Computing the image of Galois

Similar documents
Torsion subgroups of rational elliptic curves over the compositum of all cubic fields

The Sato-Tate conjecture for abelian varieties

Elliptic Curves Spring 2015 Lecture #7 02/26/2015

Elliptic Curves Spring 2013 Problem Set #5 Due: 03/19/2013

MA 162B LECTURE NOTES: THURSDAY, FEBRUARY 26

Computing the endomorphism ring of an ordinary elliptic curve

Counting points on elliptic curves over F q

Tables of elliptic curves over number fields

15 Elliptic curves and Fermat s last theorem

Identifying supersingular elliptic curves

14 Ordinary and supersingular elliptic curves

THE NUMBER OF TWISTS WITH LARGE TORSION OF AN ELLITPIC CURVE

Mappings of elliptic curves

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

ELLIPTIC CURVES WITH ABELIAN DIVISION FIELDS

Isogeny invariance of the BSD conjecture

Elliptic Curves Spring 2015 Lecture #23 05/05/2015

Introduction to Elliptic Curves

Abstracts of papers. Amod Agashe

Cover Page. The handle holds various files of this Leiden University dissertation

NUNO FREITAS AND ALAIN KRAUS

The 8 th International Conference on Science and Mathematical Education in Developing Countries

Elliptic Curves with 2-torsion contained in the 3-torsion field

Galois Representations

HONDA-TATE THEOREM FOR ELLIPTIC CURVES

Maximal Class Numbers of CM Number Fields

TORSION AND TAMAGAWA NUMBERS

Independence of Heegner Points Joseph H. Silverman (Joint work with Michael Rosen)

THE TATE MODULE. Seminar: Elliptic curves and the Weil conjecture. Yassin Mousa. Z p

The Kummer Pairing. Alexander J. Barrios Purdue University. 12 September 2013

COMPLEX MULTIPLICATION: LECTURE 15

AVERAGE RECIPROCALS OF THE ORDER OF a MODULO n

Dip. Matem. & Fisica. Notations. Università Roma Tre. Fields of characteristics 0. 1 Z is the ring of integers. 2 Q is the field of rational numbers

Modular polynomials and isogeny volcanoes

Number Fields Generated by Torsion Points on Elliptic Curves

Computing modular polynomials with the Chinese Remainder Theorem

Galois Representations

26 Fermat s Last Theorem

Endomorphism algebras of semistable abelian varieties over Q of GL(2)-type

w d : Y 0 (N) Y 0 (N)

Introduction to Arithmetic Geometry

The Asymptotic Fermat Conjecture

Residual modular Galois representations: images and applications

Solving Cubic Equations: An Introduction to the Birch and Swinnerton-Dyer Conjecture

Non-generic attacks on elliptic curve DLPs

On the Distribution of Traces of Frobenius of Rational Elliptic Curves

Equations for Hilbert modular surfaces

Graduate Preliminary Examination

Elliptic curves and Hilbert s Tenth Problem

Elliptic Curves Spring 2013 Lecture #12 03/19/2013

Some algebraic number theory and the reciprocity map

Counting points on elliptic curves: Hasse s theorem and recent developments

Constructing genus 2 curves over finite fields

Explicit Complex Multiplication

On Partial Lifting and the Elliptic Curve Discrete Logarithm Problem

Modularity of Abelian Varieties

Class invariants by the CRT method

Cover Page. The handle holds various files of this Leiden University dissertation.

Pacific Journal of Mathematics

x mv = 1, v v M K IxI v = 1,

LARGE TORSION SUBGROUPS OF SPLIT JACOBIANS OF CURVES OF GENUS TWO OR THREE

CONGRUENT NUMBERS AND ELLIPTIC CURVES

CLASS FIELD THEORY AND COMPLEX MULTIPLICATION FOR ELLIPTIC CURVES

Frobenius Distributions

The Birch & Swinnerton-Dyer conjecture. Karl Rubin MSRI, January

1 The Galois Group of a Quadratic

The Arithmetic of Elliptic Curves

Computing the modular equation

REDUCTION OF ELLIPTIC CURVES OVER CERTAIN REAL QUADRATIC NUMBER FIELDS

Modern Number Theory: Rank of Elliptic Curves

IMAGES OF METABELIAN GALOIS REPRESENTATIONS ASSOCIATED TO ELLIPTIC CURVES

BSD and the Gross-Zagier Formula

GRE Subject test preparation Spring 2016 Topic: Abstract Algebra, Linear Algebra, Number Theory.

Heuristics for the growth of Mordell-Weil ranks in big extensions of number fields

Towards a precise Sato-Tate conjecture in genus 2

this to include the explicit maps, please do so!

Up to twist, there are only finitely many potentially p-ordinary abelian varieties over. conductor

M ath. Res. Lett. 15 (2008), no. 6, c International Press 2008

CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES. Reinier Bröker

On the evaluation of modular polynomials

1. Group Theory Permutations.

c ij x i x j c ij x i y j

A heuristic for abelian points on elliptic curves

THE JOHNS HOPKINS UNIVERSITY Faculty of Arts and Sciences FINAL EXAM - SPRING SESSION ADVANCED ALGEBRA II.

Titchmarsh divisor problem for abelian varieties of type I, II, III, and IV

FORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS

Higher genus curves and the inverse Galois problem

Elliptic Curves Spring 2019 Problem Set #7 Due: 04/08/2019

arxiv: v1 [math.nt] 31 Dec 2011

Arithmetic Progressions Over Quadratic Fields

The arithmetic of elliptic curves An update. Benedict H. Gross. In 1974, John Tate published The arithmetic of elliptic curves in

Genus 2 Curves of p-rank 1 via CM method

POTENTIAL PROBLEM DESCRIPTIONS

COMPLEX MULTIPLICATION: LECTURE 14

Elliptic Curves. Akhil Mathew (Department of Mathematics Drew UniversityElliptic MathCurves 155, Professor Alan Candiotti) 10 Dec.

Elliptic Curves, Group Schemes,

Computing Hilbert modular forms

FINITE GROUPS AND EQUATIONS OVER FINITE FIELDS A PROBLEM SET FOR ARIZONA WINTER SCHOOL 2016

Algebraic Geometry: Elliptic Curves and 2 Theorems

How many elliptic curves can have the same prime conductor? Alberta Number Theory Days, BIRS, 11 May Noam D. Elkies, Harvard University

Transcription:

Computing the image of Galois Andrew V. Sutherland Massachusetts Institute of Technology October 9, 2014 Andrew Sutherland (MIT) Computing the image of Galois 1 of 25

Elliptic curves Let E be an elliptic curve over Q, defined by an equation y 2 = x 3 + Ax + B, where A, B Z satisfy 4A 3 + 27B 2 0. The set of Q-rational points forms an abelian group E(Q). The group operation is given by the chord-and-tangent law: For any extension k/q, the group E(k) is defined similarly. Andrew Sutherland (MIT) Computing the image of Galois 2 of 25

Torsion subgroups Let m be a positive integer. Points P E(Q) for which are m-torsion points. mp = P + + P = 0 The set of m-torsion points form a subgroup E[m] Z/mZ Z/mZ. The field Q(E[m]) obtained by adjoining the coordinates of the m-torsion points is a finite Galois extension of Q. Example: Q(E[2]) is the splitting field of f (x) = x 3 + Ax + B. Andrew Sutherland (MIT) Computing the image of Galois 3 of 25

The action of Galois Consider the Galois group G = Gal(Q(E[m])/Q). G acts on the set E[m], since for σ G and P E[m]: 1. The point σp = (σx P, σy P ) is on the curve E. (apply σ to the curve equation: y 2 P = x 3 P + Ax P + B). 2. The point σp lies in E[m]. (apply σ to the m-division polynomial: ψ m (x P, y P ) = 0). 3. We have σ 1 (σ 2 P) = (σ 1 σ 2 )P and 1 G acts trivially. Moreover, each σ defines an automorphism of E[m]: 4. σ(p + Q) = σp + σq. (apply σ to the equations defining the group law). Andrew Sutherland (MIT) Computing the image of Galois 4 of 25

Galois images The action of Gal(Q(E[m]/Q) on E[m] induces a representation ρ E,m : Gal(Q(E[m])/Q) Aut(E[m]), known as the mod-m Galois representation attached to E. By identifying Aut(E[m]) with Aut(Z/mZ Z/mZ). we view the image of ρ E,m as a subgroup of GL 2 (Z/mZ). We are interested in computing this subgroup. We shall focus primarily on the case where m is a prime l. Andrew Sutherland (MIT) Computing the image of Galois 5 of 25

Complex multiplication An endomorphism of an elliptic curve E is a rational map from E to itself that is also a group homomorphism. Example: P np = P + + P. The set of endomorphisms forms a ring End(E) under point addition and composition. The multiplication-by-n maps form a subring isomorphic to Z. For E/Q we usually have End(E) Z, but for certain curves (13, up to isomorphism over Q) this is not true, in which case we say that E has complex multiplication (CM). We shall focus on elliptic curves without CM. Andrew Sutherland (MIT) Computing the image of Galois 6 of 25

Surjectivity For elliptic curves E without CM, ρ E,l is usually surjective (but if E has CM, then ρ E,l is never surjective for l > 2). Let k be a number field and let E be an elliptic curve over k. Theorem (Serre) If E does not have CM then im ρ E,l = GL 2 (Z/lZ) for all sufficiently large primes l. Conjecture For each number field k there is a uniform bound l max such that im ρ E,l = GL 2 (Z/lZ) for every E/k and every l > l max. For k = Q, it is widely believed that l max = 37. Andrew Sutherland (MIT) Computing the image of Galois 7 of 25

Non-surjectivity If E has a rational point of order l, then ρ E,l is not surjective. For E/Q this occurs for l 7 (Mazur). If E admits a rational l-isogeny, then ρ E,l is not surjective. For E/Q without CM, this occurs for l 17 and l = 37 (Mazur). But ρ E,l may be non-surjective even when E does not admit a rational l-isogeny. Even when E has a rational l-torsion point, this does not uniquely determine the image of ρ E,l. Classifying the possible images of ρ E,l that arise over Q may be viewed as a refinement of Mazur s theorems. One can consider the same question for any number field k, but we will focus on k = Q. Andrew Sutherland (MIT) Computing the image of Galois 8 of 25

Applications There are many practical and theoretical reasons for wanting to compute the image of ρ E,l, and for searching for elliptic curves with a particular mod-l or mod-m Galois image: Explicit BSD computations. Modularity lifting. Computing Lang-Trotter constants. The Koblitz-Zywina conjecture. Optimizing the elliptic curve factorization method (ECM). Local-global questions. Andrew Sutherland (MIT) Computing the image of Galois 9 of 25

Computing the image of Galois the hard way In principle, there is a very simple algorithm to compute the image of ρ E,l in GL 2 (Z/lZ) (up to conjugacy): 1. Construct the field L = Q(E[l]) as an (at most quadratic) extension of the splitting field of E s lth division polynomial. 2. Pick a basis (P, Q) for E[l] and determine the action of each element of Gal(L/Q) on P and Q. In practice this is computationally feasible only for very small l (say l 7); the degree of L is typically on the order of l 4. Indeed, this is substantially more difficult than just computing the Galois group, which is already a hard problem. We need something faster, especially if we want to compute lots of Galois images (which we do!). Andrew Sutherland (MIT) Computing the image of Galois 10 of 25

Main results A very fast algorithm to compute im ρ E,l up to isomorphism, (and usually up to conjugacy), for elliptic curves over number fields of low degree and moderate values of l (say l < 200). If ρ E,l is surjective, the algorithm proves this unconditionally. If not, its output is heuristically correct with very high probability (in principle, this can also be made unconditional). The current implementation handles elliptic curves over Q and quadratic extensions of Q, and all primes l < 100. The algorithm can also compute ρ E,m for composite m, and it generalizes to abelian varieties of higher dimension (but the computations are much more time consuming). Andrew Sutherland (MIT) Computing the image of Galois 11 of 25

Main results We have used the algorithm to compute the mod-l Galois image of every elliptic curve in the Cremona and Stein-Watkins databases for all primes l < 80. This includes about 140 million curves, including all curves of conductor 350, 000. The results have been incorporated into the LMFDB (http://lmfdb.org). We also analyzed more than 10 10 curves in various families. The result is a conjecturally complete classification of 63 non-surjective mod-l Galois images that can arise for an elliptic curve E/Q without CM. Andrew Sutherland (MIT) Computing the image of Galois 12 of 25

A probabilistic approach Let E p denote the reduction of E modulo a good prime p l. The action of the Frobenius endomorphism on E p [l] is given by (the conjugacy class of) an element A p,l im ρ E,l with tr A p,l a p mod l and det A p,l p mod l, where a p = p + 1 #E p (F p ) is the trace of Frobenius. By varying p, we can randomly sample im ρ E,l. The Čebotarev density theorem implies equidistribution. Andrew Sutherland (MIT) Computing the image of Galois 13 of 25

Example: l = 2 GL 2 (Z/2Z) S 3 has 6 subgroups in 4 conjugacy classes. For H GL 2 (Z/2Z), let t a (H) = #{A H : tr A = a}. Consider the trace frequencies t(h) = (t 0 (H), t 1 (H)): 1. For GL 2 (Z/2Z) we have t(h) = (4, 2). 2. The subgroup of order 3 has t(h) = (1, 2). 3. The 3 conjugate subgroups of order 2 have t(h) = (2, 0) 4. The trivial subgroup has t(h) = (1, 0). 1,2 are distinguished from 3,4 by a trace 1 element (easy). We can distinguish 1 from 2 by comparing frequencies (harder). We cannot distinguish 3 from 4 at all (impossible). Sampling traces does not give enough information! Andrew Sutherland (MIT) Computing the image of Galois 14 of 25

Using the fixed space of A p The l-torsion points fixed by the Frobenius endomorphism form the F p -rational subgroup E p [l](f p ) of E p [l]. Thus fix A p = ker(a p I) = E p [l](f p ) = E p (F p )[l] It is easy to compute E p (F p )[l], and this gives us information that cannot be derived from a p alone. We can now easily distinguish the subgroups of GL 2 (Z/2Z) by looking at pairs (a p, r p ), where r p is the rank of fix A p (0, 1, or 2). There are three possible pairs, (0, 2), (0, 1), and (1, 0). The subgroups of order 2 contain (0, 2) and (0, 1) but not (1, 0). The subgroup of order 3 contains (0, 2) and (1, 0) but not (0, 1). The trivial subgroup contains only (0, 2). Andrew Sutherland (MIT) Computing the image of Galois 15 of 25

Subgroup signatures The signature of a subgroup H of GL 2 (Z/lZ) is defined by s H = { ( det A, tr A, rk fix A ) : A H}. Note that s H is invariant under conjugation. Remarkably, s H determines the isomorphism class of H. Theorem Let l be a prime and let G and H be subgroups of GL 2 (Z/lZ) with surjective determinant maps. If s G = s H then G H. Andrew Sutherland (MIT) Computing the image of Galois 16 of 25

The subgroup lattice of GL 2 (Z/lZ) Our strategy is to determine im ρ E,l by identifying its location in the lattice of (conjugacy classes of) subgroups of GL 2 (Z/lZ). For any subgroup H GL 2 (Z/lZ), we say that a set of triples s is minimally covered by s H if we have s s H, and also s s G = s H s G for all subgroups G GL 2 (Z/lZ). If s is minimally covered by both s G and s H, then G H. Andrew Sutherland (MIT) Computing the image of Galois 17 of 25

The algorithm Given an elliptic curve E/Q, a prime l, and ɛ > 0, set s, k 0, and for each good prime p l: 1. Compute a p = p + 1 #E(F p ) and r p = rk(e(f p )[l]). 2. Set s s (p mod l, a p mod l, r p ) and increment k. 3. If s is minimally covered by s H, for some H GL 2 (Z/lZ), and if δh k < ɛ, then output H and terminate. Here δ H is the maximum over G H of the probability that the triple of a random A G lies in s H (zero if H = GL 2 (Z/lZ)). The values of s H and δ H are precomputed all H. Andrew Sutherland (MIT) Computing the image of Galois 18 of 25

Efficient implementation If ρ E,l is surjective, we expect the algorithm to terminate in O(log l) iterations, typically less than 10 for l < 100. Otherwise, if ɛ = 2 n we expect to need O(log l + n) iterations, typically less than 2n (we use n = 256). By precomputing the values a p and r p for every elliptic curve E/F p for all primes p up to, say, 2 16, the algorithm is essentially just a sequence of table-lookups, which makes it very fast. It takes just two minutes to analyze all 1,887,909 curves in Cremona s tables for all l < 80 (on a single core). Precomputing the s H and δ H is non-trivial, but this only ever needs to be done once for each prime l. Andrew Sutherland (MIT) Computing the image of Galois 19 of 25

Distinguishing conjugacy classes Among the non-surjective Galois images that arise with l < 80 for elliptic curves over Q without CM and conductor 300000, there are 45 distinct signatures. These correspond to 63 possible conjugacy classes. How can we determine which of these actually occur? Andrew Sutherland (MIT) Computing the image of Galois 20 of 25

Example: l = 3 In GL 2 (Z/3Z) the subgroups H 1 = ( 1 1 0 1 ), ( 1 0 0 2 ) and H2 = ( ) ( 1 1 0 1, 2 0 ) 0 1 both have signature {(1, 2, 1), (2, 0, 1), (1, 2, 2)}, and are isomorphic to S 3. Every element of H 1 and H 2 has 1 as an eigenvalue. In H 1 the 1-eigenspaces all coincide, but in H 2 they do not. H 1 corresponds to an elliptic curve with a rational point of order 3, whereas H 2 corresponds to an elliptic curve that has a rational point of order 3 locally everywhere, but not globally. Andrew Sutherland (MIT) Computing the image of Galois 21 of 25

Distinguishing conjugacy classes Let d H denote the least index of a subgroup of H that fixes a nonzero vector in (Z/lZ) 2. Then d H1 = 1, but d H2 = 2. For H = im ρ E,l, the quantity d H is the degree of the minimal extension L/Q over which E has an L-rational point of order l. This can be determined using the l-division polynomial. Using d H and s H we can determine the conjugacy class of H = im ρ E,l in all but one case that arises among the 45 signatures we have found. In this one case, we compute im ρ E,l the hard way (for just a few curves). It turns out that all 63 of the identified conjugacy classes do arise as the Galois image of an elliptic curve over Q. Andrew Sutherland (MIT) Computing the image of Galois 22 of 25

Non-surjective Galois images for E/Q w/o CM and conductor 300000. l GAP id index d H δ H a p N p type 1 #{E} #{j(e)} 2 1.1 6 1.50 no no C s yes 67231 21584 2.1 3 1.50 no no B yes 772463 292366 3.1 2 3.33 yes yes C ns yes 3652 706 3 2.1 24 1.25 no no C s no 1772 1183 4.2 12 2.17 yes no C s yes 3468 420 6.1 8 1.25 no no B no 38202 38202 6.1 8 2.25 no no B no 38202 38202 8.3 6 4.25 yes yes N(C s) yes 1394 222 12.4 4 2.38 yes no B yes 91594 19758 16.8 3 8.17 yes yes N(C ns) yes 3178 431 5 4.1 120 1.20 no no C s no 7 7 4.1 120 2.20 no no C s no 4 4 8.2 60 2.10 yes no C s yes 174 4 16.2 30 4.05 yes yes C s yes 26 6 16.6 30 8.25 yes yes N(C s) yes 40 4 20.3 24 4.38 no no B no 1158 1158 20.3 24 1.38 no no B no 1158 1158 20.3 24 4.38 no no B no 455 455 20.3 24 2.38 no no B no 455 455 32.11 15 8.33 yes yes N(C s) yes 288 27 40.12 12 4.25 yes no B yes 3657 511 40.12 12 2.25 yes no B yes 3657 511 48.5 10 24.33 yes yes N(C ns) yes 266 38 Andrew Sutherland (MIT) Computing the image of Galois 23 of 25

Non-surjective Galois images for E/Q w/o CM and conductor 300000. l GAP id index d H δ H a p N p type 1 #{E} #{j(e)} 5 80.30 6 4.42 yes yes B yes 2352 344 96.67 5 24.22 yes yes S 4 yes 844 80 7 18.3 112 6.25 yes no N(C s) no 2 1 36.12 56 12.33 yes no N(C s) yes 26 1 42.4 48 3.25 no no B no 18 18 42.4 48 6.25 no no B no 18 18 42.1 48 1.42 no no B no 66 66 42.1 48 6.42 no no B no 66 66 42.1 48 2.42 no no B no 29 29 42.1 48 3.42 no no B no 29 29 72.30 28 12.40 yes yes N(C s) yes 32 6 84.12 24 6.67 yes no B yes 76 6 84.7 24 2.44 yes no B yes 495 43 84.7 24 6.44 yes no B yes 495 43 96.62 21 48.36 yes yes N(C ns) yes 36 6 126.7 16 3.25 yes yes B no 143 143 126.7 16 6.25 yes yes B no 143 143 252.28 8 6.44 yes yes B yes 495 218 11 110.1 120 10.45 no no B no 1 1 110.1 120 5.45 no no B no 1 1 110.1 120 10.45 no no B no 1 1 110.1 120 5.45 no no B no 1 1 220.7 60 10.64 no no B yes 54 1 Andrew Sutherland (MIT) Computing the image of Galois 24 of 25

Non-surjective Galois images for E/Q w/o CM and conductor 300000. l GAP id index d H δ H a p N p type 1 #{E} #{j(e)} 220.7 60 10.64 no no B yes 54 1 240.51 55 120.41 yes yes N(C ns) yes 4 1 13 288.400 91 72.25 yes yes S 4 yes 20 2 468.29 56 12.38 yes yes B no 4 4 468.29 56 3.38 yes yes B no 4 4 468.29 56 12.38 yes yes B no 1 1 468.29 56 6.38 yes yes B no 1 1 624.155 42 12.67 yes no B yes 16 2 624.119 42 4.44 yes yes B yes 20 1 624.119 42 12.44 yes yes B yes 20 1 936.171 28 12.25 yes yes B yes 85 4 936.171 28 6.25 yes yes B yes 85 4 1872.576 14 12.46 yes yes B yes 192 16 17 1088.1674 72 8.38 yes yes B yes 12 1 1088.1674 72 16.38 yes yes B yes 12 1 37 15984 114 36.44 yes yes B yes 32 1 15984 114 12.44 yes yes B yes 32 1 Andrew Sutherland (MIT) Computing the image of Galois 25 of 25

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback