Algorithmic Number Theory for Function Fields

Similar documents
WEIL DESCENT ATTACKS

FIELD THEORY. Contents

Part II Galois Theory

Some algebraic number theory and the reciprocity map

FORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS

On elliptic curves in characteristic 2 with wild additive reduction

Galois theory (Part II)( ) Example Sheet 1

A BRIEF INTRODUCTION TO LOCAL FIELDS

Lecture 2: Elliptic curves

Field Theory Qual Review

Weil pairing. Algant: Regensburg and Leiden Elliptic curves and Weil conjectures seminar, Regensburg. Wednesday 22 nd June, 2016.

Topics in Number Theory: Elliptic Curves

Alternative Models: Infrastructure

Are ζ-functions able to solve Diophantine equations?

The Kummer Pairing. Alexander J. Barrios Purdue University. 12 September 2013

Cover Page. The handle holds various files of this Leiden University dissertation

COMPLEX MULTIPLICATION: LECTURE 15

L-Polynomials of Curves over Finite Fields

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

CYCLOTOMIC FIELDS CARL ERICKSON

Algorithmic Number Theory in Function Fields

HONDA-TATE THEOREM FOR ELLIPTIC CURVES

Dirichlet Series Associated with Cubic and Quartic Fields

Igusa Class Polynomials

Elliptic curves over function fields 1

Cover Page. The handle holds various files of this Leiden University dissertation.

Math 429/581 (Advanced) Group Theory. Summary of Definitions, Examples, and Theorems by Stefan Gille

arxiv:math/ v1 [math.nt] 21 Sep 2004

Part II Galois Theory

Dirichlet Characters. Chapter 4

ORAL QUALIFYING EXAM QUESTIONS. 1. Algebra

University of Southern California, Los Angeles, University of California at Los Angeles, and Technion Israel Institute of Technology, Haifa, Israel

Elliptic Nets and Points on Elliptic Curves

Galois Representations

The Sato-Tate conjecture for abelian varieties

Introduction to Arithmetic Geometry Fall 2013 Lecture #23 11/26/2013

Cover Page. The handle holds various files of this Leiden University dissertation.

Congruent Number Problem and Elliptic curves

Riemann surfaces with extra automorphisms and endomorphism rings of their Jacobians

15 Elliptic curves and Fermat s last theorem

MA 162B LECTURE NOTES: THURSDAY, FEBRUARY 26

Computing complete lists of Artin representations given a group, character, and conductor bound

ALGEBRA PH.D. QUALIFYING EXAM September 27, 2008

Computing the image of Galois

Proof of the Shafarevich conjecture

Twists and residual modular Galois representations

Public-key Cryptography: Theory and Practice

Lemma 1.1. The field K embeds as a subfield of Q(ζ D ).

Profinite Groups. Hendrik Lenstra. 1. Introduction

Automorphisms and bases

Isogeny invariance of the BSD conjecture

THE JOHNS HOPKINS UNIVERSITY Faculty of Arts and Sciences FINAL EXAM - SPRING SESSION ADVANCED ALGEBRA II.

Lecture 8: The Field B dr

ON GALOIS GROUPS OF ABELIAN EXTENSIONS OVER MAXIMAL CYCLOTOMIC FIELDS. Mamoru Asada. Introduction

Galois groups with restricted ramification

Primes of the Form x 2 + ny 2

The Kronecker-Weber Theorem

1 Rings 1 RINGS 1. Theorem 1.1 (Substitution Principle). Let ϕ : R R be a ring homomorphism

GRE Subject test preparation Spring 2016 Topic: Abstract Algebra, Linear Algebra, Number Theory.

Residual modular Galois representations: images and applications

Contradiction. Theorem 1.9. (Artin) Let G be a finite group of automorphisms of E and F = E G the fixed field of G. Then [E : F ] G.

1, for s = σ + it where σ, t R and σ > 1

l-adic Representations

Primes of the form X² + ny² in function fields

this to include the explicit maps, please do so!

Sample algebra qualifying exam

Class Field Theory. Travis Dirle. December 4, 2016

Maximal Class Numbers of CM Number Fields

3. The Carlitz Module

NOTES ON FINITE FIELDS

Algebra Qualifying Exam Solutions. Thomas Goller

GEOMETRIC CLASS FIELD THEORY I

AN APPLICATION OF THE p-adic ANALYTIC CLASS NUMBER FORMULA

9. Finite fields. 1. Uniqueness

Titchmarsh divisor problem for abelian varieties of type I, II, III, and IV

DIRICHLET SERIES ASSOCIATED TO QUARTIC FIELDS WITH GIVEN RESOLVENT

COUNTING MOD l SOLUTIONS VIA MODULAR FORMS

Point counting and real multiplication on K3 surfaces

ABSTRACT ALGEBRA 2 SOLUTIONS TO THE PRACTICE EXAM AND HOMEWORK

KUMMER S CRITERION ON CLASS NUMBERS OF CYCLOTOMIC FIELDS

Topics in Algebraic Geometry

Computing coefficients of modular forms

p-adic fields Chapter 7

NUNO FREITAS AND ALAIN KRAUS

Name: Solutions Final Exam

Congruences and Residue Class Rings

Independence of Heegner Points Joseph H. Silverman (Joint work with Michael Rosen)

Generalised Jacobians in Cryptography and Coding Theory

On metacyclic extensions

CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES. Reinier Bröker

Hyperelliptic curves

Algebra Ph.D. Entrance Exam Fall 2009 September 3, 2009

ON THE SEMIPRIMITIVITY OF CYCLIC CODES

CYCLES OF QUADRATIC POLYNOMIALS AND RATIONAL POINTS ON A GENUS 2 CURVE

Pacific Journal of Mathematics

Arakelov theory and height bounds

The Riemann Hypothesis for Function Fields

arxiv: v4 [math.nt] 2 Dec 2015

Twisted L-Functions and Complex Multiplication

Local Class Field Theory I

Transcription:

Function Lecture 2 in the the and Algorithmic Number for Function Summer School UNCG 2016 Florian Hess 1 / 40

Function in the the and First Part 2 / 40

Function in the the and Notation Consider complete regular curves C over a field K. We can then equivalently work with F = K(C) only. Notation: Group of divisors Div(F /K). Subset of divisors of degree d: Div d (F /K). Subgroup of principal divisors of Princ(F /K). Class group or Picard group: Pic(F /K). Subgroup of class of degree d: Pic d (F /K). By definition, Pic(F /K) = Div(F /K)/Princ(F /K), Pic 0 (F /K) = Div 0 (F /K)/Princ(F /K). 3 / 40

Function Some Facts in the the and We have Pic(F /K) = Pic 0 (F /K) A, where A is a divisor of F /K with minimal positive degree. If K is a finite field are algebraically closed then deg(a) = 1. In the latter case A can be chosen to be a prime divisor. If K is finitely generated over its prime field then Pic 0 (F /K) is finitely generated. If K is a finite field then Pic 0 (F /K) is finite. Then usually #Pic 0 (F /K) (#K) g. 4 / 40

Function in the the and in the Representation of divisors: Divisors can be represented as a sum of places with integral coefficients, or as a pair of fractional ideals. Addition of divisors either by addition of coefficient vectors or multiplication of ideals. Equality by coefficientwise comparison or comparison of Hermite normal forms. Representation of divisor classes: By divisors, which can be suitably chosen, for example reduced divisors. Comparison via unique divisor class representatives, if they can be computed, or by the test deg(d) = deg(e) and L(D E) 0. This is usally efficient (polynomial time) in terms of operations in K. 5 / 40

Function in the the and Reduction of divisors: in the Fix a divisor A of positive degree. For every D there is D 0 and f F such that D = D ra + div(f ) and deg( D) g + deg(a) 1. If A is a prime divisor of degree one and r is minimal then D is uniquely determined. Class representatives: Thus [D] = [ D ra] for every divisor class. If A is a prime divisor of degree one then D ra can be uniquely chosen. 6 / 40

Function in the in the the and Reduction of divisors: The reduced divisor D can be computed by an iterative double-and-add method such that the runtime is polynomial in g, deg(a) and the length of D. Moreover, f is computed as a product of powers of elements of F and has length polynomial in g, deg(a) and the length of D. 7 / 40

Function in the the and in the These ideas can be optimised, for example by precomputations, and worked out in great detail. A (biased) selection of results: Cantor: If F /K is hyperelliptic then operations in Pic 0 (F /K) can be reduced to fast polynomial arithmetic in degree O(g), so the runtime is O (g). Makdisi: If F /K is arbitrary then operations in Pic 0 (F /K) can be reduced to fast matrix arithmetic in dimension O(g), so the runtime is O (g ω ). Hess-Junge: If F /K has a rational subfield of index n, where n = O(g) is always possible, then operations in Pic 0 (F /K) can be reduced to fast polynomial matrix arithmetic in dimension O(n) and degree O(g/n), so the runtime is O (n ω (g/n)). 8 / 40

Function the in the the and We assume that K is finite! Write q = #K. Have Pic 0 (F /K) = Z/c 1 Z Z/c 2g Z. with c i c i+1. Goal: Compute the c i. Compute images and preimages under a fixed isomorphism φ : Pic(F /K) Z Z/c 1 Z Z/c 2g Z. Denote by A a fixed divisor of degree one that maps under φ to the first cyclic factor of the codomain of φ. 9 / 40

Function in the the and the Algorithms that work for any finite abelian group G: Classic runtime O((#G) 1/2 ). Improvements often lead to O((#G) 1/3 ). So here roughly O (q g/2 ) or O (q g/3 ). Algorithms that use G = Pic 0 (F /K) usually employ an index calculus strategy: If q is small and g is large, the (heuristic) runtime is q (c+o(1))g 1/2 log(g) 1/2, and q (d+o(1))g 1/3 log(g) 2/3 ( ) in special families. If q is large and g 2 fixed, then O (q 2 2/g ) ( ). ( ) : This is for discrete logarithms, so restrictions may apply. 10 / 40

Function in the the and Setup: Index Calculus Let S denote the set of places of F /K of degree r, called factor basis. Let [D 1 ],..., [D s ] denote generators of Pic 0 /F /K). Relation search: Choose random λ i and compute [ D la] = i λ i[d i ] with D reduced. Factor D over S, if possible and obtain λ i [D i ] = [ D la] = l[a] + n P [P]. P S i Store λ i and n P as rows of a matrix and repeat. 11 / 40

Function Index Calculus in the the and Linear algebra: If matrix has full rank and sufficiently more rows than columns use a Hermite normal form computation to derive relations between the generators [D i ]. Use a Smith normal form computation to derive c 1,..., c 2g from those relations. Why does it work? There is a good upper bound on r. The class number can be efficiently approximated and checked against the computed c 1,..., c 2g. There is a reasonable good (heuristic) probability that enough relations are obtained. 12 / 40

Function in the the and Index Calculus Let N m denote the number of places of degree one in the constant field extension of F of degree m. Theorem. Suppose N r > (g 1)2q r/2. Then Pic(F /K) is generated by the places of degree r and the places in supp(a). Theorem. Let h = #Pic 0 (F /K). Then ( h log q g ) t m=1 q m ( Nm q m 1 ) m 2g q 1/2 1 q t/2 t + 1. Since c 1... c 2g is an integral multiple of h an approximation of log(h/q g ) up to an error of log(2)/3 is sufficient. 13 / 40

Function Some in the the and From the relations of the [D i ] it is easy to compute generators of Pic 0 (F /K) corresponding to the cyclic generators of the codomain of φ. We can thus also compute preimages under φ efficiently. Images φ([d]) are computed by adding [D deg(d)a] to the [D i ] and searching for relations. The runtime is then basically the same like that for computing the c 1,..., c 2g. This can directly be used to compute for an arbitrary S S-units U(S) = {f F supp(div(f )) S} and S-class groups Div(F /K)/( S + Princ(F /K)). 14 / 40

Function in the the and Second Part 15 / 40

Function in the the and Notation: Notation Let m denote an effective divisor, called modulus. Div m (F /K) group of divisors coprime to m. F m = {f F v P (f 1) v P (m) for all P} group of elements congruent to one modulo m. Princ m (F /K) = {div(f ) f F m }, the ray modulo m. Pic m (F /K) = Div m (F /K) / Princ m (F /K), the ray class group modulo m. φ m,n : Pic m (F /K) Pic n (F /K), [D] m [D] n for n m. We have Princ gcd(m,n) (F /K) = Princ m (F /K) + Princ n (F /K). The φ m,n are epimorphisms. 16 / 40

Function in the the and Artin Map Let E/F be a finite abelian extension. Let P be place of F /K and write N(P) = #O P /m P = q deg(p). If P is unramified in E/F then there is a uniquely determined σ P Gal(E/F ) satisfying σ P (x) x N(P) mod m Q for all places Q of E/K above P and all x O Q. Suppose E/F is unramified outside supp(m). The Artin map is defined as A E/F : Div m (F /K) Gal(E/F ), D P σ v P(D) P. 17 / 40

Function in the the and Theorem. Some Properties of the Artin Map The Artin map is surjective. If the multiplicities of m are large enough then Princ m (F /K) ker(a E/F ). Any m like in the theorem is called a modulus of E/F. There is a smallest modulus f(e/f ) of E/F, called conductor of E/F. Every place in m is ramified in E/F. If m is a modulus of E/F then regard A E/F : Pic m (F /K) Gal(E/F ). Thus if H = ker(a E/F ) then H has finite index in Pic m (F /K) and Gal(E/F ) = Pic m (F /K)/H. 18 / 40

Function Norm Map and in the the and Define N E/F : Pic ConE/F (m)(e/k) Pic m (F /K) by taking the norm of a representing divisor. Norms of elements of E Con E/F (m) are elements of F m, so this is well defined. Theorem. If E/F is finite abelian with modulus m then ker(a E/F ) = im(n E/F ). We say that E is a class field over F with modulus m that belongs to the subgroup H = im(n E/F ) = ker(a E/F ) of finite index of Pic m (F /K). 19 / 40

Function Existence of in the the and Theorem. 1. If H is any subgroup of Pic m (F /K) of finite index, then there is a class field E over F with modulus m that belongs to H, and E is uniquely determined up to F -isomorphism. 2. The degree of the exact constant field of E/K over K is equal to deg(h), the minimal positive degree of divisor classes in H. 20 / 40

Function in the the and There is an exact sequence of finitely generated abelian groups 0 K P We have: (O P /m v P(m) P ) Pic m (F /K) Pic(F /K) 0. Generators and relations can be computed for each object of the sequence other Pic m (F /K). Elements of each object can be represented in chosen generators. Images and preimages of the maps of the sequence can also be computed. Then generators and relations of Pic m (F /K) can be computed and elements of Pic m (F /K) can be represented in those generators. 21 / 40

Function in the the and Given H Pic m (F /K) the goal is to compute defining equations for the class field E over F of modulus m that belongs to H. Theorem. Suppose H 1, H 2 Pic m (F /K) with H 1 H 2 = H. If E 1 belongs to H 1 and E 2 belongs to H 2 then E = E 1 E 2 belongs to H. We can choose H 1 and H 2 such that the index of H 1 is coprime to char(f ) and the index of H 2 is a power of char(f ). 22 / 40

Function Coprime to Characteristic Case in the the and Theorem. Let F /F finite and E = EF. Then E is the class field over F with modulus m = Con F /F (m) that belongs to H = N 1 F /F (H). Suppose that the index of H is coprime to char(f ) and let n denote the exponent of Pic m (F /K)/H. Let F = F (µ n ). Theorem. Every abelian extension of F of exponent n is a Kummer extension, is thus obtained by adjoining n-th roots of suitable Kummer elements of F to F. This leads to a rather explicit representation of E. 23 / 40

Function Coprime to Characteristic Case in the the and Then it is known and can be done: Kummer elements f i can be computed for the class field G over F of modulus m that belongs to npic m (F /K), for example by an S-units computation in F. H is computed as a preimage of maps of abelian groups. E is the fixed field of G under A G/F (H ), the Kummer elements g j of E are accordingly computed as products of the f i using a generalised Tate-Lichtenbaum pairing. E /F is finite abelian with modulus m, and E is the fixed field of E under A E F (H). Defining equations for E can be computed via explicit Galois theory. 24 / 40

Function in the the and Power of Characteristic Case Theorem. Every abelian extension of F of exponent n, an m-th power of char(f ), is an Artin-Schreier-Witt extension, is thus obtained by adjoining the division points of A-S-W elements in W m (F ) under the A-S-W operator to F. This leads to a rather explicit but also rather involved representation of E. Let n be the exponent of Pic m (F /K)/H. Then it is known and can be done: A-S-W elements f i can be computed for the class field G over F of modulus m that belongs to npic m (F /K), for example by a Riemann-Roch computation in F. E is the fixed field of G under A G/F (H), the A-S-W elements g j of E are accordingly computed as sums of the f i using a pairing. 25 / 40

Function in the the and Construction of function fields with many rational places: A place P of F is fully split in E if and only if P H. Let h n,h = #Pic n (F /K)/φ m,n (H). The genus of E satisfies ( deg(h)(g E 1) = h m,h g F 1 + deg(m) ) 2 1 v P (m) h m kp,h deg(p). 2 P m k=1 Construction of Drinfeld modules: Is defined by coefficients which are elements of a specific class field. The coefficients satisfy various relations. Use those relations to solve for the coefficients over the class field. 26 / 40

Function in the the and and Third Part 27 / 40

Function in the the and Motivation Study zero sets of polynomial equations over various fields Example: {(x, y) K 2 x 2 + y 2 = 1} Over finite fields: Count solutions! Algebraic curves: Polynomial equations have one free variable, the other variables are algebraically dependent. We will again consider function fields F /F q over the exact constant field F q instead of curves. Write N d for the places of degree one of F /F q d. The zeta function of F /K is ( ) ζ F /K (t) = exp N d td d = P d=1 1 1 t deg(p) = D 0 t deg(d). 28 / 40

Function Frobenius Operation in the the and There is L F /K (t) Z[t] with deg(l F /K (t)) = 2g and ζ F /K (t) = L F /K (t) (1 t)(1 qt). This is called the L-polynomial of F /K. Moreover, there are Q l -vector spaces V l and Frob q,l Aut(V l ) such that L F /K (t) = det (id Frob q,l t V l ). 29 / 40

Function in the the and Computation of Possible applications: Cryptography Distribution of the eigenvalues of Frobenius... Complexity of l-adic methods: Exponential in g and polynomial in log(q), impractical for g 3. Complexity of p-adic methods: Mostly O (p 1 g 4 n 3 ) or O (p 1 g 5 n 3 ) with n = log p (q). Random q = 2, g = 350 hyperelliptic curve in 3 days. 30 / 40

Function in the the and Galois and Abelian Extensions Let E/F denote a finite Galois extension with Galois group G such that K is the exact constant field of E. The associated product formula for ζ E/K (t) is ζ E/K (t) = χ L(E/F, χ, t) χ(1), where χ runs over the irreducible characters of G and L(E/F, χ, t) will be defined later (for G abelian). Can the product be computed more efficiently for large g E? If E/F is abelian then E is a class field over F belonging to some H and the factors of the product can be described in terms of H! 31 / 40

Function in the the and Ray We have already met ray class groups. Here are some (more) properties. For a subgroup H of Pic m (F /K) of finite index there is a unique minimal f(h) m with Pic f(h) (F /K)/φ m,f(h) (H) = Pic m (F /K)/H. The divisor f(h) is the conductor of H. It is equal to the conductor of the class field E over F belonging to H. Pic m (F /K) = Pic 0 m(f /K) Z. #Pic 0 m(f /K) = #Pic0 (F /K) s i=1 (qdeg(p) 1)q deg(p)(v P(m) 1). q 1 32 / 40

Function in the the and Characters and A character χ modulo m is a homomorphism χ : Pic m (F /K) C of finite order. The conductor f(χ) of χ is f(ker(χ)). The character sum N d (χ) of degree d is N d (χ) = deg(p) χ([p]) d/ deg(p). deg(p) d,p f(χ) The L(χ, t) = L(E/F, χ, t) of χ with ker(χ) H is ( ) L(χ, t) = exp N d (χ) t d /d. d=1 We have ζ F /K (t) = L(χ, t) for χ = id. 33 / 40

Function in the the and Theorem. Assume ker(χ) Pic m (F /K). Then L(χ, t) = 2g 2+deg(f(χ)) i=1 (1 ω i (χ)t) with ω i (χ) = q 1/2 and ζ primitive ord(χ)-th root of unity, and L(χ, t) = ε(χ) q g 1+deg(f(χ))/2 t 2g 2+deg(f(χ)) L( χ, 1 qt ) with ε(χ) q deg(f(χ))/2 Z[ζ] and ε(χ) = 1. Furthermore, L E/K (t) ζ E/K (t) = (1 t)(1 qt) = L E/K (t) Pic m(f /K) ker(χ) H L(χ, t) (1 t)(1 qt) 34 / 40

Function in the the and one Let L(χ, t) = 2g 2+deg f(χ) i=0 a i t i with a i Z[ζ] and a 0 = 1. 1. The coefficients a 1,..., a m can be computed from N 1 (χ),..., N m (χ) by the definition of L(χ, t): ( m m ) L(χ, t) = a i t i exp N d (χ) t d /d mod t m+1. i=0 d=1 2. The character sums N 1 (χ),..., N m (χ) can be computed from their definition d/ deg(p) N d (χ) = deg(p) χ([p]) deg(p) d,p f(χ) by enumerating all places P up to degree m with P f(χ). 35 / 40

Function in the the and one 3. Compute characters χ modulo m with ker(χ) H: Use representations of Pic m (F /K), H and Pic m (F /K)/H in terms of generators and relations. Define χ on generators of Pic m (F /K)/H and pull back to Pic m (F /K). Compute ker(χ) H and f(χ) = f(ker(χ)). Write P in the generators of Pic f(χ) (F /K) to obtain χ([p]). 4. Due to the functional equation there is some redundancy between the coefficients of L(χ, t). As a consequence it often suffices to take m about half the degree of L(χ, t). Best to have a toolbox for finitely generated abelian groups and homomorphisms. Requires algorithms for structure computation of Pic m (F /K) and discrete logarithms in Pic m (F /K). 36 / 40

Function the Zeta function Need to choose one ζ for all χ on Pic m (C) with ker(χ) H. in the the and Compute L E/K (t) as product over all L E/K (t) = L F /K (t) Use some optimisations: Pic m(f /K) ker(χ) H L(χ, t). Let σ Gal(Q(ζ)/Q). Then L(σ χ, t) = L(χ, t) σ. Use Galois redundancy: Compute system of representatives R for Gal(Q(ζ)/Q)-orbits of (Pic m (F /K)/H). For each χ R compute L(χ, t) and derive L(σ χ, t) = L(χ, t) σ. Choose some epimorphism ψ : Z[ζ] Z/nZ with n large. Compute product over Z/nZ and reconstruct coefficients of L E/K (t) from Z/nZ to Z by choosing the representative of smallest absolute value. 37 / 40

Function Complexity In the following only very rough estimations. in the the and Input size: F /K, m, H polynomial in log(q), g, deg(m). Output size: g 2 E log(q). one : q 2(g+deg(f(χ))). Zeta function: product: g 2 E log(q). Galois redundancy gives big practical, but no asymptotic speed up. Depending on H have very roughly deg(m) g E q g+deg(m). So for small H asymptotically optimal! 38 / 40

Function in the the and Galois module structure of Pic 0 (E/K): Use to compute Stickelberger element in the group ring Z[G] Derive information about the structure of Pic 0 (E/K) via Stickelberger ideal and Kolyvagin derivative classes. Derive relations of conjugate elements in Pic 0 (E/K) under certain conditions. This is interesting since no equations for E/K and no expensive class group computation of Pic 0 (E/K) needs to be carried out. 39 / 40

Function in the the and Excercises 1. Show that there is an injective map of sets of Pic 0 (F /K) into the set of effective divisors of degree n, for any n n. 2. Show that Pic 0 (K(x)/K) = 0. 3. Show that Pic m (F /K) = Pic(F /K) if and only if m is a prime divisor of degree one. 4. Let φ : E 1 E 2 be a morphism of elliptic curves. Show that K(E 1 ) is a class field of φ (K(E 2 )) belonging to H = {(φ(p)) ( ) P E 1 (K)}. 5. If χ 1 is a character for F q (x)/f q then deg(f(χ)) 2. 6. Let F = F 7 (x, y) with y 2 = x 5 + 2x + 1. Compute the genus and number of rational places of the class field of F /K with modulus m = 2 + 3(x, y 1) and subgroup H generated by [(x, y + 1)] m. 40 / 40

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback