, the trace and norm of x and u are expressed as above directly in terms of δ, n, and the generators for the quartic CM field K. Let t x, t u, t xu, n x, n u Z be such that d x := t x n x and d u := t u n u are quadratic imaginary discriminants, and at least one of d x, d u is fundamental at l. Let f Z be such that d := d u /f is still a quadratic imaginary discriminant. Definition 5... We define the quantity M(δ, n, f) as a weighted ideal count of certain invertible ideals of norm N in the order of discriminant d, weighted by the multiplicity and a factor which determines the genus class: M(δ, n, f) := Ãd(N) ρ d,l (s, t x )µ du,d x (Nf ). where N = f l (d xd u (t x t u t xu ) ), and s = f (t xt u t xu ). 7

18 Theorem 5... Define E = E(t x, t u, t xu, n x, n u, d) E/F l supersingular elliptic curve ; x, u End E such that := (E, x, u) : Tr(x) = t x, Tr(u) = t u, Tr(xu ) = t xu, N(x) = n x, N(u) = n u, and such that the order Q(u) End(E) has discriminant d. Then (E,x,u) E # Aut(E, x, u) lengthw[[t]] I x,u = M(δ, n, f). Proof. This is just a restated summary of the results in this section. 6. Determining the pre-image of (E, x, u) This section is taken from [LVb, Section 6] with proofs omitted. Fix an (E, x, u) satisfying (.) (.5). Assume that there exists an elliptic curve E, b, y Hom(E, E), and z End(E ) such that u = yb, bz = xb + (D a)y. Then there is a left integral ideal I := Hom(E, E) b of R := End(E) which has the following properties: () N(I) = δ, () δ, u I, and (3) w := x + (D a) u R(I), where R(I) denotes the right order of I. δ In addition, Deuring s correspondence between isogenies and ideals shows that a left ideal satisfying the above three properties uniquely determines E, b, y Hom(E, E), and z End(E ), up to isomorphisms of E and E. 6.. Formula for counting ideals. Using Deuring s correspondence, we have: Proposition 6... For a fixed triple (E, x, u) satisfying (.) (.5), # {(E, y, b, z) : u = yb, (x, y, b, z) satisfying (.) (.0)} = # {I := Hom(E, E) b : satisfying (), (), (3)}. The following Theorem gives a formula for the number of left ideals satisfying properties (), (), and (3). Theorem 6... Let E be a supersingular elliptic curve and assume there exists x, u End(E) satisfying (.) (.5). Let f Z >0 be such that Q(u) End(E) is an order of discriminant d := Disc(u). Then f I(δ, n, f) := # {(E, y, b, z) : u = yb, (x, y, b, z) satisfying (.) (.0)} = 8 p δ,p l v p(δ) j=0 j v p(δ) mod j r p (t w, n w ), I (p)

19 where t w = α 0 + (D a)α n w = β 0 + (D a)β + (n + c K(δ)) ( D r p = max v p (δ) v ( p GCD(t w, n w, f ) ) ), 0 I C (a, a 0 ) = I (p) C (a, a 0 ) = { #{ t mod p C : t a t + a 0 0 (mod p C )} if C 0, 0 if C < Concluding the proof of Main Theorem Now we resume our proof of Theorem.0.. Recall that we had shown that (CM(K).G ) l log l = δ Z >0 δ= D C δ E E x,y,b,z up to iso. as above # Aut(x, y, b, z) length W[[t, t ]]. I x,y,b,z The arguments in [LVb, Lemma 3.0] show that # Aut(x, y, b, z) = ( and [LVb, Proposition 3.] shows that the length of W[[t,t ]] I x,y,b,z is bounded above by length W[[t ]] I x,u ), and if l δ, then length W[[t, t ]] I x,y,b,z = length W[[t ]] I x,u. Thus it follows that the intersection number can be rewritten as (CM(K).G ) l log l = δ Z >0 δ= D C δ E E x,y,b,z up to iso. as above # Aut(x, yb ) length W[[t ]], I x,yb as long as l δ for any δ, and that (CM(K).G ) l log l δ Z >0 δ= D C δ E E x,y,b,z up to iso. as above 9 # Aut(x, yb ) length W[[t ]], I x,yb

20 for any δ. Using the results from 5,6 we will rearrange the terms as follows I l := C δ # Aut(x, yb ) length W[[t ]] I x,yb δ Z >0 δ= D = δ Z >0 δ= D = δ Z >0 δ= D C δ C δ E Recall from 6 that E (E,x,u) up to iso. as above x,y,b,z up to iso. as above # Aut(x, u) length W[[t ]] # {(E, y, b, z) as above : u = yb } I x,u n Z s.t. δ D n D lz >0 n c K (δ) (mod D) ε(n) f Z >0 δ D n Df lz >0 (E,x,u) Disc(u)=d u(n) Q(u) End(E)=O du(n)/f # Aut(x, u) length W[[t ]] # {(E, y, b, z) as above : u = yb } I x,u # {(E, y, b, z) as above : u = yb } = p δ,p l v p(δ) j=0 j v p(δ) mod j r p (Tr(w), N(w)). By the definition of w and Proposition 5.0., we see that all of the quantities on the righthand side can be defined in terms of δ, n and f. Thus I l can be rewritten as = ε(n) I(δ, n, f) δ Z >0 δ= D C δ n Z s.t. δ D n D lz >0 n c K (δ) (mod D) f Z >0 δ D n Df lz >0 (E,x,u) Disc(u)=d u(n) Q(u) End(E)=O du(n)/f I (p) # Aut(x, u) length W[[t ]] I x,u By Theorem 5.., this is equal to = δ Z >0 δ= D C δ n Z s.t. δ D n D lz >0 n c K (δ) (mod D) ε(n) f Z >0 δ D n Df lz >0 I(δ, n, f)m(δ, n, f), which completes the proof. 8. Relationship to Igusa class polynomials 8.. Igusa invariants and Igusa class polynomials. One of the immediate applications of the arithmetic intersection formula we have proved is to improve algorithms for computing 0

21 Igusa class polynomials for generating genus curves for use in cryptography. Roots of Igusa class polynomials are Igusa invariants of genus curves whose Jacobians have CM by a primitive quartic CM field K. Igusa class polynomials can be hard to compute, mostly because provably recovering the rational coefficients from approximations requires a bound on the denominators. Recognizing algebraic numbers, either in Q or in a number field, is harder than recognizing algebraic integers. Our formula can be used to clear denominators in complex analytic approximations to the Igusa class polynomials, reducing the problem to recognizing integer coefficients. Analogous techniques apply to improving the CRT approach to computing class polynomials, where a multiple of the denominator is needed [EL05], and to the p-adic approach [GHK + 06]. Igusa invariants can be defined in terms of modular functions on the Siegel moduli space: i = 3 5 χ5, i χ 6 = E ( χ 3, i 0 χ 3 = 5 E6 χ E ) χ 3, 0 χ 3 0 χ 0 where χ 0 and χ are Siegel modular cusp forms of weights 0 and which can be expressed in terms of the Siegel-Eisenstein series E w for w =, 6, 0, (see [Igu6],[Igu67]). Igusa class polynomials are the genus analogue of Hilbert class polynomials, defined as follows: H l (X) := τ (X i l (τ)), l =,, 3, (8.) where the product is taken over all points τ on the Siegel moduli space such that the associated principally polarized abelian variety has CM by O K. Igusa class polynomials have rational coefficients [Spa9, Satz 5.8] (as opposed to integral coefficients as in the case of Hilbert class polynomials). The denominators of Igusa class polynomials are related to arithmetic intersection numbers on the Siegel moduli space of principally polarized abelian surfaces. It is a classical fact that the zero locus of χ 0 on the coarse moduli space of abelian surfaces consists of exactly those abelian surfaces that decompose as a product of elliptic curves with the product polarization. The arithmetic analogue of this statement was proved in [GL07, Cor 5..], that if a prime p divides the denominator of (f/χ k 0)(τ), for τ a CM point corresponding to a smooth curve C and f a Siegel modular form of weight 0k with integral Fourier coefficients with GCD, then C has bad reduction modulo p. Computing the order of zeros of χ 0 is equivalent to computing the arithmetic intersection number, div(χ 0 ).CM(K), of the divisor of χ 0 with the cycle of CM points associated to K. The practical impact of Theorem.0. is that any of the algorithms [Spa9, vw99, Wen03, EL05, GHK + 06, Str, LY, ET, CDSLY, LNY] to compute minimal polynomials of invariants of genus curves with CM by K can be improved by multiplying by our formula to obtain polynomials with integral coefficients. In all cases, our formula gives an integer multiple of the denominators: even if the restriction that we placed on K is not satisfied, (O K = O F [η]), our formula still gives a bound on the denominator because η still has to embed in the endomorphism ring of the product, even if η does not generate all of O K. Our formula does not take into account any cancellation between primes in the denominator and numerators of Igusa invariants, but in that case our formula still gives a multiple of the denominator.

22 9. Examples 9.. Example. K = Q( ), l = 7 In this example we will apply the theorems of this paper to predict the power to which the prime l = 7 appears in the denominator of the constant terms of the Igusa class polynomials for K. Note that these class polynomials were computed in [GL, Section 3.6.3] and so from that calculation we know that (CM(K).G ) 7 =.The class number of K is and the field discriminant is 7 7 3, so 7 is a ramified prime in K. This particular example was chosen to illustrate the fact that there is some subtlety in the formula in the case that N and the conductor of d u share common factors other than l. At the same time, this example also illustrates the need to compute the expression defined in Theorem 6.. for the number of solutions to the Embedding Problem defined by a pair of endomorphisms x, u. D+ Writing O K = O F [η], we have Tr K/F (η) = α 0 + α D D+, and N K/F (η) = β 0 + β D, where α 0 =, α = 0, β 0 = 9, β =, D = 7. The only possible δ values are, and. For each δ, the only possible value for n where the prime l = 7 occurs is n = 0. We first consider δ = and n = 0; then d x (n) = 9 and d u (n) = 56. When f =, i.e. when Z[u] is optimally embedded, we want to count ideals of norm N = 8. There is ideal of norm 8 of the correct genus, but this ideal does not satisfy the congruence condition. Therefore there are no (x, u) with δ =, n = 0, and Z[u] optimally embedded. When f =, i.e. when the maximal order containing u is optimally embedded, we want to count ideals of norm 7. There is ideal of norm 7 of the correct genus and it automatically satisfies the congruence condition. So there is one (x, u) with δ =, n = 0, and the maximal order containing u optimally embedded. However, there is no left ideal corresponding to an isogeny b. We have p =, v(δ) =. The number of ideals is the number of solutions modulo to t t + 9. This is empty, so there are no left ideals with the desired properties, and thus no solutions to the Embedding Problem (x, y, b, z) with δ =, n = 0, and Z[u] not optimally embedded. Now consider δ = : then d x (n) = 75, d u (n) = 56. Since d u (n) is fundamental, we need only consider when f =, i.e. when u is optimally embedded. In this case, we want to count ideals of norm 7 of the correct genus; there is exactly of these, so we get one (x, u) with δ =, n = 0, and u optimally embedded. Now we need to calculate #(x, y, b, z). We have p =, c = 0, r =, and we want to count the number of solutions modulo to t + t +, which is, of course,. This solution has multiplicity, so according to our main theorem, the intersection number at the prime 7 has multiplicity = , which agrees with the prediction coming from the calculation of the Igusa class polynomials. 9.. Example. K = Q( ), l = 3 This example focuses on a CM field K which does not satisfy the assumptions of the Bruinier-Yang formula, i.e. when D and D are not primes congruent to mod ; in this example, D = 6 3. For this field, the Bruinier-Yang formula (as stated) underestimates the value of (CM(K)G ) 3 [GJLL + ]. Indeed, by van Wamelen the value of (CM(K)G ) 3 is, whereas the value predicted by the Bruinier-Yang formula is.

Similar documents

DENOMINATORS OF IGUSA CLASS POLYNOMIALS. Kristin Lauter and Bianca Viray

DENOMINATORS OF IGUSA CLASS POLYNOMIALS. Kristin Lauter and Bianca Viray Publications mathématiques de Besançon 20/2,5-30 DENOMINATORS OF IGUSA CLASS POLYNOMIALS by Kristin Lauter and Bianca Viray Abstract. In [22], the authors proved an explicit formula for the arithmetic

More information

ON SINGULAR MODULI FOR ARBITRARY DISCRIMINANTS

ON SINGULAR MODULI FOR ARBITRARY DISCRIMINANTS ON SINGULAR MODULI FOR ARBITRARY DISCRIMINANTS KRISTIN LAUTER AND BIANCA VIRAY Abstract. Let d and d be discriminants of distinct quadratic imaginary orders O d and O d and let J(d, d ) denote the product

More information

Bad reduction of genus 3 curves with Complex Multiplication

Bad reduction of genus 3 curves with Complex Multiplication Bad reduction of genus 3 curves with Complex Multiplication Elisa Lorenzo García Universiteit Leiden Joint work with Bouw, Cooley, Lauter, Manes, Newton, Ozman. October 1, 2015 Elisa Lorenzo García Universiteit

More information

Constructing genus 2 curves over finite fields

Constructing genus 2 curves over finite fields Constructing genus 2 curves over finite fields Kirsten Eisenträger The Pennsylvania State University Fq12, Saratoga Springs July 15, 2015 1 / 34 Curves and cryptography RSA: most widely used public key

More information

FORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS

FORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS Sairaiji, F. Osaka J. Math. 39 (00), 3 43 FORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS FUMIO SAIRAIJI (Received March 4, 000) 1. Introduction Let be an elliptic curve over Q. We denote by ˆ

More information

Igusa Class Polynomials

Igusa Class Polynomials Genus 2 day, Intercity Number Theory Seminar Utrecht, April 18th 2008 Overview Igusa class polynomials are the genus 2 analogue of the classical Hilbert class polynomial. For each notion, I will 1. tell

More information

Elliptic Curves Spring 2015 Lecture #23 05/05/2015

Elliptic Curves Spring 2015 Lecture #23 05/05/2015 18.783 Elliptic Curves Spring 2015 Lecture #23 05/05/2015 23 Isogeny volcanoes We now want to shift our focus away from elliptic curves over C and consider elliptic curves E/k defined over any field k;

More information

HONDA-TATE THEOREM FOR ELLIPTIC CURVES

HONDA-TATE THEOREM FOR ELLIPTIC CURVES HONDA-TATE THEOREM FOR ELLIPTIC CURVES MIHRAN PAPIKIAN 1. Introduction These are the notes from a reading seminar for graduate students that I organised at Penn State during the 2011-12 academic year.

More information

Quaternions and Arithmetic. Colloquium, UCSD, October 27, 2005

Quaternions and Arithmetic. Colloquium, UCSD, October 27, 2005 Quaternions and Arithmetic Colloquium, UCSD, October 27, 2005 This talk is available from www.math.mcgill.ca/goren Quaternions came from Hamilton after his really good work had been done; and, though beautifully

More information

On elliptic curves in characteristic 2 with wild additive reduction

On elliptic curves in characteristic 2 with wild additive reduction ACTA ARITHMETICA XCI.2 (1999) On elliptic curves in characteristic 2 with wild additive reduction by Andreas Schweizer (Montreal) Introduction. In [Ge1] Gekeler classified all elliptic curves over F 2

More information

NUNO FREITAS AND ALAIN KRAUS

NUNO FREITAS AND ALAIN KRAUS ON THE DEGREE OF THE p-torsion FIELD OF ELLIPTIC CURVES OVER Q l FOR l p NUNO FREITAS AND ALAIN KRAUS Abstract. Let l and p be distinct prime numbers with p 3. Let E/Q l be an elliptic curve with p-torsion

More information

Height pairings on Hilbert modular varieties: quartic CM points

Height pairings on Hilbert modular varieties: quartic CM points Height pairings on Hilbert modular varieties: quartic CM points A report on work of Howard and Yang Stephen Kudla (Toronto) Montreal-Toronto Workshop on Number Theory Fields Institute, Toronto April 10,

More information

14 Ordinary and supersingular elliptic curves

14 Ordinary and supersingular elliptic curves 18.783 Elliptic Curves Spring 2015 Lecture #14 03/31/2015 14 Ordinary and supersingular elliptic curves Let E/k be an elliptic curve over a field of positive characteristic p. In Lecture 7 we proved that

More information

CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES. Reinier Bröker

CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES. Reinier Bröker CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES Reinier Bröker Abstract. We give an algorithm that constructs, on input of a prime power q and an integer t, a supersingular elliptic curve over F q with trace

More information

Some algebraic number theory and the reciprocity map

Some algebraic number theory and the reciprocity map Some algebraic number theory and the reciprocity map Ervin Thiagalingam September 28, 2015 Motivation In Weinstein s paper, the main problem is to find a rule (reciprocity law) for when an irreducible

More information

COUNTING MOD l SOLUTIONS VIA MODULAR FORMS

COUNTING MOD l SOLUTIONS VIA MODULAR FORMS COUNTING MOD l SOLUTIONS VIA MODULAR FORMS EDRAY GOINS AND L. J. P. KILFORD Abstract. [Something here] Contents 1. Introduction 1. Galois Representations as Generating Functions 1.1. Permutation Representation

More information

Public-key Cryptography: Theory and Practice

Public-key Cryptography: Theory and Practice Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 2: Mathematical Concepts Divisibility Congruence Quadratic Residues

More information

Shimura Degrees, New Modular Degrees, and Congruence Primes

Shimura Degrees, New Modular Degrees, and Congruence Primes Shimura Degrees, New Modular Degrees, and Congruence Primes Alyson Deines CCR La Jolla October 2, 2015 Alyson Deines (CCR La Jolla) Shimura Degrees, New Modular Degrees, and Congruence Primes 1 / 34 Elliptic

More information

Genus 2 Curves of p-rank 1 via CM method

Genus 2 Curves of p-rank 1 via CM method School of Mathematical Sciences University College Dublin Ireland and Claude Shannon Institute April 2009, GeoCrypt Joint work with Laura Hitt, Michael Naehrig, Marco Streng Introduction This talk is about

More information

Elliptic Curves Spring 2015 Lecture #7 02/26/2015

Elliptic Curves Spring 2015 Lecture #7 02/26/2015 18.783 Elliptic Curves Spring 2015 Lecture #7 02/26/2015 7 Endomorphism rings 7.1 The n-torsion subgroup E[n] Now that we know the degree of the multiplication-by-n map, we can determine the structure

More information

w d : Y 0 (N) Y 0 (N)

w d : Y 0 (N) Y 0 (N) Upper half-plane formulas We want to explain the derivation of formulas for two types of objects on the upper half plane: the Atkin- Lehner involutions and Heegner points Both of these are treated somewhat

More information

From K3 Surfaces to Noncongruence Modular Forms. Explicit Methods for Modularity of K3 Surfaces and Other Higher Weight Motives ICERM October 19, 2015

From K3 Surfaces to Noncongruence Modular Forms. Explicit Methods for Modularity of K3 Surfaces and Other Higher Weight Motives ICERM October 19, 2015 From K3 Surfaces to Noncongruence Modular Forms Explicit Methods for Modularity of K3 Surfaces and Other Higher Weight Motives ICERM October 19, 2015 Winnie Li Pennsylvania State University 1 A K3 surface

More information

Don Zagier s work on singular moduli

Don Zagier s work on singular moduli Don Zagier s work on singular moduli Benedict Gross Harvard University June, 2011 Don in 1976 The orbit space SL 2 (Z)\H has the structure a Riemann surface, isomorphic to the complex plane C. We can fix

More information

FACTORIZATION OF IDEALS

FACTORIZATION OF IDEALS FACTORIZATION OF IDEALS 1. General strategy Recall the statement of unique factorization of ideals in Dedekind domains: Theorem 1.1. Let A be a Dedekind domain and I a nonzero ideal of A. Then there are

More information

Computing the endomorphism ring of an ordinary elliptic curve

Computing the endomorphism ring of an ordinary elliptic curve Computing the endomorphism ring of an ordinary elliptic curve Massachusetts Institute of Technology April 3, 2009 joint work with Gaetan Bisson http://arxiv.org/abs/0902.4670 Elliptic curves An elliptic

More information

Galois Representations

Galois Representations 9 Galois Representations This book has explained the idea that all elliptic curves over Q arise from modular forms. Chapters 1 and introduced elliptic curves and modular curves as Riemann surfaces, and

More information

Hermitian modular forms congruent to 1 modulo p.

Hermitian modular forms congruent to 1 modulo p. Hermitian modular forms congruent to 1 modulo p. arxiv:0810.5310v1 [math.nt] 29 Oct 2008 Michael Hentschel Lehrstuhl A für Mathematik, RWTH Aachen University, 52056 Aachen, Germany, hentschel@matha.rwth-aachen.de

More information

Dirichlet Series Associated with Cubic and Quartic Fields

Dirichlet Series Associated with Cubic and Quartic Fields Dirichlet Series Associated with Cubic and Quartic Fields Henri Cohen, Frank Thorne Institut de Mathématiques de Bordeaux October 23, 2012, Bordeaux 1 Introduction I Number fields will always be considered

More information

ON FINITENESS CONJECTURES FOR ENDOMORPHISM ALGEBRAS OF ABELIAN SURFACES

ON FINITENESS CONJECTURES FOR ENDOMORPHISM ALGEBRAS OF ABELIAN SURFACES ON FINITENESS CONJECTURES FOR ENOMORPHISM ALGEBRAS OF ABELIAN SURFACES NILS BRUIN, E. VICTOR FLYNN, JOSEP GONZÁLEZ, AN VICTOR ROTGER Abstract. It is conjectured that there exist only finitely many isomorphism

More information

Representation of prime numbers by quadratic forms

Representation of prime numbers by quadratic forms Representation of prime numbers by quadratic forms Bachelor thesis in Mathematics by Simon Hasenfratz Supervisor: Prof. R. Pink ETH Zurich Summer term 2008 Introduction One of the most famous theorems

More information

Theorem 5.3. Let E/F, E = F (u), be a simple field extension. Then u is algebraic if and only if E/F is finite. In this case, [E : F ] = deg f u.

Theorem 5.3. Let E/F, E = F (u), be a simple field extension. Then u is algebraic if and only if E/F is finite. In this case, [E : F ] = deg f u. 5. Fields 5.1. Field extensions. Let F E be a subfield of the field E. We also describe this situation by saying that E is an extension field of F, and we write E/F to express this fact. If E/F is a field

More information

Algebraic number theory Revision exercises

Algebraic number theory Revision exercises Algebraic number theory Revision exercises Nicolas Mascot (n.a.v.mascot@warwick.ac.uk) Aurel Page (a.r.page@warwick.ac.uk) TA: Pedro Lemos (lemos.pj@gmail.com) Version: March 2, 20 Exercise. What is the

More information

Introduction to Elliptic Curves

Introduction to Elliptic Curves IAS/Park City Mathematics Series Volume XX, XXXX Introduction to Elliptic Curves Alice Silverberg Introduction Why study elliptic curves? Solving equations is a classical problem with a long history. Starting

More information

Computations/Applications

Computations/Applications Computations/Applications 1. Find the inverse of x + 1 in the ring F 5 [x]/(x 3 1). Solution: We use the Euclidean Algorithm: x 3 1 (x + 1)(x + 4x + 1) + 3 (x + 1) 3(x + ) + 0. Thus 3 (x 3 1) + (x + 1)(4x

More information

Point counting and real multiplication on K3 surfaces

Point counting and real multiplication on K3 surfaces Point counting and real multiplication on K3 surfaces Andreas-Stephan Elsenhans Universität Paderborn September 2016 Joint work with J. Jahnel. A.-S. Elsenhans (Universität Paderborn) K3 surfaces September

More information

An Introduction to Supersingular Elliptic Curves and Supersingular Primes

An Introduction to Supersingular Elliptic Curves and Supersingular Primes An Introduction to Supersingular Elliptic Curves and Supersingular Primes Anh Huynh Abstract In this article, we introduce supersingular elliptic curves over a finite field and relevant concepts, such

More information

Twists of elliptic curves of rank at least four

Twists of elliptic curves of rank at least four 1 Twists of elliptic curves of rank at least four K. Rubin 1 Department of Mathematics, University of California at Irvine, Irvine, CA 92697, USA A. Silverberg 2 Department of Mathematics, University of

More information

Applications of Complex Multiplication of Elliptic Curves

Applications of Complex Multiplication of Elliptic Curves Applications of Complex Multiplication of Elliptic Curves MASTER THESIS Candidate: Massimo CHENAL Supervisor: Prof. Jean-Marc COUVEIGNES UNIVERSITÀ DEGLI STUDI DI PADOVA UNIVERSITÉ BORDEAUX 1 Facoltà di

More information

CLASS INVARIANTS FOR QUARTIC CM FIELDS

CLASS INVARIANTS FOR QUARTIC CM FIELDS CLASS INVARIANTS FOR QUARTIC CM FIELDS EYAL Z. GOREN & KRISTIN E. LAUTER Abstract. One can define class invariants for a quartic primitive CM field K as special values of certain Siegel (or Hilbert) modular

More information

Primes of the Form x 2 + ny 2

Primes of the Form x 2 + ny 2 Primes of the Form x 2 + ny 2 Steven Charlton 28 November 2012 Outline 1 Motivating Examples 2 Quadratic Forms 3 Class Field Theory 4 Hilbert Class Field 5 Narrow Class Field 6 Cubic Forms 7 Modular Forms

More information

Mathematics for Cryptography

Mathematics for Cryptography Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1

More information

Explicit Complex Multiplication

Explicit Complex Multiplication Explicit Complex Multiplication Benjamin Smith INRIA Saclay Île-de-France & Laboratoire d Informatique de l École polytechnique (LIX) Eindhoven, September 2008 Smith (INRIA & LIX) Explicit CM Eindhoven,

More information

Computing modular polynomials in dimension 2 ECC 2015, Bordeaux

Computing modular polynomials in dimension 2 ECC 2015, Bordeaux Computing modular polynomials in dimension 2 ECC 2015, Bordeaux Enea Milio 29/09/2015 Enea Milio Computing modular polynomials 29/09/2015 1 / 49 Computing modular polynomials 1 Dimension 1 : elliptic curves

More information

THE UNIT GROUP OF A REAL QUADRATIC FIELD

THE UNIT GROUP OF A REAL QUADRATIC FIELD THE UNIT GROUP OF A REAL QUADRATIC FIELD While the unit group of an imaginary quadratic field is very simple the unit group of a real quadratic field has nontrivial structure Its study involves some geometry

More information

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013 18.78 Introduction to Arithmetic Geometry Fall 013 Lecture #4 1/03/013 4.1 Isogenies of elliptic curves Definition 4.1. Let E 1 /k and E /k be elliptic curves with distinguished rational points O 1 and

More information

Gaussian integers. 1 = a 2 + b 2 = c 2 + d 2.

Gaussian integers. 1 = a 2 + b 2 = c 2 + d 2. Gaussian integers 1 Units in Z[i] An element x = a + bi Z[i], a, b Z is a unit if there exists y = c + di Z[i] such that xy = 1. This implies 1 = x 2 y 2 = (a 2 + b 2 )(c 2 + d 2 ) But a 2, b 2, c 2, d

More information

Factorization in Polynomial Rings

Factorization in Polynomial Rings Factorization in Polynomial Rings Throughout these notes, F denotes a field. 1 Long division with remainder We begin with some basic definitions. Definition 1.1. Let f, g F [x]. We say that f divides g,

More information

c ij x i x j c ij x i y j

c ij x i x j c ij x i y j Math 48A. Class groups for imaginary quadratic fields In general it is a very difficult problem to determine the class number of a number field, let alone the structure of its class group. However, in

More information

CLASS INVARIANTS FOR QUARTIC CM FIELDS

CLASS INVARIANTS FOR QUARTIC CM FIELDS CLASS INVARIANTS FOR QUARTIC CM FIELDS EYAL Z. GOREN & KRISTIN E. LAUTER Abstract. One can define class invariants for a quartic primitive CM field K as special values of certain Siegel (or Hilbert) modular

More information

Introduction to Shimura Curves

Introduction to Shimura Curves Introduction to Shimura Curves Alyson Deines Today 1 Motivation In class this quarter we spent a considerable amount of time studying the curves X(N = Γ(N \ H, X 0 (N = Γ 0 (N \ H, X 1 (NΓ 1 (N \ H, where

More information

ANNALESDEL INSTITUTFOURIER

ANNALESDEL INSTITUTFOURIER ANNALESDEL INSTITUTFOURIER ANNALES DE L INSTITUT FOURIER Eyal Z. GOREN & Kristin E. LAUTER Class Invariants for Quartic CM Fields Tome 57, n o 2 (2007), p. 457-480.

More information

Modular forms and the Hilbert class field

Modular forms and the Hilbert class field Modular forms and the Hilbert class field Vladislav Vladilenov Petkov VIGRE 2009, Department of Mathematics University of Chicago Abstract The current article studies the relation between the j invariant

More information

Isogeny invariance of the BSD conjecture

Isogeny invariance of the BSD conjecture Isogeny invariance of the BSD conjecture Akshay Venkatesh October 30, 2015 1 Examples The BSD conjecture predicts that for an elliptic curve E over Q with E(Q) of rank r 0, where L (r) (1, E) r! = ( p

More information

TORSION AND TAMAGAWA NUMBERS

TORSION AND TAMAGAWA NUMBERS TORSION AND TAMAGAWA NUMBERS DINO LORENZINI Abstract. Let K be a number field, and let A/K be an abelian variety. Let c denote the product of the Tamagawa numbers of A/K, and let A(K) tors denote the finite

More information

Residual modular Galois representations: images and applications

Residual modular Galois representations: images and applications Residual modular Galois representations: images and applications Samuele Anni University of Warwick London Number Theory Seminar King s College London, 20 th May 2015 Mod l modular forms 1 Mod l modular

More information

Rational Representations of Primes by Binary Quadratic Forms

Rational Representations of Primes by Binary Quadratic Forms Rational Representations of Primes by Binary Quadratic Forms Ronald Evans Department of Mathematics, 0112 University of California at San Diego La Jolla, CA 92093-0112 revans@ucsd.edu Mark Van Veen Varasco

More information

Abstracts of papers. Amod Agashe

Abstracts of papers. Amod Agashe Abstracts of papers Amod Agashe In this document, I have assembled the abstracts of my work so far. All of the papers mentioned below are available at http://www.math.fsu.edu/~agashe/math.html 1) On invisible

More information

MA 162B LECTURE NOTES: THURSDAY, FEBRUARY 26

MA 162B LECTURE NOTES: THURSDAY, FEBRUARY 26 MA 162B LECTURE NOTES: THURSDAY, FEBRUARY 26 1. Abelian Varieties of GL 2 -Type 1.1. Modularity Criteria. Here s what we ve shown so far: Fix a continuous residual representation : G Q GLV, where V is

More information

ψ l : T l (A) T l (B) denotes the corresponding morphism of Tate modules 1

ψ l : T l (A) T l (B) denotes the corresponding morphism of Tate modules 1 1. An isogeny class of supersingular elliptic curves Let p be a prime number, and k a finite field with p 2 elements. The Honda Tate theory of abelian varieties over finite fields guarantees the existence

More information

FOURIER COEFFICIENTS OF VECTOR-VALUED MODULAR FORMS OF DIMENSION 2

FOURIER COEFFICIENTS OF VECTOR-VALUED MODULAR FORMS OF DIMENSION 2 FOURIER COEFFICIENTS OF VECTOR-VALUED MODULAR FORMS OF DIMENSION 2 CAMERON FRANC AND GEOFFREY MASON Abstract. We prove the following Theorem. Suppose that F = (f 1, f 2 ) is a 2-dimensional vector-valued

More information

Igusa class polynomials

Igusa class polynomials Number Theory Seminar Cambridge 26 April 2011 Elliptic curves An elliptic curve E/k (char(k) 2) is a smooth projective curve y 2 = x 3 + ax 2 + bx + c. Q P P Q E is a commutative algebraic group Endomorphisms

More information

Hyperelliptic curves

Hyperelliptic curves 1/40 Hyperelliptic curves Pierrick Gaudry Caramel LORIA CNRS, Université de Lorraine, Inria ECC Summer School 2013, Leuven 2/40 Plan What? Why? Group law: the Jacobian Cardinalities, torsion Hyperelliptic

More information

How many elliptic curves can have the same prime conductor? Alberta Number Theory Days, BIRS, 11 May Noam D. Elkies, Harvard University

How many elliptic curves can have the same prime conductor? Alberta Number Theory Days, BIRS, 11 May Noam D. Elkies, Harvard University How many elliptic curves can have the same prime conductor? Alberta Number Theory Days, BIRS, 11 May 2013 Noam D. Elkies, Harvard University Review: Discriminant and conductor of an elliptic curve Finiteness

More information

2,3,5, LEGENDRE: ±TRACE RATIOS IN FAMILIES OF ELLIPTIC CURVES

2,3,5, LEGENDRE: ±TRACE RATIOS IN FAMILIES OF ELLIPTIC CURVES 2,3,5, LEGENDRE: ±TRACE RATIOS IN FAMILIES OF ELLIPTIC CURVES NICHOLAS M. KATZ 1. Introduction The Legendre family of elliptic curves over the λ-line, E λ : y 2 = x(x 1)(x λ), is one of the most familiar,

More information

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences. MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences. Congruences Let n be a postive integer. The integers a and b are called congruent modulo n if they have the same

More information

Algebraic number theory

Algebraic number theory Algebraic number theory F.Beukers February 2011 1 Algebraic Number Theory, a crash course 1.1 Number fields Let K be a field which contains Q. Then K is a Q-vector space. We call K a number field if dim

More information

Chapter 5. Modular arithmetic. 5.1 The modular ring

Chapter 5. Modular arithmetic. 5.1 The modular ring Chapter 5 Modular arithmetic 5.1 The modular ring Definition 5.1. Suppose n N and x, y Z. Then we say that x, y are equivalent modulo n, and we write x y mod n if n x y. It is evident that equivalence

More information

Class invariants by the CRT method

Class invariants by the CRT method Class invariants by the CRT method Andreas Enge Andrew V. Sutherland INRIA Bordeaux-Sud-Ouest Massachusetts Institute of Technology ANTS IX Andreas Enge and Andrew Sutherland Class invariants by the CRT

More information

Counting points on genus 2 curves over finite

Counting points on genus 2 curves over finite Counting points on genus 2 curves over finite fields Chloe Martindale May 11, 2017 These notes are from a talk given in the Number Theory Seminar at the Fourier Institute, Grenoble, France, on 04/05/2017.

More information

Cohomological Formulation (Lecture 3)

Cohomological Formulation (Lecture 3) Cohomological Formulation (Lecture 3) February 5, 204 Let F q be a finite field with q elements, let X be an algebraic curve over F q, and let be a smooth affine group scheme over X with connected fibers.

More information

ON GALOIS GROUPS OF ABELIAN EXTENSIONS OVER MAXIMAL CYCLOTOMIC FIELDS. Mamoru Asada. Introduction

ON GALOIS GROUPS OF ABELIAN EXTENSIONS OVER MAXIMAL CYCLOTOMIC FIELDS. Mamoru Asada. Introduction ON GALOIS GROUPS OF ABELIAN ETENSIONS OVER MAIMAL CYCLOTOMIC FIELDS Mamoru Asada Introduction Let k 0 be a finite algebraic number field in a fixed algebraic closure Ω and ζ n denote a primitive n-th root

More information

Maximal Class Numbers of CM Number Fields

Maximal Class Numbers of CM Number Fields Maximal Class Numbers of CM Number Fields R. C. Daileda R. Krishnamoorthy A. Malyshev Abstract Fix a totally real number field F of degree at least 2. Under the assumptions of the generalized Riemann hypothesis

More information

COMPLEX MULTIPLICATION: LECTURE 15

COMPLEX MULTIPLICATION: LECTURE 15 COMPLEX MULTIPLICATION: LECTURE 15 Proposition 01 Let φ : E 1 E 2 be a non-constant isogeny, then #φ 1 (0) = deg s φ where deg s is the separable degree of φ Proof Silverman III 410 Exercise: i) Consider

More information

COMPUTING ARITHMETIC PICARD-FUCHS EQUATIONS JEROEN SIJSLING

COMPUTING ARITHMETIC PICARD-FUCHS EQUATIONS JEROEN SIJSLING COMPUTING ARITHMETIC PICARD-FUCHS EQUATIONS JEROEN SIJSLING These are the extended notes for a talk given at the Fields Institute on August 24th, 2011, about my thesis work with Frits Beukers at the Universiteit

More information

Galois theory (Part II)( ) Example Sheet 1

Galois theory (Part II)( ) Example Sheet 1 Galois theory (Part II)(2015 2016) Example Sheet 1 c.birkar@dpmms.cam.ac.uk (1) Find the minimal polynomial of 2 + 3 over Q. (2) Let K L be a finite field extension such that [L : K] is prime. Show that

More information

ORAL QUALIFYING EXAM QUESTIONS. 1. Algebra

ORAL QUALIFYING EXAM QUESTIONS. 1. Algebra ORAL QUALIFYING EXAM QUESTIONS JOHN VOIGHT Below are some questions that I have asked on oral qualifying exams (starting in fall 2015). 1.1. Core questions. 1. Algebra (1) Let R be a noetherian (commutative)

More information

On the equality case of the Ramanujan Conjecture for Hilbert modular forms

On the equality case of the Ramanujan Conjecture for Hilbert modular forms On the equality case of the Ramanujan Conjecture for Hilbert modular forms Liubomir Chiriac Abstract The generalized Ramanujan Conjecture for unitary cuspidal automorphic representations π on GL 2 posits

More information

Some. Manin-Mumford. Problems

Some. Manin-Mumford. Problems Some Manin-Mumford Problems S. S. Grant 1 Key to Stark s proof of his conjectures over imaginary quadratic fields was the construction of elliptic units. A basic approach to elliptic units is as follows.

More information

15 Elliptic curves and Fermat s last theorem

15 Elliptic curves and Fermat s last theorem 15 Elliptic curves and Fermat s last theorem Let q > 3 be a prime (and later p will be a prime which has no relation which q). Suppose that there exists a non-trivial integral solution to the Diophantine

More information

Course 2316 Sample Paper 1

Course 2316 Sample Paper 1 Course 2316 Sample Paper 1 Timothy Murphy April 19, 2015 Attempt 5 questions. All carry the same mark. 1. State and prove the Fundamental Theorem of Arithmetic (for N). Prove that there are an infinity

More information

Igusa Class Polynomials

Igusa Class Polynomials , supported by the Leiden University Fund (LUF) Joint Mathematics Meetings, San Diego, January 2008 Overview Igusa class polynomials are the genus 2 analogue of the classical Hilbert class polynomials.

More information

The Fricke-Macbeath Curve

The Fricke-Macbeath Curve The Fricke-Macbeath Curve Jaap Top BIRS, September 28th, 2016 joint work with Carlo Verschoor (master s student in Groningen during 2014/15, currently PhD student with Frits Beukers, Utrecht) Some history

More information

φ(xy) = (xy) n = x n y n = φ(x)φ(y)

φ(xy) = (xy) n = x n y n = φ(x)φ(y) Groups 1. (Algebra Comp S03) Let A, B and C be normal subgroups of a group G with A B. If A C = B C and AC = BC then prove that A = B. Let b B. Since b = b1 BC = AC, there are a A and c C such that b =

More information

c Copyright 2012 Wenhan Wang

c Copyright 2012 Wenhan Wang c Copyright 01 Wenhan Wang Isolated Curves for Hyperelliptic Curve Cryptography Wenhan Wang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy University

More information

Formal Modules. Elliptic Modules Learning Seminar. Andrew O Desky. October 6, 2017

Formal Modules. Elliptic Modules Learning Seminar. Andrew O Desky. October 6, 2017 Formal Modules Elliptic Modules Learning Seminar Andrew O Desky October 6, 2017 In short, a formal module is to a commutative formal group as a module is to its underlying abelian group. For the purpose

More information

Elliptic Curves Spring 2013 Lecture #14 04/02/2013

Elliptic Curves Spring 2013 Lecture #14 04/02/2013 18.783 Elliptic Curves Spring 2013 Lecture #14 04/02/2013 A key ingredient to improving the efficiency of elliptic curve primality proving (and many other algorithms) is the ability to directly construct

More information

Cover Page. The handle holds various files of this Leiden University dissertation

Cover Page. The handle holds various files of this Leiden University dissertation Cover Page The handle http://hdl.handle.net/1887/37019 holds various files of this Leiden University dissertation Author: Brau Avila, Julio Title: Galois representations of elliptic curves and abelian

More information

Algebraic Number Theory

Algebraic Number Theory TIFR VSRP Programme Project Report Algebraic Number Theory Milind Hegde Under the guidance of Prof. Sandeep Varma July 4, 2015 A C K N O W L E D G M E N T S I would like to express my thanks to TIFR for

More information

8430 HANDOUT 6: PROOF OF THE MAIN THEOREM

8430 HANDOUT 6: PROOF OF THE MAIN THEOREM 8430 HANDOUT 6: PROOF OF THE MAIN THEOREM PETE L. CLARK 1. Proof of the main theorem for maximal orders We are now going to take a decisive step forward by proving the Main Theorem on which primes p are

More information

7 Orders in Dedekind domains, primes in Galois extensions

7 Orders in Dedekind domains, primes in Galois extensions 18.785 Number theory I Lecture #7 Fall 2015 10/01/2015 7 Orders in Dedekind domains, primes in Galois extensions 7.1 Orders in Dedekind domains Let S/R be an extension of rings. The conductor c of R (in

More information

24 Artin reciprocity in the unramified case

24 Artin reciprocity in the unramified case 18.785 Number theory I Fall 2017 ecture #24 11/29/2017 24 Artin reciprocity in the unramified case et be an abelian extension of number fields. In ecture 22 we defined the norm group T m := N (I m )R m

More information

Class invariants for quartic CM-fields

Class invariants for quartic CM-fields Number Theory Seminar Oxford 2 June 2011 Elliptic curves An elliptic curve E/k (char(k) 2) is a smooth projective curve y 2 = x 3 + ax 2 + bx + c. Q P E is a commutative algebraic group P Q Endomorphisms

More information

Modern Number Theory: Rank of Elliptic Curves

Modern Number Theory: Rank of Elliptic Curves Modern Number Theory: Rank of Elliptic Curves Department of Mathematics University of California, Irvine October 24, 2007 Rank of Outline 1 Introduction Basics Algebraic Structure 2 The Problem Relation

More information

Arithmetic Progressions Over Quadratic Fields

Arithmetic Progressions Over Quadratic Fields Arithmetic Progressions Over Quadratic Fields Alexander Diaz, Zachary Flores, Markus Vasquez July 2010 Abstract In 1640 Pierre De Fermat proposed to Bernard Frenicle de Bessy the problem of showing that

More information

Visibility and the Birch and Swinnerton-Dyer conjecture for analytic rank one

Visibility and the Birch and Swinnerton-Dyer conjecture for analytic rank one Visibility and the Birch and Swinnerton-Dyer conjecture for analytic rank one Amod Agashe February 20, 2009 Abstract Let E be an optimal elliptic curve over Q of conductor N having analytic rank one, i.e.,

More information

Graduate Preliminary Examination

Graduate Preliminary Examination Graduate Preliminary Examination Algebra II 18.2.2005: 3 hours Problem 1. Prove or give a counter-example to the following statement: If M/L and L/K are algebraic extensions of fields, then M/K is algebraic.

More information

Points of Finite Order

Points of Finite Order Points of Finite Order Alex Tao 23 June 2008 1 Points of Order Two and Three If G is a group with respect to multiplication and g is an element of G then the order of g is the minimum positive integer

More information

TAMAGAWA NUMBERS OF ELLIPTIC CURVES WITH C 13 TORSION OVER QUADRATIC FIELDS

TAMAGAWA NUMBERS OF ELLIPTIC CURVES WITH C 13 TORSION OVER QUADRATIC FIELDS TAMAGAWA NUMBERS OF ELLIPTIC CURVES WITH C 13 TORSION OVER QUADRATIC FIELDS FILIP NAJMAN Abstract. Let E be an elliptic curve over a number field K c v the Tamagawa number of E at v and let c E = v cv.

More information

On the generation of the coefficient field of a newform by a single Hecke eigenvalue

On the generation of the coefficient field of a newform by a single Hecke eigenvalue On the generation of the coefficient field of a newform by a single Hecke eigenvalue Koopa Tak-Lun Koo and William Stein and Gabor Wiese November 2, 27 Abstract Let f be a non-cm newform of weight k 2

More information

QUADRATIC RINGS PETE L. CLARK

QUADRATIC RINGS PETE L. CLARK QUADRATIC RINGS PETE L. CLARK 1. Quadratic fields and quadratic rings Let D be a squarefree integer not equal to 0 or 1. Then D is irrational, and Q[ D], the subring of C obtained by adjoining D to Q,

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback