Computing L-series of geometrically hyperelliptic curves of genus three. David Harvey, Maike Massierer, Andrew V. Sutherland

Similar documents
Counting points on smooth plane quartics

Counting points on hyperelliptic curves

Equidistributions in arithmetic geometry

FINITE GROUPS AND EQUATIONS OVER FINITE FIELDS A PROBLEM SET FOR ARIZONA WINTER SCHOOL 2016

Point counting and real multiplication on K3 surfaces

Frobenius Distributions

The Sato-Tate conjecture for abelian varieties

Computing L-series coefficients of hyperelliptic curves

A survey of p-adic approaches to zeta functions (plus a new approach)

Counting Points on Curves using Monsky-Washnitzer Cohomology

Arithmetic applications of Prym varieties in low genus. Nils Bruin (Simon Fraser University), Tübingen, September 28, 2018

Counting Points on Curves of the Form y m 1 = c 1x n 1 + c 2x n 2 y m 2

Coleman Integration in Larger Characteristic

Constructing genus 2 curves over finite fields

Counting points on curves: the general case

Coleman Integration in Larger Characteristic

Introduction to Arithmetic Geometry

AMICABLE PAIRS AND ALIQUOT CYCLES FOR ELLIPTIC CURVES OVER NUMBER FIELDS

Numerical computation of endomorphism rings of Jacobians

Class polynomials for abelian surfaces

Non-generic attacks on elliptic curve DLPs

LECTURE 2 FRANZ LEMMERMEYER

Higher Hasse Witt matrices. Masha Vlasenko. June 1, 2016 UAM Poznań

Optimal curves of genus 1, 2 and 3

Arithmetic Mirror Symmetry

L-Polynomials of Curves over Finite Fields

Hyperelliptic curves

Newman s Conjecture for function field L-functions

Class numbers of algebraic function fields, or Jacobians of curves over finite fields

Rational Points on Curves in Practice. Michael Stoll Universität Bayreuth Journées Algophantiennes Bordelaises Université de Bordeaux June 8, 2017

Towards a precise Sato-Tate conjecture in genus 2

Fast arithmetic and pairing evaluation on genus 2 curves

On the evaluation of modular polynomials

Identifying supersingular elliptic curves

Transcendental Brauer elements and descent. elliptic surfaces. Bianca Viray (Brown University)

Genus 2 Curves of p-rank 1 via CM method

Output-sensitive algorithms for sumset and sparse polynomial multiplication

Cover and Decomposition Index Calculus on Elliptic Curves made practical

Counting points on genus 2 curves over finite

Isogeny graphs, modular polynomials, and point counting for higher genus curves

Alternative Models: Infrastructure

Addition in the Jacobian of non-hyperelliptic genus 3 curves and rationality of the intersection points of a line with a plane quartic

A p-adic Birch and Swinnerton-Dyer conjecture for modular abelian varieties

Deterministic factorization of sums and differences of powers

On symmetric square values of quadratic polynomials

Igusa Class Polynomials

arxiv: v1 [math.nt] 31 Dec 2011

GENERATION OF RANDOM PICARD CURVES FOR CRYPTOGRAPHY. 1. Introduction

On elliptic curves in characteristic 2 with wild additive reduction

Computing zeta functions of nondegenerate toric hypersurfaces

Elliptic Curves Spring 2013 Lecture #8 03/05/2013

The functional equation for L-functions of hyperelliptic curves. Michel Börner

Outline. Criteria of good signal sets. Interleaved structure. The main results. Applications of our results. Current work.

Algorithmic Number Theory in Function Fields

Section 6.6 Evaluating Polynomial Functions

Constructing Abelian Varieties for Pairing-Based Cryptography

Igusa Class Polynomials

Integer factorization, part 1: the Q sieve. D. J. Bernstein

INTEGRAL POINTS ON VARIABLE SEPARATED CURVES

A Few Elementary Properties of Polynomials. Adeel Khan June 21, 2006

Computations with Coleman integrals

Experience in Factoring Large Integers Using Quadratic Sieve

6.S897 Algebra and Computation February 27, Lecture 6

Counting points on elliptic curves over F q

Basic Algorithms in Number Theory

Hypersurfaces and the Weil conjectures

Explicit isogenies and the Discrete Logarithm Problem in genus three

Public-key Cryptography: Theory and Practice

Explicit Kummer Varieties for Hyperelliptic Curves of Genus 3

Computing Bernoulli numbers

Identify polynomial functions

2-4 Zeros of Polynomial Functions

Constructing Families of Pairing-Friendly Elliptic Curves

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

Section Properties of Rational Expressions

LECTURE 7, WEDNESDAY

Metacommutation of Hurwitz primes

x = x y and y = x + y.

CS 829 Polynomial systems: geometry and algorithms Lecture 3: Euclid, resultant and 2 2 systems Éric Schost

TOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS. 1. Introduction

Chapter 3-1 Polynomials

Fast Polynomial Multiplication

Class invariants for quartic CM-fields

Chapter 6: Rational Expr., Eq., and Functions Lecture notes Math 1010

Number of points on a family of curves over a finite field

Twists of elliptic curves of rank at least four

Class invariants by the CRT method

Hyperelliptic-curve cryptography. D. J. Bernstein University of Illinois at Chicago

AUTOMORPHISMS OF THE AFFINE LINE OVER NON-REDUCED RINGS

Polynomial Selection Using Lattices

VARIETIES WITHOUT EXTRA AUTOMORPHISMS I: CURVES BJORN POONEN

Computing zeta functions of certain varieties in larger characteristic

Linear recurrences with polynomial coefficients and application to integer factorization and Cartier-Manin operator

Factoring Polynomials with Rational Coecients. Kenneth Giuliani

Elliptic and Hyperelliptic Curve Cryptography

Final Exam A Name. 20 i C) Solve the equation by factoring. 4) x2 = x + 30 A) {-5, 6} B) {5, 6} C) {1, 30} D) {-5, -6} -9 ± i 3 14

A POSITIVE PROPORTION OF THUE EQUATIONS FAIL THE INTEGRAL HASSE PRINCIPLE

HASSE-MINKOWSKI THEOREM

Scalar multiplication in compressed coordinates in the trace-zero subgroup

Improving the Berlekamp algorithm for binomials x n a

Transcription:

Computing L-series of geometrically hyperelliptic curves of genus three David Harvey, Maike Massierer, Andrew V. Sutherland

The zeta function Let C/Q be a smooth projective curve of genus 3 p be a prime of good reduction C p be the reduction of C modulo p Z p (T ) = exp ( k=1 ) #C p (F p k) T k = k L p (T ) (1 T )(1 pt ) L p (T ) = 1+a 1 T +a 2 T 2 +a 3 T 3 +pa 2 T 4 +p 2 a 1 T 5 +p 3 T 6 Z[T ] Goal: Given a curve C and a bound N, compute L p (T ) for all p < N of good reduction. 2 / 16

The zeta function Let C/Q be a smooth projective curve of genus 3 p be a prime of good reduction C p be the reduction of C modulo p Z p (T ) = exp ( k=1 ) #C p (F p k) T k = k L p (T ) (1 T )(1 pt ) L p (T ) = 1+a 1 T +a 2 T 2 +a 3 T 3 +pa 2 T 4 +p 2 a 1 T 5 +p 3 T 6 Z[T ] Goal: Given a curve C and a bound N, compute L p (T ) for all p < N of good reduction. 2 / 16

Motivation Collecting data for the Sato Tate conjecture [it s okay to leave out a few primes] Computing the first N terms of the L-series L(C, s) = p L p (p s ) 1 = n 1 c n n s [also need L p (T ) at primes of bad reduction] 3 / 16

Motivation Collecting data for the Sato Tate conjecture [it s okay to leave out a few primes] Computing the first N terms of the L-series L(C, s) = p L p (p s ) 1 = n 1 c n n s [also need L p (T ) at primes of bad reduction] 3 / 16

Curves of genus 3 over Q 1. Geometrically hyperelliptic [double cover of a conic] g(x, y) = 0, w 2 = f(x, y) f, g Z[x, y], deg(g) = 2, deg(f) = 4 [this work] If the conic has a rational point: ordinary hyperelliptic y 2 = h(x) h Z[x], deg(h) = 7, 8 [Harvey, Sutherland (2014, 2016)] 2. Smooth plane quartic [Harvey, Sutherland (in progress)] 4 / 16

Curves of genus 3 over Q 1. Geometrically hyperelliptic [double cover of a conic] g(x, y) = 0, w 2 = f(x, y) f, g Z[x, y], deg(g) = 2, deg(f) = 4 [this work] If the conic has a rational point: ordinary hyperelliptic y 2 = h(x) h Z[x], deg(h) = 7, 8 [Harvey, Sutherland (2014, 2016)] 2. Smooth plane quartic [Harvey, Sutherland (in progress)] 4 / 16

Curves of genus 3 over Q 1. Geometrically hyperelliptic [double cover of a conic] g(x, y) = 0, w 2 = f(x, y) f, g Z[x, y], deg(g) = 2, deg(f) = 4 [this work] If the conic has a rational point: ordinary hyperelliptic y 2 = h(x) h Z[x], deg(h) = 7, 8 [Harvey, Sutherland (2014, 2016)] 2. Smooth plane quartic [Harvey, Sutherland (in progress)] 4 / 16

Example Ordinary hyperelliptic curve: y 2 = 2x 8 2x 7 +3x 6 2x 5 4x 4 +2x 3 +2x+2 Double cover of a pointless conic: 0 = x 2 + y 2 + 1 w 2 = x 4 2x 2 y 2 2y 4 x 3 2x 2 y xy 2 y 3 x 2 xy y 2 + x + 1 5 / 16

Theorem There exists an explicit deterministic algorithm with Input: f, g, N Output: L p (T ) for good p < N Running time: N log 3+o(1) N bit operations [ignoring dependence on size of coefficients of f, g] Average time per prime: log 4+o(1) N Theoretical result: Harvey (2015) Practical algorithm: this work [not quite polytime, but the polytime part dominates] [this approach is global: we treat all p simultaneously] [one p at a time: get ordinary hyperelliptic model] 6 / 16

Theorem There exists an explicit deterministic algorithm with Input: f, g, N Output: L p (T ) for good p < N Running time: N log 3+o(1) N bit operations [ignoring dependence on size of coefficients of f, g] Average time per prime: log 4+o(1) N Theoretical result: Harvey (2015) Practical algorithm: this work [not quite polytime, but the polytime part dominates] [this approach is global: we treat all p simultaneously] [one p at a time: get ordinary hyperelliptic model] 6 / 16

Theorem There exists an explicit deterministic algorithm with Input: f, g, N Output: L p (T ) for good p < N Running time: N log 3+o(1) N bit operations [ignoring dependence on size of coefficients of f, g] Average time per prime: log 4+o(1) N Theoretical result: Harvey (2015) Practical algorithm: this work [not quite polytime, but the polytime part dominates] [this approach is global: we treat all p simultaneously] [one p at a time: get ordinary hyperelliptic model] 6 / 16

Overview of the algorithm 1. Compute model C : y 2 = h(x) over quadratic extension K of Q 2. Compute Hasse Witt matrices of C p where p p, for all p < N simultaneously [accumulating remainder tree algorithm] 3. Compute L p (T ) mod p (split prime) or L p (T )L p ( T ) mod p (inert prime) for each p < N [reversed characteristic polynomial] 4. Lift to L p (T ) Z[T ] for each p < N [baby step giant step in Jacobian] 7 / 16

Hyperelliptic model Given: C : w 2 = f(x, y), g(x, y) = 0 over Z [deg 4] [deg 2] Denote by Q the conic g = 0 Compute: Quadratic field K and hyperelliptic model for C = C Q K [base change of C to K] : Let K = Q( D) s.t. P Q(K) Parametrize Q w.r.t. P Plug parametrization into w 2 = f(x, y) Obtain C : y 2 = h(x), h O K [x], deg(h) = 8 [after multiplying by denominators, possibly applying birational transformation; enforce technical conditions] 8 / 16

Example Double cover of a pointless conic: 0 = x 2 + y 2 + 1 w 2 = x 4 2x 2 y 2 2y 4 x 3 2x 2 y xy 2 y 3 x 2 xy y 2 + x + 1 Parametrization over K = Q(i) [D = 1]: y 2 = (3 2i)x 8 + (2 4i)x 7 + ( 4 4i)x 6 + (2 4i)x 5 + 2x 4 + ( 2 4i)x 3 + ( 4 + 4i)x 2 + ( 2 4i)x + (3 + 2i) 9 / 16

Hasse Witt matrices Given: C : y 2 = h(x) over O K, h(x) = 8 i=0 h ix i For odd unramified p < N, let p p prime ideal of K. Compute: Hasse Witt matrix of C at p: W p (O K /p) 3 3, (W p ) i,j = h (p 1)/2 pi j mod p Proposition: It is enough to compute the first rows of the three Hasse Witt matrices associated to three translates y 2 = h(x + β) of the curve. [solve a 9 9 linear system] 10 / 16

Hasse Witt matrices Given: C : y 2 = h(x) over O K, h(x) = 8 i=0 h ix i For odd unramified p < N, let p p prime ideal of K. Compute: Hasse Witt matrix of C at p: W p (O K /p) 3 3, (W p ) i,j = h (p 1)/2 pi j mod p Proposition: It is enough to compute the first rows of the three Hasse Witt matrices associated to three translates y 2 = h(x + β) of the curve. [solve a 9 9 linear system] 10 / 16

Recurrence for first row Compute: ( h (p 1)/2 p 1 ), h (p 1)/2, h (p 1)/2 mod p p 2 p 3 [reduce mod p to get first row of Hasse Witt matrix] ( ) Let v k =,..., h (p 1)/2 (O K ) 8 h (p 1)/2 k 7 k Derive recurrence v k = 1 2kh 0 v k 1 M k mod p for M k (O K ) 8 8 [Bostan, Gaudry, Schost (2007)] Proposition: The first row can be easily computed from v 0 M 1 M p 1 mod p Evaluate product using accumulating remainder tree algorithm [Costa, Gerbicz, Harvey (2014)] 11 / 16

Recurrence for first row Compute: ( h (p 1)/2 p 1 ), h (p 1)/2, h (p 1)/2 mod p p 2 p 3 [reduce mod p to get first row of Hasse Witt matrix] ( ) Let v k =,..., h (p 1)/2 (O K ) 8 h (p 1)/2 k 7 k Derive recurrence v k = 1 2kh 0 v k 1 M k mod p for M k (O K ) 8 8 [Bostan, Gaudry, Schost (2007)] Proposition: The first row can be easily computed from v 0 M 1 M p 1 mod p Evaluate product using accumulating remainder tree algorithm [Costa, Gerbicz, Harvey (2014)] 11 / 16

Recurrence for first row Compute: ( h (p 1)/2 p 1 ), h (p 1)/2, h (p 1)/2 mod p p 2 p 3 [reduce mod p to get first row of Hasse Witt matrix] ( ) Let v k =,..., h (p 1)/2 (O K ) 8 h (p 1)/2 k 7 k Derive recurrence v k = 1 2kh 0 v k 1 M k mod p for M k (O K ) 8 8 [Bostan, Gaudry, Schost (2007)] Proposition: The first row can be easily computed from v 0 M 1 M p 1 mod p Evaluate product using accumulating remainder tree algorithm [Costa, Gerbicz, Harvey (2014)] 11 / 16

L-polynomials modulo p Given: Hasse Witt matrix W p for p p, p < N Let L p be the L-polynomial of C at p. Compute: p split: C p = C p over O K /p = F p L p(t ) = det(i T W p ) mod p determines L p (T ) mod p p inert: O K /p = F p 2 L p(t ) = det(i T W p W (p) p ) mod p determines L p (T )L p ( T ) = L p(t 2 ) mod p [we lost information when passing from C to C : we computed the zeta function of C p over F p 2] 12 / 16

Lifting Given: L p (T ) mod p or L p (T )L p ( T ) mod p Compute: L p (T ) Z[T ] [recall: L p (T ) = 1+a 1 T +a 2 T 2 +a 3 T 3 +pa 2 T 4 +p 2 a 1 T 5 +p 3 T 6 ] Compute model C p : y 2 = h(x) over F p Use Weil bounds on coefficients of L p (T ): a 1 6p 1/2, a 2 15p, a 3 20p 3/2 Use # Jac(C p )(F p ) = L p (1) # Jac( C p )(F p ) = L p ( 1) [quadratic twist] Las Vegas algorithm to compute the order of Jac(C p )(F p ) and Jac( C p )(F p ) [compute orders of elements via baby step giant step] Time p 1/4+o(1) [but negligible in practice] 13 / 16

Lifting Given: L p (T ) mod p or L p (T )L p ( T ) mod p Compute: L p (T ) Z[T ] [recall: L p (T ) = 1+a 1 T +a 2 T 2 +a 3 T 3 +pa 2 T 4 +p 2 a 1 T 5 +p 3 T 6 ] Compute model C p : y 2 = h(x) over F p Use Weil bounds on coefficients of L p (T ): a 1 6p 1/2, a 2 15p, a 3 20p 3/2 Use # Jac(C p )(F p ) = L p (1) # Jac( C p )(F p ) = L p ( 1) [quadratic twist] Las Vegas algorithm to compute the order of Jac(C p )(F p ) and Jac( C p )(F p ) [compute orders of elements via baby step giant step] Time p 1/4+o(1) [but negligible in practice] 13 / 16

Lifting Given: L p (T ) mod p or L p (T )L p ( T ) mod p Compute: L p (T ) Z[T ] [recall: L p (T ) = 1+a 1 T +a 2 T 2 +a 3 T 3 +pa 2 T 4 +p 2 a 1 T 5 +p 3 T 6 ] Compute model C p : y 2 = h(x) over F p Use Weil bounds on coefficients of L p (T ): a 1 6p 1/2, a 2 15p, a 3 20p 3/2 Use # Jac(C p )(F p ) = L p (1) # Jac( C p )(F p ) = L p ( 1) [quadratic twist] Las Vegas algorithm to compute the order of Jac(C p )(F p ) and Jac( C p )(F p ) [compute orders of elements via baby step giant step] Time p 1/4+o(1) [but negligible in practice] 13 / 16

Implementation Practical considerations [Running time is dominated by remainder trees] Specialized implementation of FFT-based multiplication for matrix-matrix and matrix-vector multiplications over O K = Z[α] [Extremely memory intensive] Remainder tree remainder forest [saves log N factor space, constant factor time] Implementation setting Based on ordinary hyperelliptic case In C, using GMP and FFT library Single core 2.5 GHz [tricky to parallelize] Server with 1088 GB RAM 14 / 16

Implementation Practical considerations [Running time is dominated by remainder trees] Specialized implementation of FFT-based multiplication for matrix-matrix and matrix-vector multiplications over O K = Z[α] [Extremely memory intensive] Remainder tree remainder forest [saves log N factor space, constant factor time] Implementation setting Based on ordinary hyperelliptic case In C, using GMP and FFT library Single core 2.5 GHz [tricky to parallelize] Server with 1088 GB RAM 14 / 16

Implementation results for N = 2 30 ordinary hyperelliptic cover of a pointless conic new algorithm time 8 days 23 days space 288 GB 480 GB lift 13 hours 20 hours hypellfrob time 3 years hypellfrob: one prime at a time with previously best algorithm [Harvey (2007)] 15 / 16

Sato Tate histograms We get the generic distribution for USp(6): [http://math.mit.edu/~drew/ants12histograms.html] This is as expected, but we are curious to see which distributions we might obtain for other curves. Thank you! 16 / 16

Sato Tate histograms We get the generic distribution for USp(6): [http://math.mit.edu/~drew/ants12histograms.html] This is as expected, but we are curious to see which distributions we might obtain for other curves. Thank you! 16 / 16

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback